Full Disclosure mailing list archives
Re: Automat? Was (Re: new virus: )
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 21 Sep 2003 06:00:39 +1200
"B.K. DeLong" <bkdelong () pobox com> wrote:
This is absolutely INSANE. I've got AVs picking up Automat.AHB, Gibe.F and Swen.A - all for the same virus. ...
It would have helped if you had said what product reported which "name" _AND_ given the full report in its proper context as that may help those of us who know better to eliminate one (or more, though not in this case) of the reports as a loose heuristic or generic detection/ report (read "wild guess") rather than the product actually meaning "we detected something that is well-known and has an agreed name of...".
... Why can't we get some standardization here? This is getting ridiculous.
Hey -- by typical AV industry standards, that is _good_!!! Really! consider yourself lucky you are not dealing with five to eight different names (though you didn't say how many scanners you tested, so perhaps the "problem" is that not did not test enough different products... 8-) ). ... The particulars of the following do not matter, but I have essentially just had what may as well count as "official confirmation" from several of the really large AV companies that their "official" (though not publicly stated) position on attempting to attain naming consistency at, during and soon (2 - 8 weeks) after a widely publicized incident such as this is "we really do not give a shit". The only possible way I see this being changed (and believe me, I have been interested in getting this "fixed" for much longer than just about anyone) is for you, the consumers of AV products, to "convince" those large AV developers that if they don't start giving a shit you will move allegiance (== money) to other products (although, given they're all about as bad as each other in this regard, finding a product on a good "moral high ground" from which to leverage some pressure against the rest of the products may be tricky!). At a minimum, bitch and whine long and hard each time something like this wastes some of your valuable time. In fact, a coordimated effort of precisely this nature may be the best way forward -- if your three scanners (say!) collectively waste seventeen minutes of your time while you do the work to ensure that the three different names they report from different places in the company actually all refer to the same thing, ring your product support rep or sales rep and ensure you spend at least as long explaining why their not giving a shit costs your company money and other valuable resources. Repeat for each product. Such a user initiated DoS of their support centres (a major cost factor for large AVs) and their sales staff (preventing them spending their time bringing in new sales) will quickly far outweigh the US$100,000 to $200,000 per annum it would cost the industry as a whole to address and fix this "problem". -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: new virus: (fwd) Ron Clark (Sep 19)
- <Possible follow-ups>
- Re: new virus: (fwd) Ron Clark (Sep 19)
- Automat? Was (Re: new virus: ) disclosure (Sep 19)
- Re: Automat? Was (Re: new virus: ) disclosure (Sep 19)
- Re: Automat? Was (Re: new virus: ) B.K. DeLong (Sep 19)
- Re: Automat? Was (Re: new virus: ) Nick FitzGerald (Sep 20)
- Automat? Was (Re: new virus: ) disclosure (Sep 19)
- Re: new virus: (fwd) Exibar (Sep 19)
- Re: new virus: (fwd) morning_wood (Sep 20)
- SV: new virus: (fwd) Peter Kruse (Sep 20)
- RE: new virus: (fwd) Steve Wray (Sep 20)
- Re: SV: new virus: (fwd) Rocco Stanzione (Sep 20)
- Re: new virus: (fwd) Paul Schmehl (Sep 20)
- Re: new virus: (fwd) Kye Lewis (Sep 19)