Full Disclosure mailing list archives
RE: AV Naming Convention
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 11 Aug 2004 12:48:29 +1200
Todd Towles wrote:
... AV companies are always trying to beat the other company and this leads to very little information sharing between the companies on new viruses, etc.
Actually, that is quite misleading. The _marketing_ droids may well want you to believe that view of things, but "in the trenches" there is much more inter-researcher, cross-vendor communication than that view suggests. It is not perfect and there is not enough commitment from the developers to allow things to be much better than we currently have, but there is a fair degree of communication and, for "emergency" cases, real-time sample sharing. The real trouble is that the non-emergency cases _VASTLY_ outweigh the emergency cases and (at least for now) there is no practical way to share all samples between all developers in (near) real-time (and little desire or perceived need to do so). Thus, even in families that have many emergency cases (such as Bagle and MyDoom) there have been many non-emergency cases. In turn, this allows for several points of disagreement between developers as to which variant is which "between emergencies", and this is then further complicated by some developers that do not like making "gaps" in their naming sequences to accommodate the "wrong" use of variant ascriptions by other developers and so on and so forth...
Maybe a foundation should be created. This foundation could give a seal of approval to all AV corporations that join in. We are starting to make rules for patch management over at patchmanagment.org. Why couldn't a group work with AV names and the first company that finds and IDs it correctly gets to name it in the foundation. Just a dream, I would guess.
I won't go into the details here but I've looked into proposals like this and, at least for now, it won't work for many technical, cultural and financial reasons. If the latter can be overcome _AND_ something done to swing the culture in many AV development teams that "much better naming consistency really does matter" it can be made to work with a few technical limitations and there are some moves afoot to investigate the practicalities of this. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Valdis . Kletnieks (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Nick FitzGerald (Aug 14)
- Re: (no subject) Al Reust (Aug 15)
- Re: (no subject) Maarten (Aug 15)
- Re: (no subject) Michel Messerschmidt (Aug 16)
- Re: (no subject) Todd Burroughs (Aug 10)
- Re: (no subject) Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Frank Knobbe (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Frank Knobbe (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Kyle Maxwell (Aug 10)
- Re: (no subject) Alerta Redsegura (Aug 10)
- RE: (no subject) Todd Towles (Aug 10)
- Re: (no subject) (!!!) Thomas Loch (Aug 10)
- Re: (no subject) (!!! (complement)) Thomas Loch (Aug 10)