Re: AV Naming Convention

[ASB <abaker () gmail com>]

====
Using a generic no-name description in an identity file until a
committee named a virus variant would unsettle millions of end users
("you've got a virus, but I'm buggered if I know what it's called").
====

This happens anyway.    Try describing a virus to someone else in the
first few hours after detection...       There are all sorts of names
used for every virus.

-ASB

On Wed, 11 Aug 2004 10:50:57 +1000, Brad Griffin <b.griffin () cqu edu au> wrote:
> I am a relative newbie to computing, but I've been seeing this same
> argument for the past 9 years. I reckon I'll see it continue for the
> next nine, because I've seen the ideas people have put forward in this
> forum before as well. I'm just glad Nick F hasn't got sick of explaining
> why a standard naming convention is so hard to implement in the AV
> industry.
>
> cve may be great for security vulnerabilities, but would not work, or
> would be too slow a process to apply to virus naming.
>
> Using a generic no-name description in an identity file until a
> committee named a virus variant would unsettle millions of end users
> ("you've got a virus, but I'm buggered if I know what it's called").
>
> (MY couple cents of useless input).
>
> IIRC, haven't a lot of the naming convention problems occurred because
> the majority of vendors don't like to pander to vxer's egos by naming
> viruses the way the creators' wanted?
>
> Regards,
> B
>
>
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of ASB
> Sent: Wednesday, August 11, 2004 3:59 AM
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] AV Naming Convention
>
> All collaboration with the naming should occur in subsequent revisions
> of their signature files.
>
> Upon initial release, each vendor should call the virus:
> VendorName-VirusCodeName.    Once the initial releases of the updated
> signatures are out, and the necessary documentation on the effects of
> the virus has been produced, the appropriate liasons for each vendor
> should get together and determine the correct global name.
>
> Then, each vendor can update the subsequent releases of their signature
> files to include the standardized name in conjunction with their own
> (e.g. VendorName-VirusCodeName [StandardizedName])
>
> -ASB
>
> On Tue, 10 Aug 2004 11:18:05 -0500, Todd Towles
> <toddtowles () brookshires com> wrote:
> > How would a name stop an AV company from protecting its customers? A
> > name is only a name. AV companies should do their job and stop
> > viruses. But do we really care what they are called in the first
> > couple of hours, no? I am trying to encourage sharing of some
> > information between AV companies to better protect the public.
> >
> > I really don't care what they name them as long as they stop them. But
>
> > the idea would be nice. If each company is going to have names for
> > stuff..they can just use long strings of numbers. Would it really
> > matter what one company names a virus in the first couple of hours?
> >
> > Maybe it will never happen because of money and the desire to be the
> > first to discover it. But all the corporations of the whole have to
> > deal with multiple AV engines, confusing names and variants.
> >
> > Maybe the idea wouldn't work, but to just throw it off without
> > thinking about change is sad.
> >
> >
> >
> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com
> > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Randal,
> > Phil
> > Sent: Tuesday, August 10, 2004 10:07 AM
> > To: full-disclosure () netsys com
> > Subject: RE: [Full-disclosure] AV Naming Convention
> >
> > > I have to agree with Todd, the naming convention is now right
> > > useless for the normal population and make keeping up with viruses
> > > on a corporate level that much harder. AV companies are always
> > > trying to beat the other company and this leads to very little
> > > information sharing between the companies on new viruses, etc.
> > >
> > > Maybe a foundation should be created. This foundation could give a
> > > seal of approval to all AV corporations that join in.
> > > We are starting to make rules for patch management over at
> > > patchmanagment.org. Why couldn't a group work with AV names and the
> > > first company that finds and IDs it correctly gets to name it in the
>
> > > foundation. Just a dream, I would guess.
> >
> > This completely misses the point.  When a new virus is discovered, it
> > is essential that there is a RAPID response to the threat.  The idead
> > of handing the critter over to a committee to decide it's name is,
> > quite frankly, plain bonkers.  I for one would rather all the
> > antivirus vendors came up with their own names if it meant that
> > detection/disinfection patterns came out hour earlier.
> >
> > Cheers,
> >
> > Phil
> >
> > ----
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html