RE: [Full-Disclosure] AV Naming Convention

From: Todd Towles (
Date: 08/10/04

  • Next message: nobody_at_localhost: "Re: [Full-Disclosure] AV Naming Convention"
    To: <>, <>, <>
    Date: Tue, 10 Aug 2004 11:28:58 -0500

    Oh, I am not unhappy with AV companies at all. They do their job and most do
    it very well and very fast. But there are programs that aren't detectable by
    any AV programs. I have one sitting on my desktop; I received it in the
    e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because
    it isn't running thru the news and in everyone's e-mail. The largest threats
    should be taken care of first, given. But should the public not be informed
    about things like this. Where is the protection?

    Some people question sig-based scanning and I understand their point. We
    need to help the AV companies think outside the box and create new ways of
    detection and prevention. We are the community help them.

    You may call the idea stupid and useless, I really don't care. We have you
    talking about the possibility however. =)

    Change starts with words, then actions.


    -----Original Message-----
    From: []
    Sent: Tuesday, August 10, 2004 10:35 AM
    Subject: RE: [Full-Disclosure] AV Naming Convention

    So isn't this the reason CVE was created some time ago now?

    Give the AV companies a bit of mercy though: they are called upon to
    analyze virii with ever less lead time, and need to pick names sometimes
    before full behavior is even known (as it seems to me from watching

    Given the time allowed to do this work, it seems a cross reference after
    the fact is probably the best one can hope for.

    -----Original Message-----
    []On Behalf Of Todd Towles
    Sent: Tuesday, August 10, 2004 10:16 AM
    To: 'Todd Burroughs'; 'Frank Knobbe'
    Subject: RE: [Full-Disclosure] AV Naming Convention

    I have to agree with Todd, the naming convention is now right useless for
    the normal population and make keeping up with viruses on a corporate level
    that much harder. AV companies are always trying to beat the other company
    and this leads to very little information sharing between the companies on
    new viruses, etc.

    Maybe a foundation should be created. This foundation could give a seal of
    approval to all AV corporations that join in. We are starting to make rules
    for patch management over at Why couldn't a group work
    with AV names and the first company that finds and IDs it correctly gets to
    name it in the foundation. Just a dream, I would guess.

    Full-Disclosure - We believe in it.

    This transmission may contain information that is privileged, confidential
    and/or exempt from disclosure under applicable law. If you are not the
    intended recipient, you are hereby notified that any disclosure, copying,
    distribution, or use of the information contained herein (including any
    reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
    in error, please immediately contact the sender and destroy the material in
    its entirety, whether in electronic or hard copy format. Thank you

    Full-Disclosure - We believe in it.

  • Next message: nobody_at_localhost: "Re: [Full-Disclosure] AV Naming Convention"