| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: fulldisc at ultratux.org (Maarten) Subject: (no subject) On Tuesday 10 August 2004 07:19, Nick FitzGerald wrote: > The appropriately-named Frank Knobbe wrote: > > Isn't the complete lack of naming standardization in the AV industry > > simply amazing? ... > However, if all AV vendors (and it would have to be all vendors or > market forces would prevent it happening, so guess what is one of the > largest things blocking better naming coordination?) were to agree a > name perfectly before _any_ of them shipped updated detection for new > viruses, it is a better than than fair bet that those same outsiders > would the be ones complaining longest and loudest about how tardy AV > vendors were at shipping "emergency" updates. There is nothing stopping AV vendors from naming freshly discovered virii with an internal naming scheme (VENDOR-YYYYMMDDHHxy) pending a central database / organisation to name the virus. Then all vendors can rename the new strain from their generic temporary name to the definitive name. This is trivial, they update virus definitions all the time, why not also update the name. This could even be good for competition; the central authority could give credit to the first discoverer by naming the virus after the vendor who first found it (but I digress here). In the real world, things are very often named after their discoverers or inventors. Star systems, diseases, laws, etcetera. Of course, the first thing is to form that central authority, but then again lots of industries have a central authority -whether decreed by law or not- so it's not something deemed impossible. At least there are no technical barriers to stop that, only political ones. Despite the high rate of development as you outline below. Using a temporary name is quite simple to do, simple to update and overall better for everyone. Maarten > > ... Imagine that were the case in science, particular > > medicine... > > Or perhaps it would be better to imagine that you made a more > meaningful analogy, such as asking how well you think medicine would do > in maintaining naming consistency if entirely new strains and variants > of viruses and pathological bacteria appeared world-wide at the rate > computer malware proliferates. A little exercise of the grey cells > will likely suggest that they are unlikely to do better in the short > term (i.e. during the outbreak phase), but would probably do much > better longer-term as the dieseases, outbreaks and treatments of > "biological malware" tend to last _MUCH_ longer than their "computer > cousins". If there was much oingoing need to coordinate names I think > the AV industry would do better than it does now, but with the rate at > which new variants appear being what it is, medium-term renaming and > name coordination are both problematic and (generally) seen as having > very little, if any, market value, so few people expend much effort on > such renaming. -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
Powered by blists - more mailing lists