Re: [Full-Disclosure] AV Naming Convention
nobody_at_localhost
Date: 08/10/04
- Previous message: Todd Towles: "RE: [Full-Disclosure] AV Naming Convention"
- In reply to: Randal, Phil: "RE: [Full-Disclosure] AV Naming Convention"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] AV Naming Convention"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] AV Naming Convention"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@netsys.com Date: Tue, 10 Aug 2004 09:52:08 -0700
Randal, Phil wrote:
>>I have to agree with Todd, the naming convention is now right
>>useless for the normal population and make keeping up with
>>viruses on a corporate level that much harder. AV companies
>>are always trying to beat the other company and this leads to
>>very little information sharing between the companies on new
>>viruses, etc.
>>
>>Maybe a foundation should be created. This foundation could
>>give a seal of approval to all AV corporations that join in.
>>We are starting to make rules for patch management over at
>>patchmanagment.org. Why couldn't a group work with AV names
>>and the first company that finds and IDs it correctly gets to
>>name it in the foundation. Just a dream, I would guess.
>
>
> This completely misses the point. When a new virus is discovered, it is
> essential that there is a RAPID response to the threat. The idead of
> handing the critter over to a committee to decide it's name is, quite
> frankly, plain bonkers.
I think you missed some of his point, his is not saying a committee
should name it, he is saying whoever gets there first gets to name it.
> I for one would rather all the antivirus
> vendors came up with their own names if it meant that
> detection/disinfection patterns came out hour earlier.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
Actually, I was thinking the exact same thing, I'd like to set up a AV
vendor neutral, FD style virus repository. I'd require a user cert for
anyone who wants to "deposit" a new virus and the first to deposit the
new virus would get to name it. It would be assigned a GUID, so that a
computer friendly identifier was available.
There would be an RSS feed as well as various push feeds.
Lineage could be discussed and mapped.
Other vendors could add their names to that record with information
about what virus def file name the virus first appears in.
If it turns out that more than one group submits the same virus, then
those "dups" would be discarded from the db, thus encouraging AV vendors
and other groups to post new viruses asap so that everyone has a chance
to download them and start researching them.
Fear of the government labeling me a terrorist gives me pause though...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Todd Towles: "RE: [Full-Disclosure] AV Naming Convention"
- In reply to: Randal, Phil: "RE: [Full-Disclosure] AV Naming Convention"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] AV Naming Convention"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] AV Naming Convention"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
