virustotal api policy changes to curb one sided usage

May 6, 2016 | Security

Virustotal is a webapp that lets you upload files to check them for viruses before you install them. You can also scan a URL directly or search the VirusTotal database. The great thing about virustotal is that it checks the uploaded file against many commercial antivirus and malware detection engines not just one, and then it tells you which ones detected the file as malware.  Consequently lots of people, companies, websites, & tools have started to make use of this amazing tool to bolster their virus and malware detecting capabilities. If, for example, multiple high rated engines detect a file as suspect, then we can be certain it requires a further inspection.

The Issue at hand is that many companies have taken this service as granted. They use the results provided by virustotal as is or with little to no face checking and due diligence on their part. In some cases their own detection engines are so lack luster that it is actually better for everyone involved that they don’t bother. However this does cause a bit of an issue as this is rather unfair. Some companies and products are basically taking whats put on virustotal by other providers, checking results against those but not putting their own engines on virustotal so no one can benefit from that extra bit of checking. Dont get me wrong, every one of these product pays for a Virustotal API access subscription, but that subscription relies on a lot of great people and companies making their engines available to VT , which in turn improves the results and detection overall for the average Joe like me.

Virus total has now changed their policy to make some issues clearer and to make some things mandatory.

  • Virustotal is not a replacement for a proper antivirus.
  • Virustotal isnt intended to be a proper replacement for a full on AV product, as it doesnt have a full on Antivirus environment just the basic detection engine, hence it shouldn’t be used to rank or rate AV products of their engines.
  • Dont use third party names in your product without talking to and getting permission from the third parties, such as the engine developers etc who provide the results for virtustotal.
  • Dont use virustotal logo, name, or trademark anywhere without virustotal’s prior permission.

Biggest change that will certainly sink a few products out there :

  • all scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services.
  • Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO)

Simply put, ALL scanning companies and end point makers will not be forced to put up their detection scanners and engines for VT to be put on their public interface, i.e. the interface you and I use, before these scanning companies can use Virustotal API. These companies cant just take everyone’s hard work and build multi million dollar companies on top of that. they have to contribute to this community effort before they can benefit from it.

Any new players on the scene will have to be vetted and certified by a governing body, in this case that would be the Anti Malware testing standards organization (AMTSO). In theory this makes it so there are some standards to be maintained.

Time shall tell how well this change works out for everyone and We shall see!


Pin It on Pinterest

Share This

Share this post with your friends!