Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Threat Reports Are "Apples and Oranges"

Posted by kdawson on from the calling-a-spade-a-flippin'-shovel dept.

Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."

7 of 191 comments (clear)

  1. Re:Example of competition gone wrong by MichaelSmith · · Score: 2, Interesting

    5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

    A number or a hash?

    --
    http://michaelsmith.id.au
  2. Re:I think we can kiss this meme good night now. by drinkypoo · · Score: 2, Interesting

    Linux is too fragmented. Get 20 million Ubuntu Karmic users (or whatever) and you'll see some malware. Of course, if you see much Linux malware crop up, then you'll see some userspace tools for SElinux... or such is my hope.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. How about latin names by starbugs · · Score: 5, Interesting

    5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

    How about a (latin/greek) Biological-like naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.

    So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"

    Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.

  4. Re: Live CD by Errol+backfiring · · Score: 2, Interesting

    It can't, usually. But it can infect a machine running from a live CD. No problem.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
  5. Re:Example of competition gone wrong by SensiMillia · · Score: 3, Interesting

    Purely theoretical:

    - User boots live-cd
    - Some malware gets executed and stays in RAM (by user interaction or not)
    - Malware reflashes the EEPROM holding the BIOS with some malicious code
    - On next boot BIOS will store some malicious code in memory and does something very clever that makes the OS on the liveCD execute that code

    It would be a very targeted attack, but not entirely impossible

  6. Re:We Win! by hairyfeet · · Score: 2, Interesting

    And how much of that is caused by the bad practices of places like Worst Buy? As a PC repairman I get a lot of Best Buy and Staples machines across my desk, and the default settings these bunches use is just terrible. They ALL have Automatic Updates for Windows turned off, most haven't had so much as a single patch since they came from the factory, the only "protection" they have is a shitty 30 day crapware AV install, and some even have the firewall DISABLED by default! WTF?

    I have to wonder with so many setting up such obviously shitty fucked up default policies if they aren't sabotaging these machines on purpose to make more money on repairs and pushing extended warranties. There is no excuse in this age of zero day attacks to be selling horribly out of date unpatched machines, yet I see them come across my desk all the time. The average user doesn't know their machine has been set to screw them from the word go, to them it is new and should be ready for use, but its not even close. Joe and Sally average don't know about changing settings for Windows updates, or how to see if their firewall is running or not.

    So while i'm sure the comments here at /. will be filled with insults at clueless Windows users, I say a lot of the blame needs to be leveled at places like Worst Buy. To use a /. car analogy, nobody expects to have to take their brand new car straight from the dealership to a mechanic so he can get the brakes to work and the doors to lock, do they? So why should the users need to be IT guys just to get a functional PC at retail?

    --
    ACs don't waste your time replying, your posts are never seen by me.
  7. Re:Example of competition gone wrong by syousef · · Score: 2, Interesting

    I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.

    I wrote: and not just the resident portion

    I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

    I got drive by downloaded 2 days ago. My antivirus didn't pick it up, but fortunately my firewall did (which prevented further virus downloads). I was looking for books on photography (reguarly non-sexual photography) and wasn't running horseanything.exe

    --
    These posts express my own personal views, not those of my employer