RE: AV Naming Convention

[Rui Pereira <ruiper () shaw ca>]

What about something similar to the CVE - Common Vulnerabilities and
Exposures - http://www.cve.mitre.org/? From their web site...

" Common Vulnerabilities and Exposures (CVER) is:
A list of standardized names for vulnerabilities and other information
security exposures - CVE aims to standardize the names for all publicly
known vulnerabilities and security exposures."

Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA
WaveFront Consulting Group



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Randal, Phil
Sent: August 10, 2004 9:34 AM
To: Todd Towles; full-disclosure () netsys com
Subject: RE: [Full-disclosure] AV Naming Convention

I have thought about it, every time this issue is raised.  To do what is
proposed at first glance seems eminently sensible, but even a post-hoc
renaming exercise requires additional "vendor" resources, and leads to
customer confusion.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: Todd Towles [mailto:toddtowles () brookshires com] 
> Sent: 10 August 2004 17:18
> To: 'Randal, Phil'; full-disclosure () netsys com
> Subject: RE: [Full-disclosure] AV Naming Convention
>
> How would a name stop an AV company from protecting its 
> customers? A name is only a name. AV companies should do 
> their job and stop viruses. But do we really care what they 
> are called in the first couple of hours, no? I am trying to 
> encourage sharing of some information between AV companies to 
> better protect the public.
>
> I really don't care what they name them as long as they stop 
> them. But the idea would be nice. If each company is going to 
> have names for stuff..they can just use long strings of 
> numbers. Would it really matter what one company names a 
> virus in the first couple of hours?
>
> Maybe it will never happen because of money and the desire to 
> be the first to discover it. But all the corporations of the 
> whole have to deal with multiple AV engines, confusing names 
> and variants. 
>
> Maybe the idea wouldn't work, but to just throw it off 
> without thinking about change is sad.
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Randal, Phil
> Sent: Tuesday, August 10, 2004 10:07 AM
> To: full-disclosure () netsys com
> Subject: RE: [Full-disclosure] AV Naming Convention
>
> > I have to agree with Todd, the naming convention is now 
> right useless 
> > for the normal population and make keeping up with viruses on a 
> > corporate level that much harder. AV companies are always trying to 
> > beat the other company and this leads to very little information 
> > sharing between the companies on new viruses, etc.
> >
> > Maybe a foundation should be created. This foundation could give a 
> > seal of approval to all AV corporations that join in.
> > We are starting to make rules for patch management over at 
> > patchmanagment.org. Why couldn't a group work with AV names and the 
> > first company that finds and IDs it correctly gets to name 
> it in the 
> > foundation. Just a dream, I would guess.
>
> This completely misses the point.  When a new virus is 
> discovered, it is essential that there is a RAPID response to 
> the threat.  The idead of handing the critter over to a 
> committee to decide it's name is, quite frankly, plain 
> bonkers.  I for one would rather all the antivirus vendors 
> came up with their own names if it meant that 
> detection/disinfection patterns came out hour earlier.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html