Re: AV Naming Convention

["Alerta Redsegura" <alerta () redsegura com>]

Standardization is the solution: If precise rules are established to name
viruses, then it is not even necessary that AV companies meet to decide on
the name for every new virus.

The problem here is the way viruses have been getting classified through the
years, which leads to a "would-be-taxonomy" that reflects more economic and
marketing interests than a "scientifically-driven" classification effort.

A clear example is the use of "malware" as an accepted term encompassing
viruses, worms, adware, spyware, etc.
Malware stands for "malicious software".  Can you categorically affirm that
all viruses,  worms and the like are made with a "malicious intention"?  You
cannot!  But "Malware" is a term that sounds great to scare people and
that's good for marketing purposes.

So, what alternative could be used to describe what is known today as
"malware"?
What all these "entities" share is that they get to their destination
without the user's consent.  So, regardless of the intention at their
origin, they all are "intruders".  Why not call them, for example,
"intrudeware"?

Another example is the one of  Trojan horses.  How come some AV companies
abbreviate Trojan Horses as "Trojans"?
It is clear that if we are to follow this Trojan-Greek story, Trojans were
the victims of the Trojan Horse, therefore "Trojan" would refer to infected
software or equipment.

What is clear here is that, contrary to the biological virus taxonomy, which
follows rigorous scientific methods, computer virus classification (I dare
not call it "taxonomy"...) as we have it today is far from being
"scientific", and will continue so,  as long as economic interest prevails
on scientific interest.


Regards,


Iñigo Koch
Red Segura


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html