January 22, 2004

Virus naming conventions deemed harmful

There must be something terribly wrong with 2004, perhaps it is the fact that it is a leap year .

Today a subject on the ISN mailing list caught my attention: "Bagle e-mail virus slows, fuels naming debate". The first half of the title is pretty self-explanatory but the second half had me wonder what the "naming debate" could possibly be. So I read on, and what a terrible idea that was.

The news comes from Reuters, a news agency renowned for its understanding of computing.

Quoting from the article gives an immediate feel for the depth of the issue being faced by anti-virus firms:

"Personally, I would have called it Beagle rather than Bagle, for the
sole purpose of avoiding all these support calls asking, 'Why did you
call it bagle?' " said Graham Cluley, a senior technology consultant
at Sophos PLC, a U.K.-based software firm specializing in virus and
spam detection.

I would have thought that the majority of support calls should have been: "why didn't your advanced heuristic analyser pick it up?". But no, this is not of concern, it is acceptable for the anti-virus software you pay for to be only useful if you are lucky enough to download the correct signature before being hit. The big issue is the name being given to the virus.

It is clearly heresy to suggest that anti-virus firms should organise themselves into the equivalent of CVE and forget about the naming issue to concentrate on trying to prevent unknown virii from entering computers. Everyone and his dog is able to detect a signature for something that has been seen before and block it - the real issue is what research is being done to try and stop unknown attacks from being successful (and no, "uninstalling Windows" is sadly not the correct answer).

Apparently not much or not as much as the work into names.

Posted by arrigo at January 22, 2004 04:06 PM