Malware Threat Reports Are "Apples and Oranges" 191
Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."
Re:Example of competition gone wrong (Score:3, Interesting)
5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?
A number or a hash?
Re:I think we can kiss this meme good night now. (Score:3, Interesting)
Linux is too fragmented. Get 20 million Ubuntu Karmic users (or whatever) and you'll see some malware. Of course, if you see much Linux malware crop up, then you'll see some userspace tools for SElinux... or such is my hope.
How about latin names (Score:5, Interesting)
5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?
How about a (latin/greek) Biological-like [wikipedia.org] naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.
So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"
Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.
Re: Live CD (Score:3, Interesting)
Re:Example of competition gone wrong (Score:3, Interesting)
Purely theoretical:
- User boots live-cd
- Some malware gets executed and stays in RAM (by user interaction or not)
- Malware reflashes the EEPROM holding the BIOS with some malicious code
- On next boot BIOS will store some malicious code in memory and does something very clever that makes the OS on the liveCD execute that code
It would be a very targeted attack, but not entirely impossible
Comment removed (Score:3, Interesting)
Re:Example of competition gone wrong (Score:3, Interesting)
I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.
I wrote: and not just the resident portion
I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.
I got drive by downloaded 2 days ago. My antivirus didn't pick it up, but fortunately my firewall did (which prevented further virus downloads). I was looking for books on photography (reguarly non-sexual photography) and wasn't running horseanything.exe