lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1092420728.593.37.camel@localhost>
From: frank at knobbe.us (Frank Knobbe)
Subject: (no subject)

Howdy Harlan,

On Fri, 2004-08-13 at 09:40, Harlan Carvey wrote:
> The attitude that the entire
> A/V industry should have a common naming convention
> seems to be coming from the open source camp...while
> A/V companies aren't necessarily open source. 
> Companies in general are about making money, and you
> do that through establishing and maintaining
> competitive advantages. 

What gave you the idea that this discussion started from a open source
camp?

But you are right in regards to the goals of the A/V companies. I think
a lot of folks in this thread made is blatantly clear that A/V companies
do not care about their clients or client satisfaction, they just care
about their bottom line. Let's leave it at that and move on.

> How are A/V companies competitive?  They identify and
> analyze malware, and update their products.  Doing it
> faster and better than the next guy is the key. 
> Slowing that process down to coordinate with other
> companies dissolves the advantage.  Let's say I
> discover a piece of malware, and call a round table
> meeting...only to find out that none of the other
> members have discovered the malware yet.  My advantage
> goes bye-bye.

Nope, doesn't have to be. There doesn't need to be information sharing.
I wouldn't even make it a round table meeting. 

On the risk of being ridiculed again by Nick or others, let's entertain
this idea. Remove the round table and replace it with a public (or
industry) "bell". If an A/V company (commercial or not) finds a new
virus, it rings the bell. First to ring the bell sets a name. Other
companies publish with their own name *candidates* and if it turns out
to be the same virus, adopt the name of the company ringing the bell.
Renaming a virus on a web site and in a database and signature set a few
hours later shouldn't be hard to to. But what do I know about the A/V
industry anyway... I'm just making silly suggestions.

No information sharing needs to take place, and competitive advantage
remains. All it takes is an industry "agreement" to work this way. I
think it will benefit their clients greatly.

In closing, the A/V industry has done a good job with naming viruses in
the past. However, in recent year the surge of worms has quickened the
reaction of the industry. They know respond in hours, dare I say
minutes, because the worm/virus/malware is spreading faster then it did
before. This haste or rush to market is what caused the names to differ
between vendors. And I think that through a sensible agreement, heck
make it a handshake agreement, the industry can return to better more
coherent naming of viruses.

Regards,
Frank



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040813/3bb2ea7a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