Full Disclosure mailing list archives
Re: AV Naming Convention
From: ASB <abaker () gmail com>
Date: Wed, 11 Aug 2004 06:22:08 -0400
==== Using a generic no-name description in an identity file until a committee named a virus variant would unsettle millions of end users ("you've got a virus, but I'm buggered if I know what it's called"). ==== This happens anyway. Try describing a virus to someone else in the first few hours after detection... There are all sorts of names used for every virus. -ASB On Wed, 11 Aug 2004 10:50:57 +1000, Brad Griffin <b.griffin () cqu edu au> wrote:
I am a relative newbie to computing, but I've been seeing this same argument for the past 9 years. I reckon I'll see it continue for the next nine, because I've seen the ideas people have put forward in this forum before as well. I'm just glad Nick F hasn't got sick of explaining why a standard naming convention is so hard to implement in the AV industry. cve may be great for security vulnerabilities, but would not work, or would be too slow a process to apply to virus naming. Using a generic no-name description in an identity file until a committee named a virus variant would unsettle millions of end users ("you've got a virus, but I'm buggered if I know what it's called"). (MY couple cents of useless input). IIRC, haven't a lot of the naming convention problems occurred because the majority of vendors don't like to pander to vxer's egos by naming viruses the way the creators' wanted? Regards, B -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of ASB Sent: Wednesday, August 11, 2004 3:59 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] AV Naming Convention All collaboration with the naming should occur in subsequent revisions of their signature files. Upon initial release, each vendor should call the virus: VendorName-VirusCodeName. Once the initial releases of the updated signatures are out, and the necessary documentation on the effects of the virus has been produced, the appropriate liasons for each vendor should get together and determine the correct global name. Then, each vendor can update the subsequent releases of their signature files to include the standardized name in conjunction with their own (e.g. VendorName-VirusCodeName [StandardizedName]) -ASB On Tue, 10 Aug 2004 11:18:05 -0500, Todd Towles <toddtowles () brookshires com> wrote:How would a name stop an AV company from protecting its customers? A name is only a name. AV companies should do their job and stop viruses. But do we really care what they are called in the first couple of hours, no? I am trying to encourage sharing of some information between AV companies to better protect the public. I really don't care what they name them as long as they stop them. Butthe idea would be nice. If each company is going to have names for stuff..they can just use long strings of numbers. Would it really matter what one company names a virus in the first couple of hours? Maybe it will never happen because of money and the desire to be the first to discover it. But all the corporations of the whole have to deal with multiple AV engines, confusing names and variants. Maybe the idea wouldn't work, but to just throw it off without thinking about change is sad. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Randal, Phil Sent: Tuesday, August 10, 2004 10:07 AM To: full-disclosure () netsys com Subject: RE: [Full-disclosure] AV Naming ConventionI have to agree with Todd, the naming convention is now right useless for the normal population and make keeping up with viruses on a corporate level that much harder. AV companies are always trying to beat the other company and this leads to very little information sharing between the companies on new viruses, etc. Maybe a foundation should be created. This foundation could give a seal of approval to all AV corporations that join in. We are starting to make rules for patch management over at patchmanagment.org. Why couldn't a group work with AV names and the first company that finds and IDs it correctly gets to name it in thefoundation. Just a dream, I would guess.This completely misses the point. When a new virus is discovered, it is essential that there is a RAPID response to the threat. The idead of handing the critter over to a committee to decide it's name is, quite frankly, plain bonkers. I for one would rather all the antivirus vendors came up with their own names if it meant that detection/disinfection patterns came out hour earlier. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AV Naming Convention, (continued)
- Re: AV Naming Convention Valdis . Kletnieks (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 11)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Randal, Phil (Aug 10)
- RE: AV Naming Convention Rui Pereira (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Clairmont, Jan M (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention tcleary2 (Aug 10)
- RE: AV Naming Convention Brad Griffin (Aug 10)
- Re: AV Naming Convention ASB (Aug 11)
- RE: AV Naming Convention Nick FitzGerald (Aug 12)
- RE: AV Naming Convention John . Airey (Aug 11)