[OPLIN 4cast] OPLIN 4cast #490: Old guards and new guards

Wed May 18 10:30:10 EDT 2016

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #490: Old guards and new guards
May 18th, 2016

[image: stethoscope] A couple of weeks ago, we got a glimpse inside the
anti-malware/antivirus (AV) industry, when Google announced a change to the
user policies for VirusTotal, an online service owned by Google that checks
suspicious files against a malware database. VirusTotal is supposed to be a
collaboration of antivirus companies, but Google is now limiting access to
only those companies who contribute to the database. This sounds entirely
reasonable, but the change has stirred up tensions between the traditional
anti-malware industry and the next-gen anti-malware companies and given us
an enlightening look inside the computer security business.
- Infosec freeloaders not welcome as malware silo VirusTotal gets tough
<http://www.theregister.co.uk/2016/05/09/security_freeloaders_not_welcome_as_virustotal_gets_tough/>
(The Register | Iain Thomson) "For the past 12 years, researchers have been
feeding samples of software nasties into VirusTotal, allowing antivirus
engines to check they can detect malicious code. But the site has seen an
increasing number of security startups have been using the VirusTotal data
without giving back. Now Google, and other contributors, have had enough
and have changed the terms and conditions of the website. Put simply, if
you don't share samples, you can find your own malware elsewhere."
- VirusTotal policy change rocks anti-malware industry
<http://www.securityweek.com/virustotal-policy-change-rocks-anti-malware-industry>
(Security Week | Kevin Townsend) "If a submitted file is found to be
malicious, details are circulated to all subscribing companies - and in
this sense it is an early and effective threat sharing mechanism. But the
check is primarily against signature engines, which we know are only part
of traditional anti-malware. Taken in isolation, the effect of the test is
misleading. Indeed, VT has always said precisely this. Nevertheless, over
the last few years some parts of the next-gen anti-malware industry have
not hesitated to use VT results to suggest that the traditional industry is
failing its customers."
- VirusTotal policy changes spark outrage among newer tech startups
<http://www.scmagazineuk.com/virustotal-policy-changes-spark-outrage-among-newer-tech-startups/article/495965/>
(SC Magazine | Max Metzger) "The database works on a reciprocal
relationship, based on contributions from the community of intelligence
gathered from AV engines and files discovered in the wild. Companies that
don't use those engines, it appears, cannot contribute and, as of the
beginning of this month, cannot access the database. As it happens, this
locks out many newer cyber-security companies who eschew AV engines. The
policy changes have set many, often start ups, against the move. Critics
say this is a cynical tactic employed by the old guard of the industry to
hobble the new."
- Software security suffers as upstarts lose access to virus data
<http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4>
(Reuters | Joseph Menn) "VirusTotal gets about 400,000 submissions of
potentially dangerous files daily, mostly from old-guard antivirus
companies like Symantec Corp, Intel Corp and Trend Micro Inc which sit on
the most machines. 'It was never meant to enable new companies to use it as
a shortcut by silently relying on, and benefitting from, the service
without a corresponding investment,' said Trend Micro Chief Technology
Officer Raimund Genes, one of many old-line tech executives who pushed for
the shift. [Andreas] Marx of AV-TEST said that some newer companies
secretly relied on data supplied by older companies while marketing
themselves as a cut above the older technology."

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - 'Your PC may be infected!' Inside the shady world of antivirus
   telemarketing.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=108399605>
   (*PC World*, July 2015, p.40-46 | Jeremy Kirk)
   - Into the first league: The competitive advantage of the antivirus
   industry in the Czech Republic and Slovakia.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=97936287>
   (*Competition & Change*, Oct.2014, p.421-437 | Miroslav Beblavý and
   Lucia Mýtna Kureková)
   - Could cloud hold the key to the next generation of security systems?
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=85668649>
   (*Computer Weekly*, 1/8/2013, p.6-7 | Warwick Ashford)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://mail.oplin.org/mailman/listinfo/OPLIN4cast.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20160518/658d89cc/attachment.html>