[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F6D3E87.29822.1F8BC4B4@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Automat? Was (Re: new virus: )
"B.K. DeLong" <bkdelong@...ox.com> wrote:
> This is absolutely INSANE. I've got AVs picking up Automat.AHB, Gibe.F and
> Swen.A - all for the same virus. ...
It would have helped if you had said what product reported which "name"
_AND_ given the full report in its proper context as that may help
those of us who know better to eliminate one (or more, though not in
this case) of the reports as a loose heuristic or generic detection/
report (read "wild guess") rather than the product actually meaning "we
detected something that is well-known and has an agreed name of...".
> ... Why can't we get some standardization
> here? This is getting ridiculous.
Hey -- by typical AV industry standards, that is _good_!!!
Really!
consider yourself lucky you are not dealing with five to eight
different names (though you didn't say how many scanners you tested, so
perhaps the "problem" is that not did not test enough different
products... 8-) ).
...
The particulars of the following do not matter, but I have essentially
just had what may as well count as "official confirmation" from several
of the really large AV companies that their "official" (though not
publicly stated) position on attempting to attain naming consistency
at, during and soon (2 - 8 weeks) after a widely publicized incident
such as this is "we really do not give a shit".
The only possible way I see this being changed (and believe me, I have
been interested in getting this "fixed" for much longer than just about
anyone) is for you, the consumers of AV products, to "convince" those
large AV developers that if they don't start giving a shit you will
move allegiance (== money) to other products (although, given they're
all about as bad as each other in this regard, finding a product on a
good "moral high ground" from which to leverage some pressure against
the rest of the products may be tricky!). At a minimum, bitch and
whine long and hard each time something like this wastes some of your
valuable time. In fact, a coordimated effort of precisely this nature
may be the best way forward -- if your three scanners (say!)
collectively waste seventeen minutes of your time while you do the work
to ensure that the three different names they report from different
places in the company actually all refer to the same thing, ring your
product support rep or sales rep and ensure you spend at least as long
explaining why their not giving a shit costs your company money and
other valuable resources. Repeat for each product. Such a user
initiated DoS of their support centres (a major cost factor for large
AVs) and their sales staff (preventing them spending their time
bringing in new sales) will quickly far outweigh the US$100,000 to
$200,000 per annum it would cost the industry as a whole to address and
fix this "problem".
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists