lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: AV Naming Convention

Oh, I am not unhappy with AV companies at all. They do their job and most do
it very well and very fast. But there are programs that aren't detectable by
any AV programs. I have one sitting on my desktop; I received it in the
e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because
it isn't running thru the news and in everyone's e-mail. The largest threats
should be taken care of first, given. But should the public not be informed
about things like this. Where is the protection?

Some people question sig-based scanning and I understand their point. We
need to help the AV companies think outside the box and create new ways of
detection and prevention. We are the community help them. 

You may call the idea stupid and useless, I really don't care. We have you
talking about the possibility however. =)

Change starts with words, then actions.

Todd


-----Original Message-----
From: Glenn_Everhart@...kone.com [mailto:Glenn_Everhart@...kone.com] 
Sent: Tuesday, August 10, 2004 10:35 AM
To: toddtowles@...okshires.com; todd@...topia.com; frank@...bbe.us
Cc: full-disclosure@...sys.com
Subject: RE: [Full-Disclosure] AV Naming Convention

So isn't this the reason CVE was created some time ago now?

Give the AV companies a bit of mercy though: they are called upon to
analyze virii with ever less lead time, and need to pick names sometimes
before full behavior is even known (as it seems to me from watching
them).

Given the time allowed to do this work, it seems a cross reference after
the fact is probably the best one can hope for.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Todd Towles
Sent: Tuesday, August 10, 2004 10:16 AM
To: 'Todd Burroughs'; 'Frank Knobbe'
Cc: full-disclosure@...sys.com
Subject: RE: [Full-Disclosure] AV Naming Convention




I have to agree with Todd, the naming convention is now right useless for
the normal population and make keeping up with viruses on a corporate level
that much harder. AV companies are always trying to beat the other company
and this leads to very little information sharing between the companies on
new viruses, etc.

Maybe a foundation should be created. This foundation could give a seal of
approval to all AV corporations that join in. We are starting to make rules
for patch management over at patchmanagment.org. Why couldn't a group work
with AV names and the first company that finds and IDs it correctly gets to
name it in the foundation. Just a dream, I would guess.





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you
**********************************************************************


Powered by blists - more mailing lists