lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA273FAD@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: (no subject)

It is a very complex issue...but a simple agreement on standard
post/pre-fixes would be a start.

As my orginial post started, I wouldn't let it up to the AV companies at
all. Have a separate entity (group of people like us), gain the backing
of big compaines and other entities and come up with some standards. 

If AV vendors choose to work with these unset rules then they are
approved by the entity. People that believe in a standradization will
only used entity approved products. Let the customers decide if this is
what they want.

But we have to give them a way to start voicing the need. 

-----Original Message-----
From: Barry Fitzgerald [mailto:bkfsec@....lonestar.org] 
Sent: Friday, August 13, 2004 12:02 PM
To: Todd Towles
Cc: Harlan Carvey; full-disclosure@...sys.com
Subject: Re: [Full-Disclosure] (no subject)

Todd Towles wrote:

>How is naming a virus with @mm or a W32 in the front slow the process 
>down? Naming has nothing to do with AV venders making money IMO. If it 
>does, McAfee should change its name to Norton before tries to buy it 
>out. =)
>
>  
>

It doesn't have a direct impact -- however, you're not going to get the
major companies to agree to put resources towards collaboration and
changing names.  That's a used resource which cuts into their profits.  
(Note: I'm trying to take this from their perspective, not mine.)

It's a little more complex than just having prefixes and postfixes.  
Actually, if you look at the latest e-mail worms and their variance in
variant naming between AV vendors, it's a lot more complex than
standardized prefixes and whatnot.

Not to mention the fact that many businesses won't do so as a matter of
ego/self-reliance. 

             -Barry


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