RE: AV Naming Convention

["Todd Towles" <toddtowles () brookshires com>]

Oh, I am not unhappy with AV companies at all. They do their job and most do
it very well and very fast. But there are programs that aren't detectable by
any AV programs. I have one sitting on my desktop; I received it in the
e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because
it isn't running thru the news and in everyone's e-mail. The largest threats
should be taken care of first, given. But should the public not be informed
about things like this. Where is the protection?

Some people question sig-based scanning and I understand their point. We
need to help the AV companies think outside the box and create new ways of
detection and prevention. We are the community help them. 

You may call the idea stupid and useless, I really don't care. We have you
talking about the possibility however. =)

Change starts with words, then actions.

Todd


-----Original Message-----
From: Glenn_Everhart () bankone com [mailto:Glenn_Everhart () bankone com] 
Sent: Tuesday, August 10, 2004 10:35 AM
To: toddtowles () brookshires com; todd () hostopia com; frank () knobbe us
Cc: full-disclosure () netsys com
Subject: RE: [Full-disclosure] AV Naming Convention

So isn't this the reason CVE was created some time ago now?

Give the AV companies a bit of mercy though: they are called upon to
analyze virii with ever less lead time, and need to pick names sometimes
before full behavior is even known (as it seems to me from watching
them).

Given the time allowed to do this work, it seems a cross reference after
the fact is probably the best one can hope for.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Todd Towles
Sent: Tuesday, August 10, 2004 10:16 AM
To: 'Todd Burroughs'; 'Frank Knobbe'
Cc: full-disclosure () netsys com
Subject: RE: [Full-disclosure] AV Naming Convention




I have to agree with Todd, the naming convention is now right useless for
the normal population and make keeping up with viruses on a corporate level
that much harder. AV companies are always trying to beat the other company
and this leads to very little information sharing between the companies on
new viruses, etc.

Maybe a foundation should be created. This foundation could give a seal of
approval to all AV corporations that join in. We are starting to make rules
for patch management over at patchmanagment.org. Why couldn't a group work
with AV names and the first company that finds and IDs it correctly gets to
name it in the foundation. Just a dream, I would guess.





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you
**********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html