lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F6D3E87.29822.1F8BC4B4@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Automat?  Was (Re: new virus: )

"B.K. DeLong" <bkdelong@...ox.com> wrote:

> This is absolutely INSANE. I've got AVs picking up Automat.AHB, Gibe.F and
> Swen.A - all for the same virus.  ...

It would have helped if you had said what product reported which "name" 
_AND_ given the full report in its proper context as that may help 
those of us who know better to eliminate one (or more, though not in 
this case) of the reports as a loose heuristic or generic detection/ 
report (read "wild guess") rather than the product actually meaning "we 
detected something that is well-known and has an agreed name of...".

> ...  Why can't we get some standardization 
> here? This is getting ridiculous.

Hey -- by typical AV industry standards, that is _good_!!!

Really!

consider yourself lucky you are not dealing with five to eight 
different names (though you didn't say how many scanners you tested, so 
perhaps the "problem" is that not did not test enough different 
products...   8-) ).

...

The particulars of the following do not matter, but I have essentially 
just had what may as well count as "official confirmation" from several 
of the really large AV companies that their "official" (though not 
publicly stated) position on attempting to attain naming consistency 
at, during and soon (2 - 8 weeks) after a widely publicized incident 
such as this is "we really do not give a shit".

The only possible way I see this being changed (and believe me, I have 
been interested in getting this "fixed" for much longer than just about 
anyone) is for you, the consumers of AV products, to "convince" those 
large AV developers that if they don't start giving a shit you will 
move allegiance (== money) to other products (although, given they're 
all about as bad as each other in this regard, finding a product on a 
good "moral high ground" from which to leverage some pressure against 
the rest of the products may be tricky!).  At a minimum, bitch and 
whine long and hard each time something like this wastes some of your 
valuable time.  In fact, a coordimated effort of precisely this nature 
may be the best way forward -- if your three scanners (say!) 
collectively waste seventeen minutes of your time while you do the work 
to ensure that the three different names they report from different 
places in the company actually all refer to the same thing, ring your 
product support rep or sales rep and ensure you spend at least as long 
explaining why their not giving a shit costs your company money and 
other valuable resources.  Repeat for each product.  Such a user 
initiated DoS of their support centres (a major cost factor for large 
AVs) and their sales staff (preventing them spending their time 
bringing in new sales) will quickly far outweigh the US$100,000 to 
$200,000 per annum it would cost the industry as a whole to address and 
fix this "problem".


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