Full Disclosure mailing list archives
RE: AV Naming Convention
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 11 Aug 2004 13:47:08 +1200
Clairmont, Jan M wrote:
IT would be an automated naming based on first time of discovery and reporting, there could be aliases added for the bugger. This could be for searching for Mydoom.b Mydoom.c etc. variant rather trying t search for a name like Virus20040908.19:24:31.8843 time stamped variants.
Ummmm, how would this system deal with parasitic infectors? What about polymorphics? Worse, metamorphics? _Any_ kind of fully automated name generation mechanism has to solve the Halting Problem to begin to useful, and were that's possible the naming system would entirely supplant any kind of the antivirus system based on one or more of the far less accurate and far less reliable known virus scanning, generic and heuristic scanning, behaviour monitoing/blocking, etc, etc, etc, etc approaches. And, if we had perfect, fully automatic virus detection we would not really need names for them as the "it infected me before my AV was updated" issue disappears...
Similar or equal virus would later be eliminated or archived for information.
Ahhh, so you are aware of that problem, but clearly did not think about what you were proposing as what you propose is simply the system we have now but with an ignorant automaton doling out names rather than loosely interconnected groups of subject matter specialists trying to reduce naming conflicts as part of their naming decisions. On balance, the automaton is likely to produce a _lot_ more different names for the same thing, making matters worse rather than better, at least once you realize that the humans who write viruses will be easily able to target the braindeadedness of the automaton to deliberately reek naming havoc via it.
... Standard record stamping for a database like Oracle. Maybe Oracle could be persuaded to provide an international database, great public service, providing needed information to reduce spam, and virus spreading etc.
Oh yes, just what we need as a "public service" -- a publicly accessible database of virus and other malware code. That will reduce availability and damage from malware no end... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: AV Naming Convention, (continued)
- RE: AV Naming Convention Nick FitzGerald (Aug 11)
- RE: AV Naming Convention Todd Towles (Aug 11)
- RE: AV Naming Convention Frank Knobbe (Aug 10)
- Re: AV Naming Convention Valdis . Kletnieks (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 11)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Randal, Phil (Aug 10)
- RE: AV Naming Convention Rui Pereira (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Clairmont, Jan M (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention tcleary2 (Aug 10)
- RE: AV Naming Convention Brad Griffin (Aug 10)
- Re: AV Naming Convention ASB (Aug 11)
- RE: AV Naming Convention Nick FitzGerald (Aug 12)
- RE: AV Naming Convention John . Airey (Aug 11)