lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: AV Naming Convention

Clairmont, Jan M wrote:

> IT would be an automated naming based on first time of discovery and
> reporting, there could be aliases added for the bugger.
> This could be for searching for Mydoom.b Mydoom.c etc. variant rather
> trying t search for a name like Virus20040908.19:24:31.8843 time stamped
> variants.

Ummmm, how would this system deal with parasitic infectors?

What about polymorphics?

Worse, metamorphics?

_Any_ kind of fully automated name generation mechanism has to solve 
the Halting Problem to begin to  useful, and were that's possible the 
naming system would entirely supplant any kind of the antivirus system 
based on one or more of the far less accurate and far less reliable 
known virus scanning, generic and heuristic scanning, behaviour 
monitoing/blocking, etc, etc, etc, etc approaches.

And, if we had perfect, fully automatic virus detection we would not 
really need names for them as the "it infected me before my AV was 
updated" issue disappears...

> Similar or equal virus would later be eliminated or archived for
> information.  

Ahhh, so you are aware of that problem, but clearly did not think about 
what you were proposing as what you propose is simply the system we 
have now but with an ignorant automaton doling out names rather than 
loosely interconnected groups of subject matter specialists trying to 
reduce naming conflicts as part of their naming decisions.

On balance, the automaton is likely to produce a _lot_ more different 
names for the same thing, making matters worse rather than better, at 
least once you realize that the humans who write viruses will be easily 
able to target the braindeadedness of the automaton to deliberately 
reek naming havoc via it.

> ...  Standard record stamping for a database like Oracle.  Maybe
> Oracle could be persuaded to provide an
> international database, great public service, providing needed
> information to reduce spam, and virus spreading etc.

Oh yes, just what we need as a "public service" -- a publicly 
accessible database of virus and other malware code.  That will reduce 
availability and damage from malware no end...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