Re: [Full-Disclosure] (no subject)

• Previous message: Dark Avenger: "Re: [Full-Disclosure] lame bitching about xpsp2"
• In reply to: Nick FitzGerald: "Re: [Full-Disclosure] (no subject)"
• Next in thread: Harlan Carvey: "Re: [Full-Disclosure] (no subject)"
• Reply: Harlan Carvey: "Re: [Full-Disclosure] (no subject)"
• Reply: Nick FitzGerald: "Re: [Full-Disclosure] (no subject)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Fri, 13 Aug 2004 05:17:22 -0400 (EDT)

> I can easily understand how someone unversed in the _market forces_
> pertaining to antivirus software could hold that position, and as a
> theoretical solution to the problem of lack of cross-vendor naming
> coordination it has often been suggested even by though who know it
> would never work in the real world.
>
> Neat and tidy as such a solution seems, it will not, however, work. As
> I explained in other of my posts in this and the related "AV Naming
> Convention" thread, in general by far the largest "cost" of naming
> disagreement is borne by the users in the early hours of large-scale
> outbreaks. Thus, a "solution" that specifically _requires_ all vendors
> to use a different name until a name is agreed (no matter what this
> process it will take some _additional_ time) is, by design, an _anti-
> solution_ as such a "solution", by design, ensures perfect naming
> inconsistency at the time the highest cost of naming inconsistency is
> borne.

Vendors should not "have to" use a different name until the "real"
one is detrermined, they should use whatever they want to.

You know what, I don't work in the "anti-virus" field, but what you are
saying is BS. There is no good reason that I can think of that the AV
companies cannot rename these things after the fact. When an outbreak
happens, they provide a fix and name it whatever they want. After the
fact, they could rename things and their updates reflect the "proper"
name. They can keep a reference to their name in the description, what's
a few more characters in the signature files for every piece of malware
going to matter? another 100k in a download at most? I agree that there
is probably a lot of marketing pressure that may make this difficult,
but there is no technical reason for it.

The AV companies cannot be that lame that they cannot handle a simple
name change. I mean we use databases and other things and using these
"computers" that should make this easy. If thay are that lame, maybe
they shouldn't be in busines.

It's up to people like us that read lists like this to make them fix
this silly problem, or we can ignore it. It doesn't affect me much,
it just seems silly that they cannot name things consistently.

> Secondly, one of the greatest impediments to ongoing (as opposed to
> initial, outbreak-phase) naming inconsistency is that many vendors do
> not have internal processes robust enough to easily handle renaming

This is a lame excuse at best, maybe these companies need to redesign
themselves, this should not be a big problem.

> (And please, before replying to this message, please, please, please,
> please, please read _all_ the rest of thread -- as the only person
> making a significant contribution who has more than half a clue about
> how all this stuff works, what may be technically feasible, and what a
> great deal of customer and industry history suggests may be acceptable,
> answering the same misconceptions over and over is getting tiresome...)

We'll be sure to bow down to you...

Todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Dark Avenger: "Re: [Full-Disclosure] lame bitching about xpsp2"
• In reply to: Nick FitzGerald: "Re: [Full-Disclosure] (no subject)"
• Next in thread: Harlan Carvey: "Re: [Full-Disclosure] (no subject)"
• Reply: Harlan Carvey: "Re: [Full-Disclosure] (no subject)"
• Reply: Nick FitzGerald: "Re: [Full-Disclosure] (no subject)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]