| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41190395.19802.A075D2A8@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: (no subject) The appropriately-named Frank Knobbe wrote: > Isn't the complete lack of naming standardization in the AV industry > simply amazing? ... Much as less than perfect naming coordination bothers me, the amazing thing is actually that names are coordinated as well as they are (though especially bad cases such as the mish-mash of mostly generic and heuristic attempts to detect HTML-embedded vulnerability exploitation attempts, such as the one you quoted, can certainly be found to suggest that there is virtually no consistency at all). Of course, outsiders throwing stones probably shouldn't be expeceted to understand this. However, if all AV vendors (and it would have to be all vendors or market forces would prevent it happening, so guess what is one of the largest things blocking better naming coordination?) were to agree a name perfectly before _any_ of them shipped updated detection for new viruses, it is a better than than fair bet that those same outsiders would the be ones complaining longest and loudest about how tardy AV vendors were at shipping "emergency" updates. > ... Imagine that were the case in science, particular > medicine... Or perhaps it would be better to imagine that you made a more meaningful analogy, such as asking how well you think medicine would do in maintaining naming consistency if entirely new strains and variants of viruses and pathological bacteria appeared world-wide at the rate computer malware proliferates. A little exercise of the grey cells will likely suggest that they are unlikely to do better in the short term (i.e. during the outbreak phase), but would probably do much better longer-term as the dieseases, outbreaks and treatments of "biological malware" tend to last _MUCH_ longer than their "computer cousins". If there was much oingoing need to coordinate names I think the AV industry would do better than it does now, but with the rate at which new variants appear being what it is, medium-term renaming and name coordination are both problematic and (generally) seen as having very little, if any, market value, so few people expend much effort on such renaming. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists