| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: AV Naming Convention Frank Knobbe to Glenn Everhart: > > Given the time allowed to do this work, it seems a cross reference after > > the fact is probably the best one can hope for. > > Perhaps they could elect one person (of each AV shop) to be a naming > mediator between the organizations. ... Pick me, please -- I just love being woken up at 3:42am because folk in Russia are working a new virus I already saw hours ago and we now have to agree on a name... That's right -- we don't all work for companies based in the same continent, let all work in the same place as all the other folk doing analysis for our own companies. > ... Competition is still ensured... > after all, everyone wants to get it out first. Here's another incentive. Do you work in marketing? If not, please get that stupid idea out of your head (if you do work in marketing then I assume you are genetically unable to think sensibly about the following). Most of antivirus researchers do _NOT_ work that way, regardless of who their employers are (and formerly, when a few such employers were dumb enough to try to use gag-clauses in their employment contracts these were often ignored anyway). > First one out to propose a new virus/strain can give it a name. All > prominent AV shops could, to help industry and consumers (marketing > opportunity here), come to an agreement that governs how names are > standardized. First representative of an AV shop that raises the hand > says "We got a new one! Can't give details of course since you are a > competitor. But if you find the same thing in your research, let's call > it Humptydumpty-2." Pray tell, how are "name proposers" to convey to their peers which virus they have just found? You say that they should not give details of the virus, yet as (part of) the naming problem is that there is no natural and unique naming method, simply knowing that another researcher called some virus "FooBar" gives one _NO_ insight into whether the new virus they are now looking at is a sample of FooBar. Oh, and the competition thing -- that's not how things work. The AV industry is a great deal better for having driven the John McAfees out all those years ago, along with the divisive and damaging (both to the customer and the industry) "sample competitiion" folk like him had been encouraging. If you really are an AV user, you'd be about the only one who is apparently keen to return to those "bad old days". > Whoever finds the virus first has first choice on the name. No sharing > of information required, just agreement on a name. That is what we have now, which I thought was seen as a problem... Also, how does some other researcher know that FooBar and the new virus they've just been handed to analyse and add to their employer's product is, or is not, one and the same thing? You seem to be forgetting that a name is just a label and, alone, imparts no identity information. > Is that so hard? Well, it would be if anyone was daft enough to try to do it as you describe... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists