| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: AV Naming Convention Oh, I am not unhappy with AV companies at all. They do their job and most do it very well and very fast. But there are programs that aren't detectable by any AV programs. I have one sitting on my desktop; I received it in the e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because it isn't running thru the news and in everyone's e-mail. The largest threats should be taken care of first, given. But should the public not be informed about things like this. Where is the protection? Some people question sig-based scanning and I understand their point. We need to help the AV companies think outside the box and create new ways of detection and prevention. We are the community help them. You may call the idea stupid and useless, I really don't care. We have you talking about the possibility however. =) Change starts with words, then actions. Todd -----Original Message----- From: Glenn_Everhart@...kone.com [mailto:Glenn_Everhart@...kone.com] Sent: Tuesday, August 10, 2004 10:35 AM To: toddtowles@...okshires.com; todd@...topia.com; frank@...bbe.us Cc: full-disclosure@...sys.com Subject: RE: [Full-Disclosure] AV Naming Convention So isn't this the reason CVE was created some time ago now? Give the AV companies a bit of mercy though: they are called upon to analyze virii with ever less lead time, and need to pick names sometimes before full behavior is even known (as it seems to me from watching them). Given the time allowed to do this work, it seems a cross reference after the fact is probably the best one can hope for. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Todd Towles Sent: Tuesday, August 10, 2004 10:16 AM To: 'Todd Burroughs'; 'Frank Knobbe' Cc: full-disclosure@...sys.com Subject: RE: [Full-Disclosure] AV Naming Convention I have to agree with Todd, the naming convention is now right useless for the normal population and make keeping up with viruses on a corporate level that much harder. AV companies are always trying to beat the other company and this leads to very little information sharing between the companies on new viruses, etc. Maybe a foundation should be created. This foundation could give a seal of approval to all AV corporations that join in. We are starting to make rules for patch management over at patchmanagment.org. Why couldn't a group work with AV names and the first company that finds and IDs it correctly gets to name it in the foundation. Just a dream, I would guess. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
Powered by blists - more mailing lists