[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B99D046F7F16A34EA7926E14DD82F5A114CCF1@exchny28.ny.ssmb.com>
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M)
Subject: AV Naming Convention Reporting Plan.
Geesh that's why you need a centralized database with an
independent non-vendor specific database. It would be for
reporting and sharing for the benefit of the community or av, firewall
and other vendors and the internet community. It implies no force du
jour or coercion on anyone, you could opt out or not use the free
service, duh!
The service could be funded by donations like PBS. Like any standards
committee it is staffed by vendors interested parties
students, just like freeware or shareware. The goal is to help
end endless spam, av and trojans etc. Not to spy or require anyone to
do anything. Just like this list is a opt in or
opt out, I frankly think full-disclosure should jump on this
idea for doing it or someone of that ilk.
Is this really that hard to understand?
Essentially this is the Function flow.
Person Finds Spam, Trojan, Exploit etc
Vender finds Spam, Trojan, exploit
Vender Finds New virus --
reports virus forensics, description
format set by database committee
sample reporting tool on Web fill
in the blanks and
report
|
|
V
IVST Database.com
|
|
|creates record time stamp_name & aliases
V
Updated database sees no equal sends out report
Fix information to all interested parties based on
User profile or need.
|
|investigation continues
V
Database updates duplicates and reports to users
Keeps track of spam, virus variants, trojans etc.
Back to step 1.
And it could start from day one without a history, just start with
what's new. A retrofit database would be useful but not necessary. It
just needs to react to new threats.
What's the big deal, it could be used for independent
researchers,students, Dead Heads, Hacker wannabes,
and best of all standardize the whole mess.
Right now it's every person for
themselves. What do we have to lose but spam and maybe get a faster
reaction time to incidents, with a rational plan.
It's like finding comets, you find 'em you name 'em.
Jan Clairmont
Firewall Administrator/Consultant
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
Valdis.Kletnieks@...edu
Sent: Tuesday, August 10, 2004 2:54 PM
To: Frank Knobbe
Cc: Glenn_Everhart@...kone.com; full-disclosure@...sys.com
Subject: Re: [Full-Disclosure] AV Naming Convention
On Tue, 10 Aug 2004 10:44:56 CDT, Frank Knobbe said:
> standardized. First representative of an AV shop that raises the hand
> says "We got a new one! Can't give details of course since you are a
> competitor. But if you find the same thing in your research, let's
call
> it Humptydumpty-2."
> Whoever finds the virus first has first choice on the name. No sharing
> of information required, just agreement on a name.
Of course, I *didnt* find the same thing, so I called it Jabberwocky-3.
Only later did we find out it was the same thing.
Only way to do that sanely is the way tropical storms are done - make up
a *long* list beforehand, and as each AV vendor raises their hand, the
get the next name in the list.
Remember guys - I may need a name for the variant I'm about to push
a signature out the door *before* I have any way of finding out that
you've
got a different variant.
Powered by blists - more mailing lists