Full Disclosure mailing list archives
RE: AV Naming Convention Reporting Plan.
From: "Clairmont, Jan M" <jan.m.clairmont () citigroup com>
Date: Tue, 10 Aug 2004 16:46:19 -0400
Geesh that's why you need a centralized database with an independent non-vendor specific database. It would be for reporting and sharing for the benefit of the community or av, firewall and other vendors and the internet community. It implies no force du jour or coercion on anyone, you could opt out or not use the free service, duh! The service could be funded by donations like PBS. Like any standards committee it is staffed by vendors interested parties students, just like freeware or shareware. The goal is to help end endless spam, av and trojans etc. Not to spy or require anyone to do anything. Just like this list is a opt in or opt out, I frankly think full-disclosure should jump on this idea for doing it or someone of that ilk. Is this really that hard to understand? Essentially this is the Function flow. Person Finds Spam, Trojan, Exploit etc Vender finds Spam, Trojan, exploit Vender Finds New virus -- reports virus forensics, description format set by database committee sample reporting tool on Web fill in the blanks and report | | V IVST Database.com | | |creates record time stamp_name & aliases V Updated database sees no equal sends out report Fix information to all interested parties based on User profile or need. | |investigation continues V Database updates duplicates and reports to users Keeps track of spam, virus variants, trojans etc. Back to step 1. And it could start from day one without a history, just start with what's new. A retrofit database would be useful but not necessary. It just needs to react to new threats. What's the big deal, it could be used for independent researchers,students, Dead Heads, Hacker wannabes, and best of all standardize the whole mess. Right now it's every person for themselves. What do we have to lose but spam and maybe get a faster reaction time to incidents, with a rational plan. It's like finding comets, you find 'em you name 'em. Jan Clairmont Firewall Administrator/Consultant -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Valdis.Kletnieks () vt edu Sent: Tuesday, August 10, 2004 2:54 PM To: Frank Knobbe Cc: Glenn_Everhart () bankone com; full-disclosure () netsys com Subject: Re: [Full-disclosure] AV Naming Convention On Tue, 10 Aug 2004 10:44:56 CDT, Frank Knobbe said:
standardized. First representative of an AV shop that raises the hand says "We got a new one! Can't give details of course since you are a competitor. But if you find the same thing in your research, let's
call
it Humptydumpty-2." Whoever finds the virus first has first choice on the name. No sharing of information required, just agreement on a name.
Of course, I *didnt* find the same thing, so I called it Jabberwocky-3. Only later did we find out it was the same thing. Only way to do that sanely is the way tropical storms are done - make up a *long* list beforehand, and as each AV vendor raises their hand, the get the next name in the list. Remember guys - I may need a name for the variant I'm about to push a signature out the door *before* I have any way of finding out that you've got a different variant. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: AV Naming Convention Reporting Plan. Clairmont, Jan M (Aug 10)