[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <013201c47f01$35bc3c40$6401a8c0@wcglap001>
From: ruiper at shaw.ca (Rui Pereira)
Subject: AV Naming Convention
What about something similar to the CVE - Common Vulnerabilities and
Exposures - http://www.cve.mitre.org/? From their web site...
" Common Vulnerabilities and Exposures (CVER) is:
A list of standardized names for vulnerabilities and other information
security exposures - CVE aims to standardize the names for all publicly
known vulnerabilities and security exposures."
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA
WaveFront Consulting Group
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Randal, Phil
Sent: August 10, 2004 9:34 AM
To: Todd Towles; full-disclosure@...sys.com
Subject: RE: [Full-Disclosure] AV Naming Convention
I have thought about it, every time this issue is raised. To do what is
proposed at first glance seems eminently sensible, but even a post-hoc
renaming exercise requires additional "vendor" resources, and leads to
customer confusion.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Todd Towles [mailto:toddtowles@...okshires.com]
> Sent: 10 August 2004 17:18
> To: 'Randal, Phil'; full-disclosure@...sys.com
> Subject: RE: [Full-Disclosure] AV Naming Convention
>
> How would a name stop an AV company from protecting its
> customers? A name is only a name. AV companies should do
> their job and stop viruses. But do we really care what they
> are called in the first couple of hours, no? I am trying to
> encourage sharing of some information between AV companies to
> better protect the public.
>
> I really don't care what they name them as long as they stop
> them. But the idea would be nice. If each company is going to
> have names for stuff..they can just use long strings of
> numbers. Would it really matter what one company names a
> virus in the first couple of hours?
>
> Maybe it will never happen because of money and the desire to
> be the first to discover it. But all the corporations of the
> whole have to deal with multiple AV engines, confusing names
> and variants.
>
> Maybe the idea wouldn't work, but to just throw it off
> without thinking about change is sad.
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Randal, Phil
> Sent: Tuesday, August 10, 2004 10:07 AM
> To: full-disclosure@...sys.com
> Subject: RE: [Full-Disclosure] AV Naming Convention
>
> > I have to agree with Todd, the naming convention is now
> right useless
> > for the normal population and make keeping up with viruses on a
> > corporate level that much harder. AV companies are always trying to
> > beat the other company and this leads to very little information
> > sharing between the companies on new viruses, etc.
> >
> > Maybe a foundation should be created. This foundation could give a
> > seal of approval to all AV corporations that join in.
> > We are starting to make rules for patch management over at
> > patchmanagment.org. Why couldn't a group work with AV names and the
> > first company that finds and IDs it correctly gets to name
> it in the
> > foundation. Just a dream, I would guess.
>
> This completely misses the point. When a new virus is
> discovered, it is essential that there is a RAPID response to
> the threat. The idead of handing the critter over to a
> committee to decide it's name is, quite frankly, plain
> bonkers. I for one would rather all the antivirus vendors
> came up with their own names if it meant that
> detection/disinfection patterns came out hour earlier.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists