lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: toddtowles at brookshires.com (Todd Towles)
Subject: Virus naming conventions, or lack of them

I was only showing the point that name of a virus doesn't stop a company
form working and creating IDE to stop a virus. They can name them
whatever they want. Most of us really don't care most of the time, as
long as it gets stopped. AV vendors can choose to name the same (at
least in the same format) and choose to be totally different in naming.

As far as my using Outlook - sorry buddy, I work for a corporation. Is
Outlook a bit more dangerous than some 20 year old netscape client?
Sure, but it all comes down to the users, now doesn't it.

I understand the AV vendors doesn't care about me...and I can care less
about one other companines bottom line too. If the public ever decided
it needs to be changed, then the change will have money in it. Customers
choose to buy what they WANT. 

The simple fact is that people out there see a growing need to have some
sort of convention. If they would just agree on a format, that would be
better than it is currently. But I understand money will have to be
driving issue in the end. Agreed.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Etaoin
Shrdlu
Sent: Friday, August 13, 2004 1:18 PM
To: Full Disclosure
Subject: Re: [Full-Disclosure] Virus naming conventions, or lack of them

Todd Towles wrote:
> 
> How is naming a virus with @mm or a W32 in the front slow the process 
> down? Naming has nothing to do with AV venders making money IMO. If it

> does, McAfee should change its name to Norton before tries to buy it 
> out. =)

Smiley aside, I think that you are being disingeneous here. Either that,
or you read NOTHING of the post below (that microsoft outlook
top-posting style is my first clue; your commentary is the second). Let
me repeat the salient points:

Harlan Carvey wrote:
> One other thing I'd like to throw into the mix.  This whole discussion

> is being viewed, it seems to me from the wrong perspective.  The 
> attitude that the entire A/V industry should have a common naming 
> convention seems to be coming from the open source camp...while A/V 
> companies aren't necessarily open source.

> Companies in general are about making money, and you do that through 
> establishing and maintaining competitive advantages.  Expending 
> resources (ie, people, money, time, etc) on an endeavor to establish 
> and maintain a common naming scheme is an expenditure that has very 
> little (if any) ROI...it can't be justified to investors.

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Harlan 
> Carvey

[Ick. I so hate that outlook destruction of threading. What the hell is
"On Behalf of..." supposed to mean, anyway?]

Nick FitzGerald wrote:
[some other stuff]
> ..As a
> result, some of these procedures are so crucially dependent on the 
> choice of a name _AND_ require that to happen so early in the process 
> that it is all but inconceivable for some of these developers to 
> change a virus' name.

and

> As much as most of the industry may agree to not aggrandize some 
> spotty faced, bad-breathed teenager's fantasies by not using the name 
> the virus writer chose, the media will latch onto the one tiny, 
> weird-arse, industry convention defying, publicity starved, former 
> Eastern-bloc hopped up AV company that does use the "cute" or "catchy"

> or whatever name, and thereby greatly exacerbates the problem.  Worse,

> many journalists (or perhaps their editors) feel that they are  better

> qualified to make up virus names than antivirus researchers are and 
> they will simply coin what they consider a catchy, snazzy, sexy, 
> attention grabbing, etc name to make a good headline or some dodgy 
> joke later in their copy.

Still with me? What Nick and Harlan (and others) have near beat into the
ground, is that the AV companies don't CARE what it is YOU want. There's
simply no motivation to change. No money in it, and plenty of current
behavior to continue things as they are. Period. You can whine forever
about what ought to change. It isn't going to happen. It simply doesn't
matter what it is you want.

Unfortunately, it doesn't even matter what Nick suggests (and those
companies are a lot more likely to listen to a researcher like Nick,
than to J. Random Luser on Full Disclosure). It's the way it's done.
Those companies have been around a long time (and will continue to be,
as long as there are windows platforms making it easy for virus writers,
XPSP2 notwithstanding). In fact, I'd venture to guess, as long as users
can install new viruses by clicking on "Click Me!" buttons, they'll stay
in business.

--
Things will happen in well-organized efforts without direction,
controls, or plans.
      Friedrich August von Hayek (1899-1992)
    "The Road to Serfdom" (ISBN: 0226320618)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