| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: (no subject) Howdy Harlan, On Fri, 2004-08-13 at 09:40, Harlan Carvey wrote: > The attitude that the entire > A/V industry should have a common naming convention > seems to be coming from the open source camp...while > A/V companies aren't necessarily open source. > Companies in general are about making money, and you > do that through establishing and maintaining > competitive advantages. What gave you the idea that this discussion started from a open source camp? But you are right in regards to the goals of the A/V companies. I think a lot of folks in this thread made is blatantly clear that A/V companies do not care about their clients or client satisfaction, they just care about their bottom line. Let's leave it at that and move on. > How are A/V companies competitive? They identify and > analyze malware, and update their products. Doing it > faster and better than the next guy is the key. > Slowing that process down to coordinate with other > companies dissolves the advantage. Let's say I > discover a piece of malware, and call a round table > meeting...only to find out that none of the other > members have discovered the malware yet. My advantage > goes bye-bye. Nope, doesn't have to be. There doesn't need to be information sharing. I wouldn't even make it a round table meeting. On the risk of being ridiculed again by Nick or others, let's entertain this idea. Remove the round table and replace it with a public (or industry) "bell". If an A/V company (commercial or not) finds a new virus, it rings the bell. First to ring the bell sets a name. Other companies publish with their own name *candidates* and if it turns out to be the same virus, adopt the name of the company ringing the bell. Renaming a virus on a web site and in a database and signature set a few hours later shouldn't be hard to to. But what do I know about the A/V industry anyway... I'm just making silly suggestions. No information sharing needs to take place, and competitive advantage remains. All it takes is an industry "agreement" to work this way. I think it will benefit their clients greatly. In closing, the A/V industry has done a good job with naming viruses in the past. However, in recent year the surge of worms has quickened the reaction of the industry. They know respond in hours, dare I say minutes, because the worm/virus/malware is spreading faster then it did before. This haste or rush to market is what caused the names to differ between vendors. And I think that through a sensible agreement, heck make it a handshake agreement, the industry can return to better more coherent naming of viruses. Regards, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040813/3bb2ea7a/attachment.bin
Powered by blists - more mailing lists