Slashdot Mirror

← Back to Stories (view on slashdot.org)

Common Malware Enumeration Initiative

Posted by CmdrTaco on from the needs-a-better-acronym dept.

LogError writes "The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks."

112 comments

  1. Which Platforms? by Brent+Spiner · · Score: 3, Interesting

    I don't see any specifics. Is this going to be Windows-centric, or are they reporting on ALL malware, regardless of platform?

    --
    Reality test... am I dreaming?
    1. Re:Which Platforms? by sedyn · · Score: 2, Insightful

      Like most outlets, I will bet that this site will focus mainly on windows. It just that this time, the attention is deserved.

      --
      Am I open minded towards open source, or closed minded towards closed source?
    2. Re:Which Platforms? by mysqlrocks · · Score: 3, Insightful

      Is this going to be Windows-centric, or are they reporting on ALL malware, regardless of platform?

      From the article it sounds like it's an issue of malware outbreaks in general without regard to platform. Since it's simply about having a common name for malware, there's no reason why it should be platform specific.

      --
      Bradley Holt
    3. Re:Which Platforms? by bloo9298 · · Score: 1

      Because no-one of any consequence runs Linux, MacOS, or a BSD? ;-)

    4. Re:Which Platforms? by Fred_A · · Score: 1

      I know it's trendy to ask the question, especially on /. but any piece of software or computer related reporting is of course about Windows.

      As in :
      "We have this great program that does XYZ"
      "Sounds nice what does it run on ?"
      "Oh it run on anything"
      "I mean what system ?"
      "Uh ?" *blink*blink* "Oh, yes, sorry, just Windows, but we're looking into porting it for the Mac"
      "How about Unix and Linux"
      "Oh yeah, I've heard of those"

      To the world at large, except for the crowd here, a PC runs Windows and that's it. A select few know that the Mac exists and some of those might know that it can't run Windows programs. But that's it.

      You really have to meet some users sometime.

      Disclaimer : back in the early 90s I maintained the PC operating sustems FAQ on Usenet which already listed something like 40 operating systems for intel machines (although quite a few were Unix clones).

      --

      May contain traces of nut.
      Made from the freshest electrons.
  2. Simple by mysqlrocks · · Score: 3, Insightful

    Seems like kind of a simple concept. "Let's make sure we're all using the same name." But I guess being able to identify a virus by name is a kind of important step in finding a fix for it.

    --
    Bradley Holt
    1. Re:Simple by mr.+mulder · · Score: 4, Insightful

      the sad part is that several well-paid government employees spent 6 months developing this "solution".

    2. Re:Simple by mysqlrocks · · Score: 2, Insightful

      the sad part is that several well-paid government employees spent 6 months developing this "solution".

      Most of the "development" was probably talking to industry execs and getting them all to agree. It's all about politics.

      --
      Bradley Holt
    3. Re:Simple by Anonymous Coward · · Score: 0

      "the sad part is that several well-paid government employees spent 6 months developing this "solution"."

      On the other hand, the private sector hasn't been able to do this simple task in years.

    4. Re:Simple by MMaestro · · Score: 1

      And by "talking", I'm sure you mean "giving the industry tax deductions and kickbacks." It is all about politics.

    5. Re:Simple by akad0nric0 · · Score: 1

      Please mod the parent up.

      This is absolutely true. Not only are there the politics external to US-CERT that have to be considered when developing this, remember this is the federal government, and internal politics and red tape must be fought the entire time as well.

      Having worked with the US-CERT folks directly (no I'm not a gov't employee), I can say that the people I've worked with have been competent, headstrong individuals genuinely interested in their initiatives to improve security. This *is* atypical for the US Government, I will grant you, but it doesn't mean credit isn't due.

      I'm interested to see how they handle variants. This is going to be key, and the stuff I've read so far doesn't mention anything about it. That could be the make-or-break point of the nomenclature.

      --
      akad0nric0

      This sentence no verb.
  3. Default Permit by lapagecp · · Score: 5, Insightful

    This is just another example of getting entrenched in a default permit world which has proven itself time and again not to work. We need to be enumerating the good programs and not the other way around.

    1. Re:Default Permit by GigsVT · · Score: 5, Insightful

      You've taken a good concept and turned it on its ear.

      Default Deny is good. Centralized lists of "good" software is bad. Think about it for a second and you'll realize why.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    2. Re:Default Permit by mysqlrocks · · Score: 2, Insightful

      We need to be enumerating the good programs and not the other way around.

      Enumerating both good and bad programs is probably a good idea. It's usually pretty obvious if something is malware. How do we say for sure that something is a "good" program though? Who decides if it's a "good" program? How long does it take my software to get listed as a "good" program? Do I have to pay a licensing fee? Is it a big expense to get it certified as "good" because I have to pay for all sorts of independent testing? I'm sure the big software players would like this because it would make it more difficult for independent (and possibly innovative) developers to get there stuff out there. It would add a lot of friction to software innovation.

      --
      Bradley Holt
    3. Re:Default Permit by Anonymous Coward · · Score: 0

      Centralized lists are a tribute to the authors of good work, an encouragement to continue to do more good work, and a convenient way for others to avoid bad work. The only "bad" thing that can happen is if "bad" people make the lists (which would inevitably result in the disgrace of those who make the list).

      As long as lists can be freely made and distributed, I don't see a downside here.

    4. Re:Default Permit by ZachPruckowski · · Score: 1

      I think part of the problem with Default Deny that people have is that there needs to be some sort of list, and some people have issues giving the right to review a site to somebody big. Who's to say that that somebody big doesn't discriminate against sites on some other basis? And it'd be a lot harder to make a new site, as you have to get it approved in order to get public access.

      Also, it'd leave a way to see what sites you've visited, if the browser keeps "Accept Always" records, as anything in there not on a major whitelist was something you visited

    5. Re:Default Permit by Fred_A · · Score: 1

      Try to implement a "default deny" policy on a Windows machine and you'll soon get flooded by requests by the monitoring thingie to run "FROOMBLE.DLL" which might or not be part of the system, or of whatever and it means you're going to spend ages tracing the zillion bits and pieces of each and every bit of software with your hex editor and disassembler to check if you can allow them to run.

      While it may work for some very controlled corporate environments where every executable is checked, default deny is unworkable for the random domestic user (the one that is the most at risk).

      --

      May contain traces of nut.
      Made from the freshest electrons.
    6. Re:Default Permit by akad0nric0 · · Score: 1

      Enumerating both good and bad programs is probably a good idea.

      Exactly. Which is why the National Software Repository Library exists.

      From the site:
      The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations.

      The RDS is a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts.

      Using this, and some solid up-front admin work and strong procedures, a default deny on filesystems (especially server filesystems) is absolutely feasible and a good idea for strong security.

      --
      akad0nric0

      This sentence no verb.
    7. Re:Default Permit by akad0nric0 · · Score: 1

      Need to learn to use the preview button - it's the National Software REFERENCE Library. My apologies. Time to go home from work it seems.

      --
      akad0nric0

      This sentence no verb.
  4. Re:The first virus I encountered... by MatrixCubed · · Score: 2, Funny

    My first really debilitating virus I encountered was the "Pakistani" virus in 11th grade computer science. Our teacher possessed a doctorate degree in CS, had worked at NASA in the past, and we were certain he wrote the virus (he was of Pakistani origin) to prevent his students from sharing their diskettes in order to cheat on course assignments, because this was the only time it showed up!

  5. Required reading by ReformedExCon · · Score: 5, Informative

    This is the first time I've been to the US-CERT website, so please forgive my enthusiasm.

    This document on viruses should be required reading for anyone who uses a computer.

    http://www.us-cert.gov/reading_room/virus.html

    Most common malware can be stopped with the same virus-avoidance techniques listed in this brief document.

    As for this initiative, it's not explained very well, that's for sure. It seems like a simple naming convention for viruses as well as a central location for all virus information. I'm not big on the government taking away such a role from private industry, but with the threat of viruses affecting everyone, it makes sense that the government provide a baseline starting point for all antivirus companies to start from. It is not in the best interest of the public to have a single private company hoard virus information.

    --
    Jesus saved me from my past. He can save you as well.
    1. Re:Required reading by nine-times · · Score: 1
      As for this initiative, it's not explained very well, that's for sure. It seems like a simple naming convention for viruses as well as a central location for all virus information. I'm not big on the government taking away such a role from private industry, but with the threat of viruses affecting everyone, it makes sense that the government provide a baseline starting point for all antivirus companies to start from. It is not in the best interest of the public to have a single private company hoard virus information.

      I think it's mostly just a means to have a standardized naming convention instead of each antivirus company inventing their own names for viruses/worms. That way, when you hear an alert, "Watch out for [Virus-X]!" you don't need to spend an hour trying to figure out what your antivirus company is calling "Virus-X" in order to know whether you're protected, because they'll also call it "Virus-X".

    2. Re:Required reading by Secrity · · Score: 1

      Believe it or not, US-CERT is funded as part of Department of Homeland Security.

    3. Re:Required reading by Anonymous Coward · · Score: 0

      In addition to scanning for viruses on a regular basis,

      That's got to be one of the stupidest things I've read in quit a while.
      If evilware is on your computer, you're scr@wed. I could go on, but I have work to do.
      Mike

    4. Re:Required reading by Anonymous Coward · · Score: 0

      "It is not in the best interest of the public to have a single private company hoard virus information."

      Is it in the best interest of the public to have a single agency capable of censoring software in near-realtime? It isn't that different in principle from having a government "obscenity" database, used to censor things deemed unacceptable from schools and public libraries.

      The database maintainers (or people who hack into the database) can change entries to make arbitrary things appear as being dangerous. This can be done against business competitors, unpopular political opinions, "obscene" content, whistle-blowers, etc. With this anti-virus proposal, the greatest risk probably exists for independent software distribution.

      The last thing I want the government to have any say about is deciding which software/information is "good" and which is "bad." I really hope this doesn't catch on and get included with every mass-market pc sold.

  6. Re:I have to say... by Anonymous Coward · · Score: 1, Funny

    If you have a blessed scroll of genocide, you can wipe them all out in one go.

  7. Problems? by op12 · · Score: 4, Insightful

    From TFA: "During a virus outbreak, participants on the CME board request an identifier from an automated system by providing a sample of the virus and as much additional information as possible. An identifier in the format 'CME-N' where N is an integer between 1 and 999 is generated and distributed to the other participants. The participants then disseminate the CME identifier to their contacts in the industry and reference the CME identifier on their web pages, in their product, or when speaking to the press. "

    It's much easier when there's an actual name to refer to like Blaster or Sasser than referring to the distinctions between CME-46 and CME-50. While the automated system seems to make sense to prevent slowdowns by having people discuss naming, this doesn't seem like a great solution. Many people may even think: I've heard of that CME thing before, I'm already protected.

    1. Re:Problems? by dpiven · · Score: 1

      "I've heard of that CME thing before" -- just wait until this hits the healthcare community, where CME has a vastly different meaning. (In this case, "Continuing Medical Education" -- most US health professionals must earn a minimum number of CME credits, indicating completion of ongoing professional study, in order to maintain board certification and/or state licensure.)

      In a previous incarnation, I ran the IT division of a major medical-professional organization; I wonder how much success I would have giving a presentation on malware to the Director of CME and the rest of the senior staff.

    2. Re:Problems? by akad0nric0 · · Score: 1

      While the automated system seems to make sense to prevent slowdowns by having people discuss naming, this doesn't seem like a great solution. Many people may even think: I've heard of that CME thing before, I'm already protected.

      This isn't the primary benefit of such a system. The benefit is that, as an administrator with systems running differen anti-virus software for reasons beyond my control, I can tell what is running around on my network without having to play the name-matching game. Or, while researching a virus, I can look on a number of vendor's sites (since different analyses typically result in different information, this is wise to get as much information as possible) and be certain I'm reading information about the same piece of malware. When speaking internally to other IT groups, I can refer to this name, as opposed to having 2 or 3 different names being tossed out during a conference call.

      --
      akad0nric0

      This sentence no verb.
  8. Wrong approach to the problem by BierGuzzl · · Score: 4, Interesting

    It would be WAY easier to keep a list of names and heuristics for all of the legitimate code out there and have a default deny policy with a whitelist. The only condition that would need to be met is that no legitimate application is denied entry or the concept could become worse than DRM.

    1. Re:Wrong approach to the problem by adavies42 · · Score: 2, Insightful

      Congratulations, you've reinvented Palladium.

