| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <411A235C.23784.A4D9DAC8@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: AV Naming Convention Clairmont, Jan M wrote: > IT would be an automated naming based on first time of discovery and > reporting, there could be aliases added for the bugger. > This could be for searching for Mydoom.b Mydoom.c etc. variant rather > trying t search for a name like Virus20040908.19:24:31.8843 time stamped > variants. Ummmm, how would this system deal with parasitic infectors? What about polymorphics? Worse, metamorphics? _Any_ kind of fully automated name generation mechanism has to solve the Halting Problem to begin to useful, and were that's possible the naming system would entirely supplant any kind of the antivirus system based on one or more of the far less accurate and far less reliable known virus scanning, generic and heuristic scanning, behaviour monitoing/blocking, etc, etc, etc, etc approaches. And, if we had perfect, fully automatic virus detection we would not really need names for them as the "it infected me before my AV was updated" issue disappears... > Similar or equal virus would later be eliminated or archived for > information. Ahhh, so you are aware of that problem, but clearly did not think about what you were proposing as what you propose is simply the system we have now but with an ignorant automaton doling out names rather than loosely interconnected groups of subject matter specialists trying to reduce naming conflicts as part of their naming decisions. On balance, the automaton is likely to produce a _lot_ more different names for the same thing, making matters worse rather than better, at least once you realize that the humans who write viruses will be easily able to target the braindeadedness of the automaton to deliberately reek naming havoc via it. > ... Standard record stamping for a database like Oracle. Maybe > Oracle could be persuaded to provide an > international database, great public service, providing needed > information to reduce spam, and virus spreading etc. Oh yes, just what we need as a "public service" -- a publicly accessible database of virus and other malware code. That will reduce availability and damage from malware no end... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists