Author Makes Symbian Virus Code Available

← Back to Stories (view on slashdot.org)

Author Makes Symbian Virus Code Available

Posted by Hemos on Tuesday January 25, 2005 @12:28AM from the learn-from-mistakes dept.

putko writes "The NY Times (registration required) has a story about a Brazilian software expert whose posted the code for his Bluetooth virus on his website. The article has a general anti-free-exchange-of-information tone to it. Security firms call him bad. Nokia is concerned. Here's his homepage (in Portuguese), so let's not unnecessarily DDoS him: The most irritating bit of all this is that the guy writes the thing, distributes it, gives it a name (eponymous) and then the stupid virus firms go and butcher it -- e.g. "Lasco.A". What's so wrong with "Velasco" already? The guy clearly wants it to be named after himself."

49 comments

Min score:

Reason:

Sort:

Yeah by Anonymous Coward · 2005-01-25 00:35 · Score: 1, Insightful

Because as we all know, nothing takes away encouragement from a virus writer like giving him exactly what he wants. \sic
1. Re:Yeah by Anonymous Coward · 2005-01-25 00:41 · Score: 1, Funny
  
  I didn't know that. Got anything to back it up with?
2. Re:Yeah by Damhna · 2005-01-25 02:47 · Score: 2, Informative
  
  I'll back it up.
  It is the explicit (and logical) intention of AV comapanies not to name rogues in the fashion the author desires.
  
  Symantec's Policy is as folloes
  Virus names consist of a Prefix, a Name, and often a Suffix.
  
  * The Prefix denotes the platform on which the virus replicates or the type of virus. A DOS virus usually does not contain a Prefix.
  * The Name is the family name of the virus.
  * The Suffix may not always exist. Suffixes distinguish among variants of the same family and are usually numbers denoting the size of the virus or letters.
  
  The Code Red virus got its name from an eEye Digital Security researcher's beverage of choice -- the cola variety of Mountain Dew soft drink -- the night they picked through the corruptive code.
  
  Symantec Security Response senior director Vincent Weafer, who referred to Code Red's caffeine-based name, told NewsFactor that there are some things researchers do not use when naming worms:
  
  "We don't use the name of the virus writer because we don't want to give name recognition for something that's done for publicity, and we don't use the date because there are so many trigger dates and it's such an easy thing to change that it wouldn't make any sense," Weafer said.
  
  "After that, it comes down to the researcher and what they find unique about a particular virus," Weafer added.
  
  Quotes above from :
  http://securityresponse.symantec.com/avcenter/vnam einfo.html/
  http://www.newsfactor.com/perl/story/15662.html#st ory-start/
  http://users.tcworks.net/virus/naming.htm/
I'm confused by bwalling · 2005-01-25 00:41 · Score: 4, Insightful

This posting seems rather sympathetic to this guy. Free exchange of information? Your credit cards are information - should I freely exchange those with everyone? So, not all information should be exchanged. Why should we be so nice to his website? He's not being so nice to our cell phones. And who cares what the name of the virus is? It's not like he discovered a new comet or something positive.

There's something to be said for being open and free, but there's also taking it too far.
1. Re:I'm confused by tka · 2005-01-25 00:53 · Score: 3, Insightful
  
  Yep, even though one might think of it as a positive thing to expose security problems in software, I don't. One should first contact the company about this. And then after a while, depending on what the company response was, release it. The security problem might not be due to originally bad design or lack of interest in security.. In which case the company should suffer from it.
  
  But now, we, the customers suffer from it.
2. Re:I'm confused by Anonymous Coward · 2005-01-25 02:55 · Score: 0
  
  Your credit cards are information - should I freely exchange those with everyone?
  Depends on whether information is knowledge or just data. A cc number is data, the cc number encoding scheme is information.
3. Re:I'm confused by Anonymous Coward · 2005-01-25 05:50 · Score: 0
  
  If YOUR credit card was able to affect MY phone, then hell yeah I'd like to have it. Leave those stupid analogies for the RIAA and Bill Gates, okay?
  
  Put your thinking cap on: the PHONE company is the one that left you vulnerable, not the virus writer. The virus writer is just some loser with nothing better to do. The phone maker however, is being extremely irresponsible and should be punished, so it tries harder to correct behavior in the future.
  
  How do you punish the company? Do you pass laws? Send angry letters to the CEO? Buy an equally-insecure competitor's phone? No the best thing is to PUBLISH WORKING EXPLOITS AS SOON AS POSSIBLE, without notifying the company. When an exploit is punished, a fix comes quickly. When many exploits are published, the company is forced to re-think its designs.
  
  I agree, a virus isn't the best way to demonstrate a security hole, and he certainly doesn't deserve choosing the name the "security" firms will use, but given a choice between "open and free" with viruses and whatever you are proposing, I'll take open and free any day.
  
  Everybody has to remember one thing: the vulnerability is there because your phone company put it there. Not the virus writer, hacker, or whoever.
4. Re:I'm confused by Anonymous Coward · 2005-01-25 06:12 · Score: 0
  
  Yep, even though one might think of it as a positive thing to expose security problems in software, I don't.
  
  Sand, meet head. Head, sand.
  
  I personally would like to know about ALL security flaws in products I buy.
  
  One should first contact the company about this.
  
  Why, to give them the impression that it's okay to leave flaws in delivered products? Because a "good sam" will be kind enough to do their work for them?
  
  Hackers don't care about "waiting periods". They will hack your phone today if they can.
  
  But now, we, the customers suffer from it.
  
  Stop buying and using insecure products. If a virus comes out for your phone why do you still use it?
Lets hope by Anonymous Coward · 2005-01-25 00:44 · Score: 0

the Bluetooth virus doesn't bite!
1. Re:Lets hope by Anonymous Coward · 2005-01-25 02:26 · Score: 0
  
  It shows a gaping cavity in the Symbian OS. They're trying to just floss this over.
jealousy by St.+Arbirix · 2005-01-25 00:51 · Score: 2, Insightful

The A/V companies got mad that they didn't think of the virus first.

What good is antivirus software if it can't protect against all viruses? How better to protect against them to have written them yourself?

-1 flamebait

--
Direct away from face when opening.
Why Lasco.A...? by Grab · 2005-01-25 01:01 · Score: 2, Informative

Simple. You need the ".A" to indicate it's the first of its type. Since this dumbass has released the virus code to the world, you can bet there's going to be a ".B", ".C", etc.. In fact I doubt one alphabet will be enough to count them all.

As for using this guy's name, why would we want a virus writer and distributor to become famous?

Grab.
I don't think there should be any debate here by orasio · 2005-01-25 01:16 · Score: 4, Interesting

The guy discovered a fundamental flaw, and is showing the need for a fix, forcing a fix, probably. That is actually a good thing. The guy is a good guy, and gets fixed something that is broken.
If he were a bad guy, he would be playing with your credit card, or even worse, shutting the hell up, and letting someone else discover the vulnerability, and using it.

Maybe you think he should have contacted the responsible firms first, but that's too delicate, he could even end up with legal trouble because of that (think.. extortion) .
This way he will probably get the vulnerability fixed, and bluetooth users are the ones who benefit.
I don't believe it's taking it too far.
1. Re:I don't think there should be any debate here by bwalling · 2005-01-25 01:30 · Score: 1
  
  letting someone else discover the vulnerability, and using it.
  
  Now no one has to figure it out, they just have to do it how he told them to do it. It's certainly a lot easier to exploit when you tell the whole world how to do it.
2. Re:I don't think there should be any debate here by hummassa · 2005-01-25 01:36 · Score: 3, Insightful
  
  But this is the only way to tell the companies: fix this or the whole world will know how to exploit it.
  
  --
  It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
3. Re:I don't think there should be any debate here by alienw · 2005-01-25 01:44 · Score: 1
  
  If jackasses like him weren't exploiting security holes, there wouldn't be a need to find them. It's rather sad that the current state of computing is analogous to having to put bars on bulletproof windows just to avoid having some asshat break in.
4. Re:I don't think there should be any debate here by orasio · 2005-01-25 01:50 · Score: 3, Insightful
  
  Please! try thinking!
  Just because nice guys refrain from discovering vulnerabilities, it doesn't mean the bad guys will!!
  The guy is just trying to force the hole to be closed.
  The situation before this guy was that your phone was vulnerable, and you were ignorant. The situation now is that your phone is vulnerable, and you are aware of it, and probably won't buy another vulnerable bluetooth device until it's fixed.
  I don't understand why you prefer the first scenario. It's actually possible to write vulnerability-free software. It is way too expensive, but maybe it should be required.
  If people keep thinking that holes whuld just be overlooked instead of fixed, there will never be any value on providing secure software.
5. Re:I don't think there should be any debate here by orasio · 2005-01-25 01:52 · Score: 1
  
  He isn't exactly exploiting security holes, he is showing a possible exploit, a danger that was already there, in your analogy, he is shouting that, even though you have bulletproof windows, you left the door open.
6. Re:I don't think there should be any debate here by Anonymous Coward · 2005-01-25 01:53 · Score: 0
  
  If jackasses like him weren't exploiting security holes, there wouldn't be a need to find them.
  
  He's not exploiting the security hole. He is showing how it could be exploited. If he can find it, then other people who would exploit the security hole can find it. He can't stop them from finding and exploiting the hole, but he can force the vendor to make their exploits ineffective. This is what he is doing.
  
  You are categorising him as somebody that exploits the security hole, but in actual fact, he's working *against* the people that would exploit the security hole.
7. Re:I don't think there should be any debate here by bwalling · 2005-01-25 02:49 · Score: 1
  
  The situation before this guy was that your phone was vulnerable, and you were ignorant. The situation now is that your phone is vulnerable, and you are aware of it, and probably won't buy another vulnerable bluetooth device until it's fixed.
  
  Who are you kidding? The situation before was that my phone was vulnerable, and that only one guy knew anything about it. Now, everyone knows all about it, including people who will use it to create viruses. The odds are now higher that I will get a form of this virus.
  
  All of the nerds that read about this will now think to not buy one of those phones, but that's what, 0.0001% of the people who buy cell phones?
8. Re:I don't think there should be any debate here by bwalling · 2005-01-25 03:46 · Score: 1
  
  He isn't exactly exploiting security holes, he is showing a possible exploit, a danger that was already there, in your analogy, he is shouting that, even though you have bulletproof windows, you left the door open.
  
  Yes, but in a city of 20,000 homes, one open door isn't likely to have a burglar find it. However, if some dickhead puts up a neon sign saying "this guy's door is open, someone could easily rob him", the the odds that a burglar find it go way up. And, really, what benefit was there in putting up the neon sign? So the guy would lock his door? The guy's door only got locked after 300 people went it and took all his stuff, which wasn't likely to happen until that neon sign went up. Your argument doesn't work.
  
  Look, software makers should do a better job of listening to people who find exploits. But, the solution to this problem isn't to abuse all the people who use their software. That's what you're doing when you tell every script kiddie in the world exactly how to break in. You're screwing the users to try to push your own way of thinking. You're being a bigger dick than the software maker was in the first place.
9. Re:I don't think there should be any debate here by orasio · 2005-01-25 04:34 · Score: 1
  
  Who are you kidding? The situation before was that my phone was vulnerable, and that only one guy knew anything about it.
  
  Pleaaase!!
  What makes you think that only one guy knew anything about it?
  That's just what _you_ know.
  I believe, given most new technologies, it only takes some knowledge, and much effort, to find exploitable vulnerabilities, if you have something to gain from it. The guy is _one_ of the people who knew the vulnerability.
  After this, your next phone will have one vulnerability less. If it weren't for him, it could stay hidden.
  
  Security through obscurity just doesn't work. You are implying that noone would own your phone just because it was hard to do, and now they will, because it's easy. Nonsense. If there's money to be gained, sooner or later some guy would find the vulnerability, exploit it, and make phone users or companies lose lots of money.
  Now the only loss is bug-fixing.
10. Re:I don't think there should be any debate here by orasio · 2005-01-25 04:42 · Score: 1
  
  Maybe we shouldn't argue about an analogy, it's useless, you know? (anyway, it's not one open door, it's more like "XXX brand locks are damn easy to poke!!, here's how: ...")
  
  The problem here is that he can't just talk to the companies, and say he has an exploit.
  
  If he mailed the companies and said that they should release a fix or else he releases the exploit, that's extortion.
  If he just tells them of the exploit, and expects that they do the right thing, e would be putting his trust on the wrong entity, and giving his back to the people, who could keep using vulnerable software.
  By just releasing the exploit as a vulnerability warning, I believe he is doing the best he can. Both other behaviors are unacceptable to me, at least.
11. Re:I don't think there should be any debate here by alienw · 2005-01-25 05:18 · Score: 1
  
  I almost never lock my door. The crime rate where I live is very low, and many people leave their doors unlocked. When you have to lock your door to avoid burglaries, you have a crime problem.
12. Re:I don't think there should be any debate here by alienw · 2005-01-25 05:27 · Score: 1
  
  Writing an article about the security hole that doesn't give much details would not count as exploiting it. Writing a working virus is certainly an exploit (and should be highly illegal). What you are saying is that breaking into someone's house is OK because someone else could have done it, too. It's not OK, even if you are simply letting the owner know that their lock is not that good.
  
  The security problem is more a legal problem than a technological problem. A typical house lock is extremely easy to pick and is there mainly to keep honest people honest. What we really need is more active enforcement of the computer crime laws we already have. If we put a lot of script kiddies and exploit writers behind bars, we won't need to worry as much about security.
13. Re:I don't think there should be any debate here by FLEB · 2005-01-25 05:44 · Score: 1
  
  I wonder if it would be considered extortion if it were phrased as "Release a fix because I'm releasing the details as such-and-such later date.
  
  --
  Information wants to be free.
  Entertainment wants to be paid.
  You just want to be cheap.
14. Re:I don't think there should be any debate here by Anonymous Coward · 2005-01-25 06:15 · Score: 0
  
  The odds are now higher that I will get a form of this virus.
  
  No because if you had half a brain, you would throw that phone in the trash. Why use it once you know it can get viruses???
15. Re:I don't think there should be any debate here by Anonymous Coward · 2005-01-25 06:41 · Score: 0
  
  What you are saying is that breaking into someone's house is OK because someone else could have done it, too.
  
  You are missing a crucial aspect. This isn't somebody being careless and leaving their front door unlocked. It's somebody being careless and leaving everybody's front door unlocked.
  
  A typical house lock is extremely easy to pick and is there mainly to keep honest people honest.
  
  Honest people don't need to be "kept honest".
  
  What we really need is more active enforcement of the computer crime laws we already have.
  
  No, what we need is for software developers to be held accountable for the services they provide when they are notified of a security hole. That would mean that full disclosure would not be necessary.
16. Re:I don't think there should be any debate here by alienw · 2005-01-25 08:06 · Score: 1
  
  It's somebody being careless and leaving everybody's front door unlocked.
  
  This is why I brought up the house lock example. Nobody tries to make them truly secure. Many of them can be opened with a credit card. Most others can be opened with a bent paperclip.
  
  Besides, you don't need exploits for an unlocked door. An exploit is the software equivalent of lockpicking equipment.
  
  Honest people don't need to be "kept honest".
  
  A lock is usually used to indicate that something is off-limits to the public. One definition of an honest person is one who doesn't try to open locked doors.
  
  No, what we need is for software developers to be held accountable for the services they provide when they are notified of a security hole.
  
  Yeah, just like the lock manufacturers replacing your lock with a more pick-resistant one. See, none of this crap would be necessary if crackers were hunted down and jailed.
17. Re:I don't think there should be any debate here by Anonymous Coward · 2005-01-25 08:29 · Score: 0
  
  Because some people can't afford to simply throw a phone away.
18. Re:I don't think there should be any debate here by technos · 2005-01-25 08:31 · Score: 1
  
  No. That's not extortion. There was no demand of money. Intent matters.
  
  Consider these statements;
  
  A. "May want to your fence, I'm getting a mastiff next month."
  B. "If you don't fix your fence, I'm going to sic a mastiff on your cat."
  C. "$500, or I'm going to kill your cat".
  
  "A" is an informative statement, reminding a neighbor of his responsibility to maintain his fence.
  "B" is a threat of violence. It effectivly promises a dead cat for a failure to do as told.
  "C" is extortion.
  
  Replace "fence" with "product", "cat" sith "customers", and "mastiff" with "large dog that enjoys biting crotches" at will.
  
  --
  .sig: Now legally binding!
He's a virus programmer by Anonymous Coward · 2005-01-25 02:20 · Score: 0

Anything done to him, up to and including naming it the "cock munch" virus is fine by me.
Malware routinely gets renamed by babbage · 2005-01-25 02:40 · Score: 3, Informative

The most irritating bit of all this is that the guy writes the thing, distributes it, gives it a name (eponymous) and then the stupid virus firms go and butcher it -- e.g. "Lasco.A". What's so wrong with "Velasco" already? The guy clearly wants it to be named after himself."

It's not much of a leap to assert that most malware is, on some level, a form of ego tripping, and most malware authors, much like the authors of any other software, would like to see their work spread far and wide.

Hence, antivirus companies always change the name.

Whether or not a virus had a name to begin with, each vendor will select a name of their own for it to deprive the author of that fame. Why encourage them, you know?

But there's the other bit of ego -- each vendor will select a name of their own. For a prominent attack, one of these names will make it into he wider media, and being the vendor that named it is itself an ego boost for that company.

So, all of this naming nonsense is just a stupid dickwaving ego contest. We'd almost be better off if we did like the National Weather Service and named each year's outbreaks in advance, before any of them are spotted in the wild, just to neutralize the stupid games that go on over what this junk gets called. Not that that'll ever happen, of course...

--
DO NOT LEAVE IT IS NOT REAL
Maybe just to show a weakness in Bluetooth? by SaidinUnleashed · 2005-01-25 03:21 · Score: 0

Maybe this guy just made the virus to show a vulnerability in the Bluetooth spec, then released the code so that developers could fix the hole, and have something that shows them exactly where the hole is.

Just my random thought.

--
Shiny. Let's be bad guys.
What is the right thing to do then? by IndiJ · 2005-01-25 03:50 · Score: 2, Interesting

It seems the debate is split mostly along the line of whether or not the dude in question should have released the code. Correct me if I'm wrong, but both sides seem to agree that knowing about a vulnerability and keeping silent is bad. The dividing point is what and how much information do you release about what you know about this vulnerability?

On the one hand, releasing the full exploit code is probably pretty damned irresponsible. Now any idiot that can tweak a line of code or two can roll their own Symbian virus. It's the functional equivalent of posting a how-to guide on making bombs from nondescript household products. Could/should the brazilian dude be liable to damages lawsuits?

On the other, the valid argument that the warning would have probably gone largely ignored by the media, and possibly Symbian OS and AV developers, without making it so crucial. The dude's big show sure brings focus on the problem, which is good.

These two positions can be trivially resolved. The "right" thing to do if you really want the problem exposed would be to write a benign virus that exploits the vulnerability in a clearly visible but harmless way (and does not propogate without control). Show that virus (openly - let the person receiving it decide whether to test it) to any media, developers or security experts you want. Include instructions on how to remove it.

Admittedly, you may not get quite the same impact, but if you play your media cards right you might get one hell of a splash. The pressure will be on Symbian developers to fix things, but the chances are small that any real malicious virii will crop up in the interim. Seems to me that that solves all the problems.

