Full Disclosure mailing list archives
Re: (no subject)
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 13 Aug 2004 10:20:26 -0400
Harlan Carvey wrote:
Forget the whole naming thing...it's been bandiedabout before, ad nauseum, and things haven't changed. What *I* would like to see is some real analysis ofwhat they find. Too many times, weeks after something's come out, some A/V company still has "modifies/updates some Registry keys" on their web site. Even Symantec lacks consistency with this...specifying Registry keys or file entries that affect Win9x vs NT+ in some writeups, but not in others.
I think the whole AV naming issue is, though problematic, the least of our problems. I think you hit the nail on the head here, Harlan.
How do you enforce a unified naming schema? How would you hold them accountable for following the standard and/or listening to the standard body that does the naming? There's no way to do it that I know of that wouldn't cause all kinds of problems. Not to mention the fact that in most western countries this would almost certainly be a major legal rights issue. I'm no libertarian by any stretch of the imagination, but not allowing corporations to maintain their own naming symbols is counterproductive and problematic on many levels.
What I would like to see is an organization that maintains it's own malware dictionary - including virii, trojan horses, worms, spyware, adware, exploits, etc...
This organization would have a standardized naming procedure, and these standard names would be able to be cross-referenced with the aliases that the anti-virus companies utilize. The sole purpose of this organization would be to provide this information to whomever looks for it. It would not serve to force the AV vendors to do anything. Yes, this is similar to CVE. Yes, it would take a monumentous amount of work to do. :) But, it could also be a very useful resource if created properly.
I can see forums for each malware branch/variant. I can see evolving analysis trees. I can see white-paper repositories on specific malware methods and ways to keep them from doing their damage.
I think that the solution to this is not to try to force the companies to do what they don't want to do -- that's worse than herding cats. The key is to create a meeting-ground of sorts. This is frought with problems as well, but could be really worthwhile. Does anything like this exist at this moment?
-Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- (no subject), (continued)
- (no subject) Dufresne (Aug 09)
- RE: (no subject) Jonathan Grotegut (Aug 09)
- RE: (no subject) Jonathan Grotegut (Aug 09)
- Re: (no subject) Bernardo Quintero (Aug 09)
- Re: (no subject) Frank Knobbe (Aug 09)
- Re: (no subject) Nick FitzGerald (Aug 09)
- Re: (no subject) Maarten (Aug 12)
- Re: (no subject) Nick FitzGerald (Aug 12)
- Re: (no subject) Todd Burroughs (Aug 13)
- Re: (no subject) Harlan Carvey (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- Re: (no subject) Harlan Carvey (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- Re: (no subject) Frank Knobbe (Aug 13)
- Re: (no subject) (try using a friggin subject line...) KF_lists (Aug 13)
- Re: (no subject) Bernardo Quintero (Aug 09)
- Re: (no subject) Nick FitzGerald (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Valdis . Kletnieks (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Nick FitzGerald (Aug 14)
- Re: (no subject) Al Reust (Aug 15)