      --
      Media that can be recorded and distributed can be recorded and distributed.
      -kfg
    2. Re:Wrong approach to the problem by Evil+W1zard · · Score: 1

      Maybe its just me, but I dont see how it would be way easier to keep a list of good code and deny all else? So basically you create software that says only allow these programs to work. Then someone creates a worm that uses buffer overflow YYY against Windows version whatever to grab root. How did your list of good software stop this attack from occurring. The person is executing an attack and having an application that says your software or code is good wouldn't do any good in my opinion?

      --
      News Reporters Make Tasty Polar Bear Treats!
  9. Really Don't Like the Format by Evil+W1zard · · Score: 4, Insightful

    Firstly let me just say I thought this was going to be an initiative to create a working group to assist in identifying threats quicker, but as I RTFA I find out all this is really is just a control gate for naming malcode.

    Now that being said I 100% agree that we need a methodology in place to ensure that malcode names follow a fixed format. There have been too many times that we have had to research viruses and it is annoying as all hell to see a worm as Variant B on one site and Variant C on another. It adds to the confusion during an outbreak, which in turn usually costs more research and fix time... But saying that I do not like the naming format because it doesn't clearly identify similar variants... On the site it shows an example of two variants of Zotob. One is CME-164 and one is CME-243. For tracking purposes I would much rather see something along the lines of Zotob-A being named CME-164A and Zotob-B being CME-164B. Or better yet as numbers don't stick in your head as well as words IMO stick to names like Zotob but ensure the major AV vendors follow the CMEI variant guidance...

    --
    News Reporters Make Tasty Polar Bear Treats!
    1. Re:Really Don't Like the Format by ZachPruckowski · · Score: 1

      Or better yet as numbers don't stick in your head as well as words IMO stick to names
      What I'd like to see is something like the hurricane naming thing. This could have a list of names, and each virus name would be the next name on the list with the year and a code for variant. For instance, the first virus of 2006 could be Albert-06-A. This allows us to generalize to the Albert-06 group if we want to, and also allows laypeople to discuss simply "this year's first virus, named Albert by the CMEI...". The downside is that we'd have to go through the list multiple times, and there aren't that many names for some letters.

      Just a thought.

    2. Re:Really Don't Like the Format by DavidTC · · Score: 1
      I link this idea for a completely different reason.

      It's the same reason we shouldn't publish the names of serial killers...because they want us to. They want to be famous, they want their name everywhere.

      Well, fuck that. We'll just make up a name and give it to you.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    3. Re:Really Don't Like the Format by matman · · Score: 1

      What you're asking for is a mechanism that describes the evolution and relationships between malware entities. That's a different system that depends on an index/lexicon, such as the CME, to be cost effecive (otherwise you have to map the relationships for each different vendor). This is the first step to making the maintenance of such a mechanism cost effective.

      The problem with these centralized naming systems is that they lag behind the real world somewhat. There has to be incentive for the vendors to create CME entries when they create new signatures or identify new varients.

  10. Will they include this one? by Anonymous Coward · · Score: 3, Funny

    Here.

    May 22, 1990. A day that will live in computer science infamy.

    1. Re:Will they include this one? by superwiz · · Score: 1

      I thought a more recent... and still more widely spread would be Win 98. http://www.compfused.com/directlink/849/

      --
      Any guest worker system is indistinguishable from indentured servitude.
    2. Re:Will they include this one? by danheretic · · Score: 1

      Funny, but I truly thought that Windows was a virus at one point. I used to only use DOS on a PC, and one day I got a new PC that came with Windows 3.1 preinstalled. I fired it up once to look at it, then removed it because I needed the disk space. Later on, I found a hidden file called WINA20.SWP in my C: root. I couldn't figure out what it was, and feared it might be a virus. I posted to usenet and was ridiculed because as it turns out, this was the Windows swap file (which of course I didn't know about to delete, when I had removed the C:\WIN folder.)

  11. Re:I have to say... by evil+agent · · Score: 4, Insightful

    Lets say we don't implement a common naming scheme. Lets say McAfee comes out and identifies a new piece of malware called malware192 and releases a patch for. Ok, you go ahead and patch your system. Later on, you read that Symantec has issued an alert for malware195. Are they referring to the same one you just patched? Should you hurry up and try to get your system up to date? Clearly, having a common name is a step in the right direction.

    --
    End transmission.
  12. To paraphrase a line from... by Anonymous Coward · · Score: 3, Funny

    ..."Broken Arrow":

    I don't know what's scarier, Windows malware or that there's so much of it that they need a naming body to keep track of it all.

  13. Multiple Sources by RAMMS+EIN · · Score: 4, Insightful

    ``Default Deny is good. Centralized lists of "good" software is bad. Think about it for a second and you'll realize why.''

    He never said "centralized". Default deny is secure, but cumbersome to work with. People find ways around things that are cumbersome (like taping passwords on monitors when they are too strong to be remembered). Outsourcing the decission of what software to trust to a third party is a good compromise, as long as you can freely chose the parties you trust.

    What I'm imagining is something like APT repositories. You trust the maintainers to put up good software, and you verify it was really put there by the maintainers by checking the signatures. If, one day, you decide you don't trust some server anymore, you just remove it from your sources.list.

    --
    Please correct me if I got my facts wrong.
    1. Re:Multiple Sources by lysergic.acid · · Score: 1

      Sorry, but that's just as daft. And your point about "centralized" is just picking at symantics. He said "centralized lists" so this could be on a single server or multiple servers manage by different people. Either way, each individually maintained list faces the same problems as a single list created by a single authority, and changing it to a system where you have to aggregate multiple lists from different sites(creating your own centralized list) doesn't do much to solve the problem that you, or the system administrator, has to keep track of all "good" software and then make the assumption that all other software is malware.

      A list of "good" software is useless to most people. Unless you're grandma or grandpa, who's practically computer illiterate and lacks the technological common sense to distinguish between malware and legitimate applications, what use is a list of "good" software? Unlike the case with security vulnerabilities/exploits in software, the "good" far outnumbers the "bad" in the case of legitimate software versus malware.

      A list of "good" would bar users from using most new applications, or applications written by independent developers, programming enthusiasts, or anyone else who might not be included in popular "good" software lists--which would likely be a lot of legitimate programmers. Anyone with a shred of common sense would realize how impractical this alternative is. Every software developer would be forced to submit their application to CERT and hope that it's approved as "good" software. And even if developers don't have to submit their application for approval with every revision, which they would likely have to do in order to ensure that newly added code does not contain malicious operations, CERT would still be faced with an overwhelming amount of code to review.

      This scenario would be even worse with multiple list servers since it'd be impossible for most software developers to keep track of all "good" software lists (who's going to provide a list of "good" "good" software lists?) so it'd only be feasible to submit their application to the most popular lists, and then their application would not be used by any users who happen to not use those particular lists.

      A malware list, on the other hand, would be quite useful, especially coming from an authority like CERT whose duty it is to deal with and investigate/research computer & internet-related threats. Tracking most popular pieces of malware and finding out how to remove them/prevent them from spreading would also provide a lot of useful resources to most computer users, or atleast be more useful than tracking "good" software. I mean, it's kinda like creating a task force to keep track of criminals veruses keeping track of law-abiding citizens. What do you think would be more useful to society/law-enforce, a list of law-abiding citizens, or a list of criminals?

      Also, having a federal agency track malware also means identifying and defining characteristics of popular pieces of malware. This could lead to the possibility of taking legal actions against companies that employ the use of malware to promote their business. Malware is basically, in 99.9% of the cases atleast, a virus that is used for marketing/advertising purposes--usually by businesses seen and legally regarded as legitimate (ie. not drug cartels, black market dealers, etc.) despite using underhanded methods to promote their product/services. For this reason, it has been a problem largely ignored by the (U.S.) government and condoned by the powers that be since we're a capitalist society where the legal system is in favor of big business and corporate CEOs in most cases.

      At least in the case of software viruses, the government actively prosecutes their creators and legal action can be taken against those using/spreading them. But so far, there is no legal action that one can take against companies that spread or indirectly employ malware. Having a federal agency track popular pieces of malware,

    2. Re:Multiple Sources by RAMMS+EIN · · Score: 1

      Wow, that's a long post. Thanks for taking the time to write that. Still, I can't agree with many of your points. Perhaps a little more explanation on my part will help.

      ``your point about "centralized" is just picking at symantics. He said "centralized lists" so this could be on a single server or multiple servers manage by different people.''

      Alright, so maybe I mistook the gist of his post. So then lets reframe the discussion: my claim is that a centralized trust database would be a bad idea, but a number of trust databases that people can chose from is a good compromise between security and usability. The basic assumption here is that running only trusted software makes for good security, but users won't put up with having to manually decide whether to trust some app or not. Not to mention that the overwhelming majority wouldn't be able to make a good judgment.

      ``Either way, each individually maintained list faces the same problems as a single list created by a single authority,''

      I disagree. Separate individually mantained lists do not fall victim to a company's whims (recall that Microsoft is proposing a centralized trust database of sorts, maintained solely by them), and the effects of compromising a central list used by everybody are much graver than the effects of compromising a list that is just one among many.

      ``a system where you have to aggregate multiple lists from different sites(creating your own centralized list) doesn't do much to solve the problem that you, or the system administrator, has to keep track of all "good" software and then make the assumption that all other software is malware.''

      That's exactly the idea. There is essentially a limited amount of sofware you _do_ want to run, and an ever increasing amount of software that you don't want to run. So you whitelist all software you want to use, and everything else is blocked. See also The Six Dumbest Ideas in Computer Security, particularly point #2.

      ``A list of "good" software is useless to most people. Unless you're grandma or grandpa, who's practically computer illiterate and lacks the technological common sense to distinguish between malware and legitimate applications, what use is a list of "good" software?''

      The use of the list is that the maintainers of the list decide for grand{m,p}a. They don't have the technical skills to distinguish good from bad software, but they can identify (through friends' advice, perhaps) trustworthy authorities who do have those skills. Using a list maintained by someone else saves them the trouble of having to decide for themselves, and protects them against their own incompetence.

      ``Unlike the case with security vulnerabilities/exploits in software, the "good" far outnumbers the "bad" in the case of legitimate software versus malware.''

      That may be true, but the software that you want to use tends not to change too much, whereas the malware you'll be bombarded with changes all the time. I think that maintaining a whitelist is less work than maintaining a blacklist, and you get the added bonus of being protected against any malware, even if nobody has put it on a list yet.

      ``A list of "good" would bar users from using most new applications, or applications written by independent developers, programming enthusiasts, or anyone else who might not be included in popular "good" software lists''

      Maybe, maybe not. If you solely rely on a slow-to-adapt list and trust nothing else, you're right. But there is no reason you can't also trust other software. This is one of the advantages of having multiple lists; you can add, say, SourceForge as a trustworthy source, and get the lastest and greatest open source software immediately trusted. Or you can decide for yourself to trust some package. Mix and match until you find a solution that suits you.

      Another point is that you fundamentally _can't_ trust the sort of software you mention. Wouldn't you

      --
      Please correct me if I got my facts wrong.
    3. Re:Multiple Sources by Idealius · · Score: 1

      Wowzors some ppl just wasted a few hours at work. (^^ I know I've been victim to the same trap, before >.>) No matter how much you write it always falls on deaf ears, and even if it doesn't it never really ties up all the points you wanted to make.

      Anyway, I skimmed through much of what you wrote, because to me it's all pretty simple.

      One way the developer has to apply to an instititution in order to publish software, and it's probably going to have a nearly prohibitally high pricetag for a middle class freelance developer to afford. -- In the name of expenses for the reviewers.

      (This also screws with the idea of Open Source in it's current context)

      The other way we have viruses.

      It all really basic stuff. An 'ok' analogy: We either post a guard at the gate to our town, or we don't. If we choose not to have the guard, then we have to deal with whatever comes in unchecked. If we choose to have a guard, then we have to deal with the guard...

      One of the many points where this analogy fails is the fact people aren't hard to deal with until you put them in a commitee, then they're a knotted ball of CATV sent from hell. The guard would be 16 people of varying dispositions with either their own agendas, or they have very little sense of urgency & pride. "Wouldn't there be some good people?", you ask.. Oh, there were originally 18, but the other 14 killed two of them off, and the final two were absorbed into the collective, indistinguishable from the rest.

    4. Re:Multiple Sources by RAMMS+EIN · · Score: 1

      ``One way the developer has to apply to an instititution in order to publish software, and it's probably going to have a nearly prohibitally high pricetag for a middle class freelance developer to afford. -- In the name of expenses for the reviewers.

      (This also screws with the idea of Open Source in it's current context)

      The other way we have viruses.''

      I think you're seeing it too much as absolutes. It's not a matter of _either_ all software completely audited by a single authority _or_ we're stuck with all viruses in the world.

      As I said, what I have in mind is much more like how Linux distributions work. People continue to write their software just like they always have. Other people get this software from a few trusted repositories. This reduces the trust problem from every user having to trust every developer they accept software from to every user trusting every repository maintainer they accept software from, and the repository maintainers either trusting or reviewing the code from every developer they accept software from. It sounds more complicated, but it's actually simpler.

      If you look at how APT repositories work in practice, you see two things. First, and most importantly, instances of malware making it into these repositories are very rare. Secondly, each package is cryptographically signed by the maintainer, meaning you know it when the package has been tampered with, or who to blame if it contains malware as shipped. Considering that there are over 15000 packages available for Ubuntu PPC alone, I don't think there's a problem getting software approved.

      Of course, apt repositories aren't the same thing I'm proposing. Just the fact that I get my software from repositories I trust doesn't make me secure, as my system can still execute code that didn't come from these trusted repositories. However, I think the success of apt repositories illustrates the feasibility and utility of whitelisting software.

      --
      Please correct me if I got my facts wrong.
  14. Biggest malware is missing... by SysKoll · · Score: 1, Funny

    I cannot see an entry for Windows in this malware enumeration. Am I missing something here?

    --

    --
    Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/

  15. There's malware and then there's malware by $RANDOMLUSER · · Score: 1, Funny

    enum malware { IE, PERL, EMACS, OUTLOOK, VB };
    We could call this a starting point.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  16. First policy decision: by matt4077 · · Score: 1

    (1) Windows Malware will be identified by a prefix of "" (without the quotes)

    --
    Fleur de Sel
  17. Understanding Identifiers. by oneiros27 · · Score: 4, Insightful

    Most identifiers are just for reference, but may not be intended for the type of indexing that you're expecting.

    Consider the following situation:

    1. A new worm is sighted
    2. CERT's members agree it's a new worm, and assign it an identifier 'x'
    3. Researchers deconstruct the worm, and determine that 'x' is actually derived from 'p'.

    We now have two options -- change the identifier from 'x' to 'p.1' or leave some sort of note attached to 'x' that it's a derived from 'p'. (well, there's two other options -- don't try to identify them, or don't assign identifiers until all research is done, which defeats the whole purpose of building the system in the first place)

    The list they're making is more like a glossary -- a flat list of items, as opposed to something which might have a concept of heirarchy. (but that's not to say that some other values in the descriptions can't be used to generate a heirarchy).

    If you'd like an even worse example of selecting identifiers -- imagine if you found a worm 'y' that used the same code for vulnerability exploits as 'c', but carried the same payload as 'g' ... is it 'c.1' or 'g.1' or 'c.g.1'?

    Sequential identifiers may seem like a bad choice, but they're so much easier to maintain in the long run, and handle the heirarchy through some other field.

    --
    Build it, and they will come^Hplain.
  18. Thought about it! by lapagecp · · Score: 1

    Yeah I fail to see where you are going with the comment that centralized lists of "good" software are bad. If you had a system that blocked everything that wasn't on a list of good software what would be the problem? Maybe you are worried like some of the posters about getting on the list. All virus scanners have an option to ignore a program. Why couldn't you add your own software to your private list. I am THE IT guy for my company and if I had a place I could go to check what the industry thinks of say Weather bug then I would have something concrete to give my supervisor when someone tries to go over my head cause I said they can't have weather bug. Of course I would need to be able to add my own software and make exceptions, that doesn't ruin the idea.

    1. Re:Thought about it! by GIBson3 · · Score: 1

      I think the only way this "good list" would be a "bad thing" is if it was forced upon you. Having it as a reference isn't a bad thing at all. The one concern I have is being that it is run (like most things) by corporations, there is a possibility for greed (read: money) to cause polution of the list. I also believe that in a world of default deny the usefulness of such a list would be limited. The few users/admins that actively changed their software configurations would be the only people to look at it with any regularity and that could lead to an outdated or dead list.

    2. Re:Thought about it! by Intron · · Score: 1

      I write a useful program and post it on my website. How do I get it on this list? Now imagine that I'm a virus writer. What stops me from putting my program on the same list? Something or somebody has to decide whether a program is "good" or "bad". Who's going to do that and based on what criteria?

      --
      Intron: the portion of DNA which expresses nothing useful.
    3. Re:Thought about it! by lapagecp · · Score: 1

      Take some of your own advice and think about it. Why did you write the program? If its for your own use then it doesn't need to be on the list. If its for someone else then they trust you and use the program even though its not on the list. Once they have been using it with no adverse side effects then they can recommend that it be added to the list. If we could do this think about how much time could be saved not cleaning up infected computers. The only possible down side is if you are trying to market your program and its not on the list. But if the process where as easy as get someone who didn't write it with you to nominate it and we will evaluate it for the list, then that should be manigable. The internet is becomming more dangerous to be connected to at the same pace that its becoming more useful to be connected to. We as an industry/community/society need to rethink our old ways and start using a plan that has a chance to suceed. Like Default deny.

  19. Re:I have to say... by pqdave · · Score: 2, Insightful

    In the first hours of an outbreak, different vendors will call the same malware by different names. Some may identify it as a variant of previous malware, others may give it a new name based on an attribute, and yet others may give it a name based on a different attribute. Having a common format will let you know that Sasser-435 (CME-42), Blogkiller (CME-42)and SlamDunk (CME-42) are all the same thing named by different vendors, fairly important when trying to solve a problem.

  20. Choice of members by Avohir · · Score: 1

    This strikes me as a bunch of pomp and circumstance to no real effect. So big viruses have common names now? Great. What about Trojan-downloader-delf.xxx that's still going to have a different name everywhere? What about nail.exe which will still be called VX2 by some, ABI by others. Pardon me for witholding my applause but if they only allow numbers up to 999, this is hardly comprehensive, and since Blaster and Zotob and SDBot are pretty similarly named already by most major vendors, I'm not sure I see the point. Also, they're missing a significant number of anti-virus companies. What about Eset, Grisoft, and Panda (for starters). When you're missing half the people, you cant really call this a global standard. I've always griped about proprietary naming schemes, but this seems like paying lip service to a convention without any real oomph behind it

    --
    To err is human, to really foul up requires a computer
  21. It's more important than you realize by erroneus · · Score: 1

    The most significant step to solving a problem is first to identify it.

    Why is this important in this case? Think about it. For one, it clearly identifies malware entities leaving their status unambiguous. Ambiguity and status disputes have been an area of concern and contempt for many people including the courts, the systems administrators and the 'marketters' responsible for their deployment. Further, one of the biggest problems in the anti-malware area has been that various products seem to omit protection or detection of specific types and sources of malware. With clear identification, these issues can be brought into a much brighter light and more clear scrutiny.

    I wouldn't underestimate the importance of a clear and active identification scheme.

    1. Re:It's more important than you realize by A_Known_Coward · · Score: 1
      The most significant step to solving a problem is first to identify it.
      The underlying problem is still not identified here. At best, this will always be a reactionary stance for containment and triage purposes. There is no way to identify the problems before they're problems in this scenario. It's like the boss asking for a list of all unknown issues that might arise in a software project.
      --
      Shameless plug for my band's website.
  22. Re:I have to say... by SysSupport · · Score: 0

    I can also see where this initiative can add layers of administrative/bureaucratic overhead, resulting in delays to releasing fixes.

  23. Poor naming... by Senzei · · Score: 3, Interesting
    Like the half dozen or so other responses I have seen I think the naming system is a good idea, but the names generated for it would lead to confusion, especially amongst the less computer savvy.


    I think the solution is to handle things the same way that we handle hurricanes. Keep a big list of names and iterate through that for each new virus.


    In that vein I would like to now suggest that viruses be given the dumbest names possible as a means of discouraging stupid kids from writing them to seek publicity. After all who would want to see themselves listed as the author of ChickenChaser .5 or TinyPocketRocket 1.3"

    --
    Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
    1. Re:Poor naming... by cbiltcliffe · · Score: 1
      In that vein I would like to now suggest that viruses be given the dumbest names possible as a means of discouraging stupid kids from writing them to seek publicity. After all who would want to see themselves listed as the author of ChickenChaser .5 or TinyPocketRocket 1.3"
      Only one problem with that. 90% of malware isn't written by "stupid kids" seeking publicity. It's written by criminal organizations.

      http://news.zdnet.com/2100-1009_22-5486201.html
      http://antivirus.about.com/b/a/056373.htm

      The stupid kids write stuff like Stoned, which really did nothing other than be annoying, and make it known that it was on your computer.

      The really malicious shit around now that opens backdoors, autoupdates and logs keystrokes isn't written by kids, it's written by organized crime. Or at the very least, by a kid who's being paid by a criminal group to write it. Either way, it's for financial profit, rather than infamy.
      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    2. Re:Poor naming... by Oniko · · Score: 1
      Personally, I'd not want to have my name connected to Bonzi Buddy, CoolWebSearch, MyFunWeb, PokaPoka, FunWebProducts, SuperSparklyHappyFunMagicWebTime (ok, so haven't seen that one yet, but I'm expecting it soon), or any of the 10,000 other similarly stupidly named ones we run into.

      But that didn't stop some other sonovabitchwhowilldiediedieslowwwwwwwwly (haven't decided yet between impalement, draw-and-quartering, rabid dingos, or some combination thereof (Why, yes, I work at a tech desk. However did you guess?)) from writing it.

  24. an integer between 1 and 999 by cyclomedia · · Score: 1

    1000 pieces of malware should be enough for anybody!

    --
    If you don't risk failure you don't risk success.
    1. Re:an integer between 1 and 999 by Anonymous Coward · · Score: 0

      I wager 1000 quatloos on that no one uses it for awhile.

    2. Re:an integer between 1 and 999 by starfishsystems · · Score: 1
      Considering that The number of known viruses surpassed 70,000 in January 2002 it does seem a bit strange to deliberately set this sort of limitation in the design.

      It also seems to ignore the existing CVE numbering scheme which surely was designed with similar intent.

      This all reminds me somewhat of the patch numbering schemes developed by different software vendors. The one that I've found best in practice comes from Sun Microsystems. Rather than being a plain integer or some equally cryptic enumerator, it's a pair of integers, one identifying the patch, and the other its version. This provides an explicit distinction between intent and implementation, very useful considering that patches themselves often undergo refinement over time, and may need to be reapplied to the same system.

      We already know that a similar approach is needed for viruses as well, since many viruses are recognized as minor variants of the same code. The existing ad hoc virus naming scheme already takes this effect into account, though without the rigor that would potentially be available in a vendor-neutral format.

      So there's no question that a common virus taxonomy is a great idea, and that CERT would be a natural candidate to be responsible for the virus database, as it has for the CVE list. But the scheme itself seems belated and remarkably toothless. Is this really offered as some kind of sop to the virus detection industry?

      --
      Parity: What to do when the weekend comes.
    3. Re:an integer between 1 and 999 by Heinen · · Score: 1
      From the CME site:

      B1. What is a CME identifier?

      CME identifiers are assigned in the format 'CME-N' where N is an integer between 1 and 999, for example, "CME-123". To accommodate space-deprived anti-virus products, CME identifiers can be abbreviated (e.g., M123 or M-123), but the official format (i.e., CME-123) should be used in places such as Web pages, alerts, encyclopedias, etc. Additional digits will be added when the remaining unused identifier space becomes too small. For the sake of successful text-based comparisons, leading zeros will always be omitted in an identifier, e.g., CME-00123 will always be written as CME-123.

    4. Re:an integer between 1 and 999 by aicrules · · Score: 1

      Successful text-based comparisons? What the hell does dropping leading zeros have to do with that?

    5. Re:an integer between 1 and 999 by Anonymous Coward · · Score: 0

      1 to 999 is 999 numbers. if you wanted 1000 pieces of malware, then you better be able to use that 0 or extend to 1000. Learn to count.

  25. communication between anti viri companies is great by doorbender · · Score: 3, Insightful

    communication between anti viri companies is great, BUT I hope this doesn't turn into a type of "registry" that can be hacked or spoofed and allow networks to be compromised wholesale.

    --
    "He's a real midnight golfer"
  26. Oh, great. by Pig+Hogger · · Score: 1

    Now watch Gator sue them into oblivion!!!

