lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040816105058.GB7630@onosendai.matrix> From: lists at michel-messerschmidt.de (Michel Messerschmidt) Subject: (no subject) On Sun, Aug 15, 2004 at 01:52:33PM +0200, Maarten wrote: > On Sunday 15 August 2004 04:52, Nick FitzGerald wrote: > > Maarten wrote: > yada yada. You may work in the industry (and be blind because of it) and I > may have an incredible high IQ (so much higher than yours that you perceive > I'm stupid instead). > But the thing is, you don't know that. So stop bashing me and showing off. > You can shine by your actions, not by your reputation... So what is your knowledge about malware naming ? You know about the wildlist and its problems, Vgrep, CARO, 'naming.txt' and its use in the last 10 years ? You have ever tried to maintain and work with a malware collection ? You know about previous (and more in-depth) discussions on this topic ? You've read at least http://www.securityfocus.com/infocus/1587 and http://www.virusbtn.com/magazine/archives/200301/caro.xml to get a basic idea of the problem ? So what rational fact makes you believe you know this better than everyone else ? > All change starts small. Maybe discussions such a this will wake people up, > maybe there will even be a voiced demand from the public. That DOES hurt > sales, thus shareholders, which is what you need to have done, right ? > The only thing I'm sure about is, YOU will not be instrumental in this. Do you really think, there were any new ideas here ? For an example, here at the antiVirusTestCenter we have discussed the naming problems for years. But even the partial solutions that have been realized (LOKMM, VMacro-Server) haven't caused significant changes. And this was in cooperation with many AV researchers. How should such an annoying thread like this really help ? Do you also believe you can convince MS to make Windows OpenSource just by posting here ? > Well, just for you, to make it simple. > At Time T you find a virus and name it whatever you like (just as you do now). > >From time T until T+48h you have the "all-important hours" of confusion as > you are so adamant to repeat at every opportunity. So let there be confusion. > At Time T+50 you agree upon a singular standardized name and rename it. > > So, compared to now, what has changed between T and T+48 ?? Nothing. So stop > complaining about me messing up those "all-important hours" of yours. I'm > not messing anything up. I'm renaming when the panic has died down. > Get it now ?!?! And what is the benefit of your proposal? Have you considered that it may be just another source of confusion ? There could be uncoordinated renamings, the same malware alerts with old and new names (but this time from the same vendor). Adminstrators may not be able to compare scan reports from different malware definition updates because the names changed in between. > > The first few hours _under current processes_ produce nearly all of the > > confusion caused by naming inconsistencies. Media outlets latch onto > > This is not a scientific fact, and I do not agree with you. I can't remember _any_ scientific fact in this thread. -- Michel Messerschmidt lists@...hel-messerschmidt.de antiVirusTestCenter, Computer Science, University of Hamburg
Powered by blists - more mailing lists