Full Disclosure mailing list archives
Re: Getting the lead out of broken virus / worm email meta-reporting
From: "The Central Scroutinizer" <scroutinizer () beeb net>
Date: Tue, 3 Aug 2004 19:19:57 +0100
How fast is fast? The time it takes an av, spyware or firewall company to react to a real-time threat. I think there is going to have to be a pooling of anti-virus, mail sweeping and firewall protection knowledge. There should be a central policy that can be reported and distributed to the various vendors and clients that autoupdates the protecting software. Simply acrisis-mail-alert with appropriate information for translation into a protecting shield that updates all av, mail and firewallutilities. Has anyone written or read a spec. on standardizing worm, virus or other alerts with not just there's a'sploit, but a method of reporting the 'sploit or adware, malware in a way that the vendors and clients could instantly counter with a new filter or fix?
See :- http://www.eeye.com/html/Research/Advisories/ http://www.cve.mitre.org/I agree there should be an open standard and common public libraries of exploits and fixes.
Aaron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Getting the lead out of broken virus / worm email meta-reporting Clairmont, Jan M (Aug 03)
- Re: Getting the lead out of broken virus / worm email meta-reporting Thomas Reidy (Aug 03)
- RE: Getting the lead out of broken virus / worm email meta-reporting Todd Towles (Aug 03)
- Re: Getting the lead out of broken virus / worm email meta-reporting The Central Scroutinizer (Aug 03)
- Re: Getting the lead out of broken virus / worm email meta-reporting Thomas Reidy (Aug 03)