  27. The second dumbest idea? by Daffy+Duck · · Score: 1

    Couldn't help noticing the similarity between this title and item number 2 on Marcus Ranum's list of the Six Dumbest Ideas in Computer Security. :)

  28. Re:The first virus I encountered... by Prototerm · · Score: 4, Insightful

    The first computer virus I encountered was back in the glory days of the Amiga 500. I forget the name of it, but the virus re-wrote your video driver so the screen displayed everything upside down and backwards.

    The second virus I encountered (same machine) was just as interesting: a tiny helicopter flew onto your screen, dropped a grappling hook to grab your pointer, and fly off with it, never to be seen again.

    I tell ya, those were the days, when men were men, gurus meditated, and virus writers were... but I digress.

    Today, those guys probably are making a fortune somewhere writing video DRM for Vista.

    --
    "My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
  29. Make the list like Hurricanes by Anonymous Coward · · Score: 0

    Publish a list at the first of the year, and everyone just follows the list.

    Only problem is that you need a list about 15,000 names long every year :)

  30. good software by rednuhter · · Score: 1

    I used to write assembly code on the Amiga on 68000 10+ years ago.
    When I started writing 8086 (pc assembly code) all my executables were detected by antivirus as infected (i think it was FProt).

    Turns out that my prefered location of storing data in my code looked like it was a virus burrowing its way into legitimate code.

    So considering the number of people that code and the amount of code that is out there in the wild how the hell would you ID good code and bad code ?

    another case in point I downloaded tiny VNC onto a windows machine and AV blocked the install. (that was the auto installer, downloading the ZIP and manually extracting worked fine.

    --
    ERR 411[Max number of witty sigs reached]
  31. Bad Thing? by Phreakiture · · Score: 2, Interesting

    Didn't we already decide, that enumaration, amongst other things was a Dumb Idea?

    --
    www.wavefront-av.com
  32. One man's spyware... by cdn2k1 · · Score: 2, Funny

    Is another man's Comet Cursor.

  33. why isn't this tied into nvd instead? by pointbeing · · Score: 4, Informative

    I'm a federal employee and information assurance is a huge part of my job. I don't understand why CERT needed another resource rather than tying things into NISTs shiny new National Vulnerability Database. Seems to me that one-stop shopping for both software vulnerabilities and malware alerts would be the thing to do.

    --
    we see things not as as they are, but as we are.
    -- anais nin
    1. Re:why isn't this tied into nvd instead? by starfishsystems · · Score: 1
      Actually this database isn't new, and isn't managed by NIST. CERT has been running the CVE database project for years, which makes the obvious limitations of this new virus naming scheme seem all the more strange.

      But these are details. Your comments are in the right spirit. Of course it makes sense for the same institution to resource these two highly related activities. With a commitment to a common, stable nomenclature, the two databases will be able to reference each other.

      --
      Parity: What to do when the weekend comes.
    2. Re:why isn't this tied into nvd instead? by Secrity · · Score: 1

      I think that Pakistan and India have a better chance of cooperating on a nuclear weapons project than the Department of Homeland Security cooperating with the Commerce Department.

  34. Re:Entries in the list? by Anonymous Coward · · Score: 0

    LINUX!

  35. MOD PARENT UP by Anonymous Coward · · Score: 0

    Never seen that site before. It's exactly what they should be using.

  36. in that document by Anonymous Coward · · Score: 0

    one item that sort of bothers me from that page:
      "Trojan horses can be included in software that you download for free or as attachments in email messages."

    I'd prefer that it said, "Trojan horses can be included in any software.".

  37. Deprecatory naming suggestins by Anonymous Coward · · Score: 0

    >dumbest names possible as a means of discouraging stupid kids from writing them to seek publicity.

    I think we need to step down further than dumb and make them insulting and/or demeaning, like:

    KnobGobbler
    BrainPus
    LympNudle
    FemtoTalent

  38. Cataloged, ey? by mister_llah · · Score: 1

    So, now that we have people cataloging it... how about shutting down sites that are full of it, or blocking them from the 'net?

    Yeesh.

    --
    MoM++ - A Classic Expanded - [Master of Magic 1.5]
    http://mompp.sourceforge.net/
  39. Why do we need another naming scheme? by Anonymous Coward · · Score: 0

    The idea is that there are several ways of identifying a security threat. One could be the common "street" name given to it by the community or vendors: "HackerWorm.X". Another description created could be regarding how the threat is exploited. "BackDoorLeftOpen.Y" A third might be what strain and what OS it affects, etc. "WindozeSucks.Z" From what I understand, the idea with CME is to tie all those loose threads together to point at one "entity" so that it reduces confusion as to who's talking about what. Ok, so you're talking about a HackerWorm that uses a BackDoorLeftOpen on a WindowsSucks configuration. Now we know what we're all dealing with, instead of reinventing the wheel 3 times.

  40. I nominate Windows Vista as Malware. by infonography · · Score: 1

    do I hear a second?

    [/sarcasm]

    --
    Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
  41. Gator is now Microsoft by infonography · · Score: 1

    Microsoft bought Gator

    Release the Flying Monkeys!! [Lawyers]

    Fly my prettys Fly!!!

    --
    Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
  42. Centralization by Anonymous Coward · · Score: 1, Insightful

    It's very simple. Centralization takes power from most and gives it to a few.

    If you trust the few, it has the benefit of being more efficient. (Instead of everyone needing to put the effort into making correct decisions, only a small group needs to do so.)

    Unfortunately, people have demonstrated throughout history that small, powerful groups are almost always untrustworthy. They end up using the power for their own benefit.

    1. Re:Centralization by GigsVT · · Score: 1

      Well at least one person got it.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
  43. "Malware?" by Anonymous Coward · · Score: 0

    Leave it to the bureaucrats to use weasel words. What is "malware?" Is adware "malware?" I'd say it is, you may not. Is DeCSS "malware?" No Linux geek would think so, since it's the only way to watch a DVD on Linux, but I'll the government thinks it is.

    Face it, by "malware" they probably mean viruses and/or trojans. Take trojans, rootkits, and all other single-machine attack vectors out of the equation and you're left with only one platform: Windows.

    No other platform has viruses. Worms, rootkits, trojans, yes; but no viruses or other mass-propogating zombie-making malware.

    Windows should be first on their list of malware, followed closely by WiMP, Word, Access, and Excel. If we could rid the world of Microsoft we would rid the world of most "malware."

    Most malware is a windows problem that Microsoft has foisted on itself and on the rest of us.

