lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: (no subject)

The appropriately-named Frank Knobbe wrote:

> Isn't the complete lack of naming standardization in the AV industry
> simply amazing?  ...

Much as less than perfect naming coordination bothers me, the amazing 
thing is actually that names are coordinated as well as they are 
(though especially bad cases such as the mish-mash of mostly generic 
and heuristic attempts to detect HTML-embedded vulnerability 
exploitation attempts, such as the one you quoted, can certainly be 
found to suggest that there is virtually no consistency at all).

Of course, outsiders throwing stones probably shouldn't be expeceted to 
understand this.

However, if all AV vendors (and it would have to be all vendors or 
market forces would prevent it happening, so guess what is one of the 
largest things blocking better naming coordination?) were to agree a 
name perfectly before _any_ of them shipped updated detection for new 
viruses, it is a better than than fair bet that those same outsiders 
would the be ones complaining longest and loudest about how tardy AV 
vendors were at shipping "emergency" updates.

> ...  Imagine that were the case in science, particular
> medicine...

Or perhaps it would be better to imagine that you made a more 
meaningful analogy, such as asking how well you think medicine would do 
in maintaining naming consistency if entirely new strains and variants 
of viruses and pathological bacteria appeared world-wide at the rate 
computer malware proliferates.  A little exercise of the grey cells 
will likely suggest that they are unlikely to do better in the short 
term (i.e. during the outbreak phase), but would probably do much 
better longer-term as the dieseases, outbreaks and treatments of 
"biological malware" tend to last _MUCH_ longer than their "computer 
cousins".  If there was much oingoing need to coordinate names I think 
the AV industry would do better than it does now, but with the rate at 
which new variants appear being what it is, medium-term renaming and 
name coordination are both problematic and (generally) seen as having 
very little, if any, market value, so few people expend much effort on 
such renaming.

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists