Re: AV Naming Convention

["nobody@localhost" <spamproof () nospammail net>]

Randal, Phil wrote:
> > I have to agree with Todd, the naming convention is now right 
> > useless for the normal population and make keeping up with 
> > viruses on a corporate level that much harder. AV companies 
> > are always trying to beat the other company and this leads to 
> > very little information sharing between the companies on new 
> > viruses, etc.
> >
> > Maybe a foundation should be created. This foundation could 
> > give a seal of approval to all AV corporations that join in. 
> > We are starting to make rules for patch management over at 
> > patchmanagment.org. Why couldn't a group work with AV names 
> > and the first company that finds and IDs it correctly gets to 
> > name it in the foundation. Just a dream, I would guess.
>
>
> This completely misses the point.  When a new virus is discovered, it is
> essential that there is a RAPID response to the threat.  The idead of
> handing the critter over to a committee to decide it's name is, quite
> frankly, plain bonkers.

I think you missed some of his point, his is not saying a committee 
should name it, he is saying whoever gets there first gets to name it.

> I for one would rather all the antivirus
> vendors came up with their own names if it meant that
> detection/disinfection patterns came out hour earlier.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK

Actually, I was thinking the exact same thing, I'd like to set up a AV 
vendor neutral, FD style virus repository. I'd require a user cert for 
anyone who wants to "deposit" a new virus and the first to deposit the 
new virus would get to name it. It would be assigned a GUID, so that a 
computer friendly identifier was available.
There would be an RSS feed as well as various push feeds.
Lineage could be discussed and mapped.
Other vendors could add their names to that record with information 
about what virus def file name the virus first appears in.

If it turns out that more than one group submits the same virus, then 
those "dups" would be discarded from the db, thus encouraging AV vendors 
and other groups to post new viruses asap so that everyone has a chance 
to download them and start researching them.

Fear of the government labeling me a terrorist gives me pause though...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html