Posted by Virus Bulletin on Nov 25, 2004
An end to the virus-naming problem?
A new initiative that aims to standardise malware naming may be in operation as early as January 2005.
The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration initiative among anti-virus vendors, according to a letter sent to The SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT will maintain and coordinate a database of malware identifiers.
The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants... hopes to address many of the challenges that the anti-malware community currently faces.' With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats.
The letter acknowledged that the task would not be a straightforward one, saying, 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'
Further details of the scheme were not available, but a pilot is planned for January 2005.
VB doubts whether the anti-virus industry's most contentious issue will be laid to rest without a hefty struggle, but awaits the introduction of the scheme with interest.
Read some views on the thorny issue of virus-naming:
- What's in a name? (Nick FitzGerald, June 1998)
- What's in a name? (Jakub Kaminski, Nov 2001)
- A virus by any other name - virus naming updated (Nick FitzGerald, Jan 2003)
- That which we call Rose.A (Sarah Gordon, March 2003)
- Hunting the UNICORN (Andrew Lee, May 2004)