Vendors cautiously optimistic over Google buying VirusTotal

Google expected to improve quality and power of the small company's tools, but sharing of virus samples across vendors a concern

While optimistic over Google's acquisition of VirusTotal, antivirus vendors were concerned Monday over whether any changes would be made in the way VirusTotal collects and shares malware samples among dozens of vendors.

VirusTotal uses the antivirus engines of more than 40 organizations to provide a Web service for scanning URLs or personal files for malware. In return, discovered malware samples are shared among members of the VirusTotal community.

The Spanish company, launched in 2004, announced the Google acquisition on Friday.

While VirusTotal will continue to operate independently, using Google's massive infrastructure is expected to greatly improve the quality and power of the smaller company's tools.

"Google's infrastructure will ensure that our tools are always ready, right when you need them," VirusTotal said in a blog post.

Antivirus vendors agreed that Google's backing would make a much better service for the industry. "Google's massive infrastructure is much more stable than the existing stand-alone VirusTotal infrastructure and we believe it will be a much more reliable source and so a benefit for the industry as a whole," Trend Micro chief Eva Chen said in a blog post

[See also: Timeline - A decade of malware]

Others were concerned over changes Google could decide to make. Pedro Bustamante Lopez-Chicheri, senior research adviser at Panda Security, said Google could make changes to the backend systems used to retrieve samples and to the access terms.

In addition, Bustamante hoped that Google would continue with VirusTotal's policy of neutrality. The concern here is whether Google would use data from VirusTotal in its commercial services. Under VirusTotal's terms of use, no member is allowed to benefit commercially from the company's data.

"[VirusTotal's] crew is made up of top notch and very ethical people and if they continue running the service, I can only see [the company] improving much more thanks to Google's resources," Bustamante said.

Chester Wisniewski, a senior security adviser at Sophos, said he was also taking a wait-and-see approach, while expecting improvements in VirusTotal's service. "Like the rest of the industry, we expect it will strengthen our partnership with Google," he said.

Google has not said how it plans to use VirusTotal. Industry observers say the search giant could incorporate the service in the Chrome browser or use the technology in Bouncer, an automated system that Google uses to scan for malware in its Android app store, called Google Play.

The only hint of Google's plans was in a Twitter posting by Justin Schuh, a Chrome security engineer at Google. "Here's a little secret. Having a huge index of suspected and confirmed malware is really handy for protecting hundreds of millions of users," he tweeted

On Monday, Google told CSO Online that its infrastructure would be available to VirusTotal. "We're delighted to be able to provide them with the infrastructure they need to ensure that their service continues to improve," the company said.

Despite other security-related purchases, Google has shown no interest to date in launching standalone products. In 2007, Google paid $625 million for Postini and integrated its security and archiving capabilities into Google Apps. Google dropped the Postini brand this year.

Among the biggest security headaches Google faces is with its Android operating system for smartphones and tablets. The OS has become a favorite target of cybercriminals, because anyone can launch a marketplace for selling Android apps, providing lots of stores where hackers can try to hide malware.

Copyright © 2012 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.