Virus Names a Lost Cause?
SecurityFocus’ Robert Lemos published a number of months back an article in which he suggests that naming viruses is currently a lost cause. In the article, he mentioned how numerous security companies had warned their customers about a computer virus that had been programmed to delete files on the third of each month, but almost every company who published a report on the virus had used an entirely different name causing a lot of confusion in the process.
Unfortunately, this happens all the time. This is definitely causing much confusion, especially for the less technical computer users, which make up the majority of Internet users. Many of them do not know which threats are related to which, or if they are looking at a previous threat under a new name. Most would not even know that there are multiple organizations each publishing a separate report on the same virus, but all using different names.
Why do these problems even exist? It is simple, really. What it all comes down to is that the majority of security organizations have the wrong priorities. Each company is worrying about being the first to speak with the press, or being the first to release a report, and they are all losing sight of what they are really trying to accomplish. In some ways, they are even making things worse. Why rename a threat? Better yet, why are there multiple reports on the same threat?
If asked, many of the employees who work for these organizations will routinely say that coming up with a name or coordinating a name is not a priority. This is part of the problem. All of these organizations are in the same industry and they all share a common ambition. And if not, then they really should.
This problem is not unique to the computer security industry but others have solved it where we have not. Take hurricanes, for example. Each hurricane, typhoon and tropical storm is assigned a unique name. You do not see reporters who are all reporting on the same storm each coming up with their own name, do you? Why must we?
Arbor’s trying to buck the trend and solve this problem by serving on the Editorial Board for the Mitre Corp.’s Common Malware Enumeration (CME) initiative, which, like Mitre’s widely-adopted Common Vulnerabilities & Exposures (CVE) project, aims to deliver unified naming conventions for burgeoning malware. With the backing of a vendor-neutral organization like Mitre, I have no doubt that this initiative will do a great job in solving a problem that’s getting worse on a daily basis.