Re: [Full-Disclosure] AV Naming Convention

From: Alerta Redsegura (alerta_at_redsegura.com)
Date: 08/10/04

  • Next message: bipin gautam: "[Full-Disclosure] driver for display goes to a infinite loop by viewing a html!" 
    To: "Thomas Loch" <thomas8142@freenet.de>, "Full-Disclosure" <full-disclosure@lists.netsys.com>
Date: Tue, 10 Aug 2004 13:57:25 -0500

    Standardization is the solution: If precise rules are established to name
    viruses, then it is not even necessary that AV companies meet to decide on
    the name for every new virus.

    The problem here is the way viruses have been getting classified through the
    years, which leads to a "would-be-taxonomy" that reflects more economic and
    marketing interests than a "scientifically-driven" classification effort.

    A clear example is the use of "malware" as an accepted term encompassing
    viruses, worms, adware, spyware, etc.
    Malware stands for "malicious software". Can you categorically affirm that
    all viruses, worms and the like are made with a "malicious intention"? You
    cannot! But "Malware" is a term that sounds great to scare people and
    that's good for marketing purposes.

    So, what alternative could be used to describe what is known today as
    "malware"?
    What all these "entities" share is that they get to their destination
    without the user's consent. So, regardless of the intention at their
    origin, they all are "intruders". Why not call them, for example,
    "intrudeware"?

    Another example is the one of Trojan horses. How come some AV companies
    abbreviate Trojan Horses as "Trojans"?
    It is clear that if we are to follow this Trojan-Greek story, Trojans were
    the victims of the Trojan Horse, therefore "Trojan" would refer to infected
    software or equipment.

    What is clear here is that, contrary to the biological virus taxonomy, which
    follows rigorous scientific methods, computer virus classification (I dare
    not call it "taxonomy"...) as we have it today is far from being
    "scientific", and will continue so, as long as economic interest prevails
    on scientific interest.

    Regards,

    IƱigo Koch
    Red Segura

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: bipin gautam: "[Full-Disclosure] driver for display goes to a infinite loop by viewing a html!"

    Relevant Pages

    • Re: Malware
      ... I downloaded and installed Antivir, the free version, did a system recovery and free online scanning using Trend Micro HouseCall. ... I am trying to find some info regarding what is a malware, how does it damage the computer and what are the symptoms? ... What is the difference between the malware and the viruses? ... I know that Trojan horses are kind of spyware and do not damage the computer, worms are dangerous for networks rather than for a stand-alone PC, etc. ...
      (alt.computer.security)
    • Re: Malware
      ... Malware, viruses, and Trojan horses ... I am trying to find some info regarding what is a malware, ... A trojan horse is supposed to provide access to a third party, it might but doesn't have to be used to transmit personal data to this third party. ... Worms are viruses that replicate among network boundaries. ...
      (alt.computer.security)
    • Re: Apple Virus/Trojan Hits, Apple In Denial
      ... it's not a virus because it requires the user to install it. ... Viruses and trojan horse's are NOT ... forms of malware and have always been. ...
      (comp.sys.mac.advocacy)
    • Re: Malware
      ... types of malware are viruses, worms, logic bombs, Trojan horses, and back ... different warning for malware. ... I guess, malware is a general term that refers to viruses, worms, logic ...
      (alt.computer.security)
    • Re: viruses and spyware
      ... | malware will try to restore it registry entries, ... Sector Infectors to Internet worms to file infectors. ... accross a IRCBot or IRC Trojan that is infected with the Parite virus. ...
      (microsoft.public.security)