Re: another VX site?

[Nick FitzGerald <nick () virus-l demon co uk>]

Jeff Kell to Oliver Schneider:

> > Instead of complaining about naming schemes of other vendors, all vendors
> > should just sit down together and find a common naming scheme *ASAP* - with
> > a *shared base* of names! Because this is were the users think that the
> > vendors are "wrong/silly/etc".
> The problem there is the influence of AV business/politics.  ...

That's crap.

AV researchers (sorry Pierre!  8-) ) extensively share samples across 
"company boundaries".  Sometimes, though very rarely now as we have 
mainly educated them out of the practice (or eradicated them from the 
industry), this sharing also occurs against "official company policy/ 
management directive".

You're thinking of the fictional AV industry that exists in the minds 
of the PR flakes and marketing-BS'ers.  Those folk (and the fools who 
swallow the crap they spout) have _NO IDEA_ how the AV industry works 
at the sharp end of the  business...

> ...  There would 
> be no way to have a "common naming authority" without simultaneously 
> making all discoveries and claims common knowledge.  ...

Actually, that's also BS as I've devised a scheme that would allow 
suitably competent researchers to centrally "index" and to a fair 
degree cross-reference and assure "correct" family placement, etc, etc 
of new malware which would only divulge that other new variants had 
been discovered but not (necessarily) by whom or even when.  The 
problem is that the cost of running such a thing securely and reliably 
would (probably) require corporate (rather than individual researcher-
level) funding (though not a huge amount) and at that point I can 
imagine that the corporate pressures to make more of the information 
available about others' discoveries that such a system would 
necessarily hold might make it untenable to run on as "closed" a basis 
as some researchers and vendors would require for their participation, 
thereby reducing its value...

BUT, I think it still can fly and as I might be the natural choice for 
the thick-skinned, hard-arsed arrogant bastard who would have to 
"referee" the occasional problem, I'm keeping it to myself for now.

> ...  The "my AV is 
> better than your AV" war would be somewhat emasculated when this becomes 
> knowledge, and there is no race to the "my AV detected this first" prize.

That "war" only exists in the minds of the PR and marketing fools...

> Well, there is something to be said for competition in the 
> implementation and deployment of such detections, but I don't see the 
> for-profit AV vendors suddenly co-operating on a global scale.

You really are well out of touch with how the AV industry works...

There already is a significant degree of cross-vendor, inter-researcher 
cooperation and sample sharing.  Dr Solly was one of several early AV 
"luminaries" responsible for doing much of the groundwork that led to 
the current situation and others continue pushing its value and 
educating new generations of AV product managers and the like as they 
are drafted into our sector of its value and why the PR BS "war" model 
MUST NOT be the way we work.  Of course, we don't do the sample sharing 
irresponsibly by putting large collections of malware on freely 
accessible and widely publicized web sites and "protecting" them with 
"only for genuine research" label, so I can understand that those 
outside the industry would not be well aware of the degree to which AV 
researechers (sorry Pierre!) cooperate across vendor "lines". 
Fortunately some of us have, over the years, shown many others that 
responsible, trusted sample sharing is more beneficial to your 
(exployers') customers than the old "hoarde and gloat" approach that 
John McAfee and a few of his contemporaries practised.  (When I was at 
Virus Bulletin I found an old product box from an early comparative 
detection test and though I can't remember the exact literal test, the 
McAfee box (? -- Dr Solly will remember this) had a claim (along with a 
graph) to the effect "we detect the most viruses", backed up with the 
"hard facts" (probably from a Patty Hoffman "test") -- McAfee 91, DSAV 
89, F-PROT 87 and Norton AntiVirus 72...)


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.