Full Disclosure mailing list archives
Re: (no subject)
From: Michel Messerschmidt <lists () michel-messerschmidt de>
Date: Mon, 16 Aug 2004 12:50:58 +0200
On Sun, Aug 15, 2004 at 01:52:33PM +0200, Maarten wrote:
On Sunday 15 August 2004 04:52, Nick FitzGerald wrote:Maarten wrote:yada yada. You may work in the industry (and be blind because of it) and I may have an incredible high IQ (so much higher than yours that you perceive I'm stupid instead). But the thing is, you don't know that. So stop bashing me and showing off. You can shine by your actions, not by your reputation...
So what is your knowledge about malware naming ? You know about the wildlist and its problems, Vgrep, CARO, 'naming.txt' and its use in the last 10 years ? You have ever tried to maintain and work with a malware collection ? You know about previous (and more in-depth) discussions on this topic ? You've read at least http://www.securityfocus.com/infocus/1587 and http://www.virusbtn.com/magazine/archives/200301/caro.xml to get a basic idea of the problem ? So what rational fact makes you believe you know this better than everyone else ?
All change starts small. Maybe discussions such a this will wake people up, maybe there will even be a voiced demand from the public. That DOES hurt sales, thus shareholders, which is what you need to have done, right ? The only thing I'm sure about is, YOU will not be instrumental in this.
Do you really think, there were any new ideas here ? For an example, here at the antiVirusTestCenter we have discussed the naming problems for years. But even the partial solutions that have been realized (LOKMM, VMacro-Server) haven't caused significant changes. And this was in cooperation with many AV researchers. How should such an annoying thread like this really help ? Do you also believe you can convince MS to make Windows OpenSource just by posting here ?
Well, just for you, to make it simple. At Time T you find a virus and name it whatever you like (just as you do now).From time T until T+48h you have the "all-important hours" of confusion asyou are so adamant to repeat at every opportunity. So let there be confusion. At Time T+50 you agree upon a singular standardized name and rename it. So, compared to now, what has changed between T and T+48 ?? Nothing. So stop complaining about me messing up those "all-important hours" of yours. I'm not messing anything up. I'm renaming when the panic has died down. Get it now ?!?!
And what is the benefit of your proposal? Have you considered that it may be just another source of confusion ? There could be uncoordinated renamings, the same malware alerts with old and new names (but this time from the same vendor). Adminstrators may not be able to compare scan reports from different malware definition updates because the names changed in between.
The first few hours _under current processes_ produce nearly all of the confusion caused by naming inconsistencies. Media outlets latch ontoThis is not a scientific fact, and I do not agree with you.
I can't remember _any_ scientific fact in this thread. -- Michel Messerschmidt lists () michel-messerschmidt de antiVirusTestCenter, Computer Science, University of Hamburg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- Re: (no subject) Frank Knobbe (Aug 13)
- Re: (no subject) (try using a friggin subject line...) KF_lists (Aug 13)
- Re: (no subject) Nick FitzGerald (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Valdis . Kletnieks (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Nick FitzGerald (Aug 14)
- Re: (no subject) Al Reust (Aug 15)
- Re: (no subject) Maarten (Aug 15)
- Re: (no subject) Michel Messerschmidt (Aug 16)
- Re: (no subject) Todd Burroughs (Aug 10)
- Re: (no subject) Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Frank Knobbe (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Frank Knobbe (Aug 10)
- Re: (no subject) Valdis . Kletnieks (Aug 10)
- Re: (no subject) Kyle Maxwell (Aug 10)