Avast WEBforum
Other => Viruses and worms => Topic started by: kamulko on April 16, 2005, 07:21:41 PM
-
When ALL SOFTWARE HOUSES will find an agreement for write a unique standard for malware definitions names? >:(
-
And any suggestions how to (technically) realize that? Especially in case of a new rapid outbreak, when the definitions need to be released asap...? ;) :)
-
maybe a worldwide unified database? ... I don't know... ;D
-
Perhaps something like the Virus Bulletin VGrep which can scan for a name including aliases so a virus would first be named and then given a secondary name, alias by a third party. On detection the alias could also be given.
Unfortunately, we live in the real world and this level of co-operation is very unusual.
-
I think is possible if ALL want it! Example: when we buy something with PayPal or other Cards, there's a REAL TIME checking on the worldwide databases of bank depots.
-
Where's the connection ?
transmitting a few numbers might be a bit less complex/creative/costly then finding a common new name for possibly varying Virus Code
-
Most of virus "bodies" are very well known: with a world connected database (software houses) is really possible to insert in real time a "ascending" string of symbols/number/letters starting from a tree-frameworked DB. my example was only a simplified image (my bad english make impossible for me explain well what I want to say). The euristic analysis engines use this statistic criteria. For me is not important if a virus is named "Genghis Khan" or "1x.3.77777.bNmKYZ" :) . The most important thing is to IDENTIFY. The name, maybe created by the universal code of virus-body + a progressive string of number+the time of first localization. Hope I'm comprehensible.
-
Hope I'm comprehensible.
Somewhat ;D ;D
But still, this would be rather complex and definitely COSTLY to set it up, both for the future and for past naming ...
I'd rather not have avast waste ressources on that, but keep work on finding new stuff & adding new signatures asap
But to each his own...
;)
-
Not to mention there would have to some exchange of information (virus code, etc.) to ensure that the newly created virus name (by AV company X) had not already been detected and given an original virus name (BY AV company Y) and been allocated a unified/common virus database name.
I don't believe that it is any near as simple as you may think. When you add complexity, you add cost.
-
Not only Alwil will pay for this Central DataBase: all companies. The main Database could be able in real time to compare the virus-bodies if 2 or more pc-servers send to it their suspected files. The definition-name could be completely automatic.
-
@Money for our software:
I don't pay for AV-Software, cause the Home/free versions are more than sufficient for me ;D
(not that I really need them anyway: I think I had the last real On-Access warning in 2001) ;D ;D
And I'd like them to stay free 8) ;)
-
nothing is free, remember... ;)
-
There are already some initiatives going ... some were stuck ...
also antiviral companies cooperating on exchange and naming level too ...
and i dont thinkg it really matter much ... what matter first is detection ...
-
Perhaps there should be a large list of possible names, and when a new virus is detected, it is given the first name on that list. When another new virus is detected, it is given the next name on the list and so on. The list could be maintained by a central organisation and all antivirus vendors could submit names to be added to the list.
-
You say in 2 words what I want say with my bad english. THANK YOU!
-
Take a look here (in case you haven't) http://forum.avast.com/index.php?topic=9252.105. Interesting reading. Look for my post "Who names computer viruses? Everybody!" & "Name That Worm - How Computer Viruses Get Their Names"
-
Many thanx, Spyros.
Veeery interesting articles. :)
-
Many thanx, Spyros.
Prego, Kamulko :)