  44. Re:The first virus I encountered... by Anonymous Coward · · Score: 1, Interesting

    Actually, the Pakastani virus was written by a company that went by the name of Brain and is commonly refered to as the Pakastani/Brain virus. It was actually created to punish copyright infringers who bought pirated software from Brain Computer. That's right, even though they made their money by selling illegal copies of software they also deliberately infected it with a virus to punish people for buying their illegal copies.

  45. Re:Required reading (I'm not impressed) by Anonymous Coward · · Score: 0

    "Unlike worms, viruses often require some sort of user action (e.g., opening an email attachment or visiting a malicious web page) to spread."

    Wrong. If you have to run the program it's a trojan, regardless of its ability to copy itself. As to "visiting a malicious web page" that's just inane. How, pray tell, is someone supposed to know that a web page is "malicious?"

    The fact is that if you don't use flopies and don't get on the internet, you cannot spread or be infected by a virus. Again, this is asanine.

    "Most viruses, Trojan horses, and worms are activated when you open an attachment or click a link contained in an email message."

    Yet there are no instructions as to how to safely open an attachment. They say:

    "Most users get viruses from opening and running unknown email attachments. Never open anything that is attached to an email message unless you know the contents of the file. If you receive an attachment from a familiar email address, but were not expecting anything, you should contact the sender before opening the attachment."

    Yet your friend could be sending you a trojan that he doesn't know is a trojan. If you save a jpg to the desktop and open it from within a photo editing program it cannot infect your computer if it is a bogus, non-jpg file.

    The only "tip" given that has any merit is backing up your data. Antivirus doesn't work unless your virus is in its database. If you get yesterday's virus, Norton will tell you your PC is clean.

    There is no mention of HOW to safely open an attachment, no mention that you should never EVER run as root (or administrator) without a damned god reason; no mention of firewalls, no mention of port blocking, no mention of "Windows file and print sharing"

    There are one or two good tips for a computer newbie, but I'm afraid the misinformation and lack of information will do the public more harm than good.

    Want to not worry about viruses again? Never get on the internet with Windows, PERIOD. If you need software that will only work with windows, make your machine dual boot and remove all internet and newtork functionality from the Windows side.

    A Linux or BSD user can click on anything on the internet without fear provided he or she isn't stupid enough to run as root.

  46. Re:The first virus I encountered... by Esion+Modnar · · Score: 1
    a tiny helicopter flew onto your screen, dropped a grappling hook to grab your pointer, and fly off with it, never to be seen again.

    Hey, if you're going to write a virus, at least be clever and entertaining. Your data may be gone, but now you have a funny anecdote!

    --

    They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
  47. Virii by OneByteOff · · Score: 1

    Sweet, a few million in research and a co-op of vendor neutral organizations and we'll have the Virii vs. Viruses debate figured out in no time !!!

  48. Microsoft Support? by HermanAB · · Score: 1

    Well damn, why are tax payers funding this - should it not be a function of Microsoft Support???

    --
    Oh well, what the hell...
    1. Re:Microsoft Support? by chawly · · Score: 1

      There very definitely is someone over there hiding in the dark.

      --
      How many beans make five, anyhow ? ... Charles Walmsley
    2. Re:Microsoft Support? by HermanAB · · Score: 1

      That highly intelligent quote is of course from The Pink Panther.

      --
      Oh well, what the hell...
  49. A plot to reduce the number of known viruses by HermanAB · · Score: 1

    So now the number of known MS Windows viruses will go down 90% from 10,000,000,000 to only 1,000,000,000, while the number of Linux viruses will go down from 5 to well, about 5...

    --
    Oh well, what the hell...
  50. Slashdot Enumeration Initiative by Anonymous Coward · · Score: 0

    I wish there was a Common Slashdot Dupe Enumeration Initiative.

  51. Re:Required reading (I'm not impressed) by Anonymous Coward · · Score: 0

    "If you receive an attachment from a familiar email address, but were not expecting anything, you should contact the sender before opening the attachment."

    This gave me a good idea for my next virus. It will send two emails to preconfirm that the attachment is OK.

    Mail #1: Joe, I'm sending you a copy of the presentation...

    Mail #2: InnocentLooking.doc.exe

    So far, I have only gotten this to work with people named Joe.

  52. Re:The first virus I encountered... by Pfhorrest · · Score: 1

    tell ya, those were the days, when men were men, gurus meditated, and virus writers were... but I digress.

    When men were men, women were too, and little girls were FBI agents?

    Oh wait no, that was the golden age of the Internet. Sorry...

    --
    -Forrest Cameranesi, Geek of all Trades
    "I am Sam. Sam I am. I do not like trolls, flames, or spam."
  53. Mutating viruses by HermanAB · · Score: 1

    Hmm, how long till the first virus that is designed to mutate in order to make the naming system get a numeric overflow?

    --
    Oh well, what the hell...
  54. Re:communication between anti viri companies is gr by Xarius · · Score: 1

    It is viruses, not virii.

    </pedant>

    --
    C17H21NO4
  55. Rock you like a hurricane. by jZnat · · Score: 1

    Oh! Oh! Follow the hurricane naming convention for viruses!
    +5 Awesome Idea right there, seriously...

    --
    'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
  56. Re:I have to say... by Anonymous Coward · · Score: 0

    I doubt this will be the case. The sample needs to be provided to the analysts who decide whether this is a new piece of malcode or a varient of an old one. How fast will the code be provided? Are malcode experts staffed 24x7 to handle this? I bet the first few hours will remain as confusing as they every were. Maybe after a month, we'll have a common identifier for the malcode that took out all of our systems...

  57. NVD by SkiifGeek · · Score: 1

    The NVD isn't all that crash hot, actually.

    While it does a good job in terms of listing vulnerabilities that exist in various software applications, it can lag other public disclosure by up to a week.

    The argument of it providing information that has been vetted doesn't necessarily gel, given that sometimes it leads the disclosure with some fairly vague reports.

    Having said that, it is one of the sources that we use for our Information Security Advisory mailing list, but it isn't really one of the primary sources (due to the delays in disclosure).

    --
    InfoSec that matters, when it counts.
  58. Re:Thought about it ! by Intron · · Score: 1

    OK. 50 different IP addresses just nominated my program, so it must be OK. Is it on the list now? Think about it some more.

    --
    Intron: the portion of DNA which expresses nothing useful.