It does bring up a number of questions though - some of them new, some not. Is the Brazilian dude liable for damages that virii based on his code cause? Is keeping the exploit code from the public really in the public's best interests (maybe the open source community can make a better patch faster, or maybe giving the code to an AV company is an invitation for them to make a virus so that they can charge for the cure)? If he had given the code to developers of the OS or antivirus software, but they had kept it quiet, would they be liable if an actual outbreak occurs? If I discovered a vulnerability, and came up with a fix, could I insist on having it released for free by the OS developer (or as a free tool by an AV company)? If someone develops a virus based on this exploit code, could the Brazilian dude sue for copyright infringement? etc. etc.

One thing that is not in question is whether or not it's ok to go poking for holes in software. To say otherwise is asinine, from any perspective. Give me an asshat publicizing exploits over a criminal using them any day.

--
It's hard to soar like an eagle when you're surrounded by turkeys.
1. Re:What is the right thing to do then? by Anonymous Coward · 2005-01-25 06:05 · Score: 0
  
  Viruses
2. Re:What is the right thing to do then? by X0563511 · 2005-01-25 08:28 · Score: 1
  
  Stop fighting it, languages evolve.
  Virii is jargon, just like boxen. It doesn't have to fit grammar perfectly.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I wonder... by IndiJ · 2005-01-25 04:21 · Score: 3, Insightful

You know, my gut reaction on reading the article as posted was, "What a goddamn piece of bullshit flamebait - who cares whether or not the guy doesn't get to name the virus he created?"

But then I thought about it. Regardless of what it is, it is something that this Brazilian dude wrote. It's his intellectual property. He should have the right to name it. For the antivirus companies to tag it with their own name is equivalent to WalMart getting a box of "Home on the range" DVD's, ripping the covers off and selling them as "WalMart presents: The Disney cow movie!".

And before anyone offers any arguments about "not wanting to encourage virus-writers", let me say: bullshit. It doesn't matter whether it's a program, a novel, a song or a painting ... or a virus - intellectual property is intellectual property. Even people in jail own the copyrights on their goddam prison tatoos. Even Osama bin Laden has his copyrights. The laws are quite clear on this.

So... yeah. Velasco it is.

--
It's hard to soar like an eagle when you're surrounded by turkeys.
1. Re:I wonder... by jd · 2005-01-25 05:00 · Score: 1
  
  As much as I hate IP and as much as I detest software that can wreck havoc on my phone, I have to agree with you. Let's say the owner of a publishing company is a devout Satanist, and has every Christian book sent to the stores purposely defaced. The authors would sue the publisher for every cent he had, and then possibly burn him at the stake later.
  
  Why allow AV companies to do something society prohibits in all other lines of work?
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
2. Re:I wonder... by FLEB · 2005-01-25 05:48 · Score: 1
  
  If the defacements were noted as not being from the original author, and no duplicates were made, what would the legal ground be?
  
  Granted, the IP in this actual case would be copied, so you have a point apart from the analogy.
  
  --
  Information wants to be free.
  Entertainment wants to be paid.
  You just want to be cheap.
3. Re:I wonder... by IndiJ · 2005-01-25 07:21 · Score: 1
  
  If the defacements were noted as not being from the original author, and no duplicates were made, what would the legal ground be?
  
  Copyrighted work is protected from defacement. An analogy to the analogy would if I took a TV show and overdubbed the dialog with my own. In fact, the author could insist that the store not display his books at all, and be in the right.
  
  --
  It's hard to soar like an eagle when you're surrounded by turkeys.
4. Re:I wonder... by Paul+Crowley · 2005-01-27 06:03 · Score: 1
  
  I totally agree. It's just the sort of rotten stunt that Micro$hit would pull.
  
  --
  Xenu loves you!
5. Re:I wonder... by FLEB · 2005-01-28 08:07 · Score: 1
  
  Why can't I take a TV show and overdub it, as long as I don't make copies? As for the second statement, if the author didn't want their work displayed, they should have never sold the works (or sold them under a restrictive contract agreement). You can't have your cake and eat it too.
  
