Re: Virus naming conventions, or lack of them

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Todd Towles wrote:
> How is naming a virus with @mm or a W32 in the front slow the process
> down? Naming has nothing to do with AV venders making money IMO. If it
> does, McAfee should change its name to Norton before tries to buy it
> out. =)

Smiley aside, I think that you are being disingeneous here. Either that, or
you read NOTHING of the post below (that microsoft outlook top-posting
style is my first clue; your commentary is the second). Let me repeat the
salient points:

Harlan Carvey wrote:
> One other thing I'd like to throw into the mix.  This whole discussion
> is being viewed, it seems to me from the wrong perspective.  The
> attitude that the entire A/V industry should have a common naming
> convention seems to be coming from the open source camp...while A/V
> companies aren't necessarily open source.

> Companies in general are about making money, and you do that through
> establishing and maintaining competitive advantages.  Expending
> resources (ie, people, money, time, etc) on an endeavor to establish and
> maintain a common naming scheme is an expenditure that has very little
> (if any) ROI...it can't be justified to investors.

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Harlan
> Carvey

[Ick. I so hate that outlook destruction of threading. What the hell is "On
Behalf of..." supposed to mean, anyway?]

Nick FitzGerald wrote:
[some other stuff]
> ..As a
> result, some of these procedures are so crucially dependent on the
> choice of a name _AND_ require that to happen so early in the process
> that it is all but inconceivable for some of these developers to change
> a virus' name.

and

> As much as most of the industry may agree to not aggrandize some spotty
> faced, bad-breathed teenager's fantasies by not using the name the
> virus writer chose, the media will latch onto the one tiny, weird-arse,
> industry convention defying, publicity starved, former Eastern-bloc
> hopped up AV company that does use the "cute" or "catchy" or whatever
> name, and thereby greatly exacerbates the problem.  Worse, many
> journalists (or perhaps their editors) feel that they are  better
> qualified to make up virus names than antivirus researchers are and
> they will simply coin what they consider a catchy, snazzy, sexy,
> attention grabbing, etc name to make a good headline or some dodgy joke
> later in their copy.

Still with me? What Nick and Harlan (and others) have near beat into the
ground, is that the AV companies don't CARE what it is YOU want. There's
simply no motivation to change. No money in it, and plenty of current
behavior to continue things as they are. Period. You can whine forever
about what ought to change. It isn't going to happen. It simply doesn't
matter what it is you want.

Unfortunately, it doesn't even matter what Nick suggests (and those
companies are a lot more likely to listen to a researcher like Nick, than
to J. Random Luser on Full Disclosure). It's the way it's done. Those
companies have been around a long time (and will continue to be, as long as
there are windows platforms making it easy for virus writers, XPSP2
notwithstanding). In fact, I'd venture to guess, as long as users can
install new viruses by clicking on "Click Me!" buttons, they'll stay in
business.

--
Things will happen in well-organized efforts without
direction, controls, or plans.
      Friedrich August von Hayek (1899-1992)
    "The Road to Serfdom" (ISBN: 0226320618)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html