funsec mailing list archives
Re: CME: A Total Failure -- Throw in the Towel
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 12 Mar 2006 13:08:33 +1300
Fergie wrote:
It stinks. And has solved nothing.
What was it trying to "solve", Ferg? Maybe it was simply less ambitious than you (and Bob Lemos and many others) wished? But maybe it is achieving pretty much that which it was set up to do? Hint: Despite nearly every man, his dog and quite a few "senior" AV folk who should have known better continually conflating it with "solving the naming problem", CME was never intended to (directly) address the naming problem, far less solve it. It's _a response_ to the confusion the naming problem creates, but it was never intended to be an outright solution to that problem -- anyone who vaguely understands the reason the naming problem exists should understand that it would take extraordinary market forces to "solve" the naming problem (it's actually far from as intractible as the AV industry would like everyone to believe, BUT it will take a bit of money and a lot of different-in-every-case re-engineering of internal-to-each-developer processes to make it do-able, and as there is far from sufficient incentive to do that thus far, very few AV companies are prepared to make the move, and as the nature of the problem requires some significant mass of adoption to actually make it work, that means no- one will make the moves). Maybe CME will become "more useful" as we "train" the media to seek out the CME ID of "newsworthy" malware, rather than simply running with the first name they are told (which now mostly depends on which AV vendor they talk to first)?
Als: Robert Lemos article on SecrityFocus: "Virus names likely a lost cause" http://www.securityfocus.com/news/11380 Likely? I'd say 'already'. Opportunity to succeed on this has long past.
Mainly, yes... Much as I am generally highly critical of my industry's approach to (incessantly avoiding) solving the naming problem, there are some grievous errors in Lemos' article that show he has less no understanding of "how things work" in this particular case. And, much as I like Joe Wells, his hint of a suggestion that the AV industry might be able to at least "fix" the naming of "just" the (officially) "In the Wild" (aka "WildListed") malware is beyond incomprehensible. It's a nice ideal, but if he applied what he must know about how his own industry works in this regard, he would realize that to fix that problem, we would have to fix the _whole_ naming problem, as "doing it right" for a such a _trifling_ subset of the vast mass of stuff that the AV labs deal with is a bit like suggesting that the one clueful lemming _can_ survive despite being in the middle of the cliff-bound madding crowd... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CME: A Total Failure -- Throw in the Towel Fergie (Mar 09)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 10)
- Re: CME: A Total Failure -- Throw in the Towel Florian Weimer (Mar 11)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 11)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel David Harley (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Axel Pettinger (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 16)