  If I'm wrong, could you cite the relevant case law or legal code? I'm interested.
  
  --
  Information wants to be free.
  Entertainment wants to be paid.
  You just want to be cheap.
A few examples (and commentary) by menscher · 2005-01-25 10:13 · Score: 1

The infamous "Bagle" virus actually has the string "beagle" in it.
The infamous "netsky" viruses were released by a group calling itself "Sky Net".
It's a real nightmare for sysadmins trying to figure out if their software blocks a certain threat, when each A/V vendor picks their own name. Many of those names are selected independently, and it's understandable that they don't want to change their names after they've released their updates. So, the obvious solution is to have the virus-writers come up with unique names which are easily identified, and for all the A/V vendors to use them. Yes, it means you encourage their ego. But really, who cares? It'd simplify everything else. I think it's worth it.
1. Re:A few examples (and commentary) by Damhna · 2005-01-25 11:35 · Score: 1
  
  It has long been the practice that the first AV company to get the submission chooses the name and the others are supposed to fall in line. Things sometimes break a little faster than hoped though.
  
  I remember Bagle/Beagle well , I believe Sophos called it one name and Symantec the other. I do empathise , it is incredibly frustrating to get high level alerts from different vendors about apparently different rogues , all within the space of a few hours.
  
  I recall one company even decided to try to coem onboad with all the others and changed it's name , further confusing their own customers (if the same vendor has two different names , surely they are two different virii went the logic)
  
  However that particular mixup was fairly rare and all of the vendors do include a section for alias on the write ups for each of the rogues to try to keep confusion to a minimum.There are also moves afoot to standardise the way the names are chosen ,admitedly there is some resistance to that right now.
  
  The majority of truly fast-responding customers will be on more advanced alerting system which has features which negate the impact of this type of confusion. The remainder can sometimes wait as much as a day or two to respond to low category threats and that's usually plenty of time to have any confusion iorned out.
  
  Remember also that there is a high degree of cooperation between the vendors , they do share submissions. There are programs in place to facilitate this cooperation. It does need some work but it is there.
  
  I certainly take your point, i've been woken up more times by alerts telling me "Virus X Renamed" but how long before someone calls a virus SOPHOS-SUCKS or GOATFELCHER! ? Are you going to be seeing that on a writeup on Datafellows or sent to a million pagers worldwide by Envoy ?
  
  Depersonalising the experience really does have an effect on the kudos garnered by authors. Sometimes their hard work may never even make it as far as a human researcher , that part of the system can be automted , an automatic submission is picked up by heuristics and sent in by a customers quarantine server , systems at the vendor can see the changes made, record information such as hashes etc, pick the next logical increment in name , append the information to the current definition set, and have the def set sent to an automated QA. Defs can be on customers systems in hours (and sometimes a lot faster depending on just how beta they can accept them). There are many rogues out there that not only never casued any porblems but were never even looked at.
  
  There is no kudos in that. But if your mom's name (or whatever)appears in the defintions sent by a big AV vendor you could maybe put some kind of 'leet' spin on it.
The Fix that Nobody Reported by Anonymous Coward · 2005-01-26 00:57 · Score: 0

Funny how everybody is talking about the virus, or how bad the guy is and etc, but no one is reporting that he released both virus and the fix for it...
I agree? by hummassa · 2005-01-26 22:43 · Score: 1

Except for this:

It's actually possible to write vulnerability-free software. It is way too expensive, but maybe it should be required.

You can prove that a non-trivial program has an error, but you can't prove that it has not (Dijkstra?)

--
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
1. Re:I agree? by orasio · 2005-01-27 01:01 · Score: 1
  
  Using an imperative language, that's true.
  
  In functional languages, like Haskell, it would be easier to prove the program does what you want.
  
  I think Hugs can help you derive error-free programs (I never attended the error free programming workshop, but that's what they claim).
  
  You can always argue that the compiler is written in C or ASM, but you can get pretty close to error-free, at least with a much higher confidence.