dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10175

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear

Premium Member

Why AV vendors don't name malcode consistently

Info Security | 08 January 2010
The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results.

For example, in its malware report for last month, Fortinet said that W32/PackBredolab.C!tr topped the charts of malware variants detected in December, accounting for two-thirds of malware activity in December. It was a new entry to the malware table, the company said.

Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the top three slots of its own malware threat report for December. Sunbelt listed Trojan.Win32.Generic!BT in the top malware slot as part of its own report, with almost 20% of the activity for December. A quick scan of the other top 10 malware entries for each company reveals few if any matches.

"Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges," said Tom Kelchner, Sunbelt Research Center manager. "What one company detects and identifies as a specific, named piece of malcode, another may detect generically."

He argued that antivirus companies have tried to use common names for malware that they find, but that the complex nature of antivirus analysis, combined with the speed of the process, has made it almost impossible to work together.

"It's hard for users, not being able to find information on something under one name," noted Joe Stewart, director of malware research at managed security company SecureWorks. Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out. "I don't think that there's any solution in sight, because there are so many factors that play into it. Because of the way that the industry works, you can't work around them too well."

In short: is there a problem with the user confusion over threat tables like these? Most definitely. Can we solve it? Apparently not.
»www.infosecurity-us.com/ ··· -add-up/

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

If it was impractical back in the days when a threat would neatly fall into a virus, worm or trojan horse category with once a week updates.
Then today, with last update being measured in hours to ward off the latest version of today's first combined threat of the day, I don't see it ever happening.

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

1 recommendation

Smokey Bear

Premium Member

Agree, today it's mission impossible.
munky99999
Munky
join:2004-04-10
canada

munky99999 to Smokey Bear

Member

to Smokey Bear
Alright. So here's a virus from the 90s.

»www.virustotal.com/anali ··· 61602973

Backdoor.Win32.SubSeven.22.A!IK

Pretty much covers all the info. Panda doesnt detect it apparently. I guess a decade is too soon for them. Especially for one that's easily downloadable.

Most of them have a name for it. Proper.

The issue however. Most virii are polymorphic and have no filename that's consistent. MSBlaster for example was like this... how did MSBlaster get the name MSBlaster? In the very first part of the virus. They literally did;

#define MSBLAST_EXE "msblast.exe"

That way the first thing you see pretty much when you disassemble it. Is that. There the virus writer got it's name.

If they dont do that...

The security researchers from symantec and everyone takes it upon themselves to name it. They simply dont acknowledge each other and they use their own name they thought up.
quote:
In short: is there a problem with the user confusion over threat tables like these? Most definitely. Can we solve it? Apparently not.
Actually we can. Just force all the virii writers to insert the name of their virus into it. Lacking this. We simply do like the periodic table guys did.

»www.youtube.com/watch?v= ··· iFepG2CY


Obviously 113 ununtrium wont work so well... but perhaps a similar system can be done.

EGeezer
Premium Member
join:2002-08-04
Midwest

3 edits

2 recommendations

EGeezer to Snowy

Premium Member

to Snowy
said by Snowy:

If it was impractical back in the days when a threat would neatly fall into a virus, worm or trojan horse category with once a week updates.
Then today, with last update being measured in hours to ward off the latest version of today's first combined threat of the day, I don't see it ever happening.
I think we should give it a try -

First ID the susceptible OS, i.e. WIN32
Then the activity - i.e. for a back door, Arsebugger
Then the variation based on Julian date.

So, we have WIN32.Arsebugger.2455205.44618

For multiple threats, i.e backdoor.trojan.downloader.keylogger.spreader;
WIN32.Arsebugger.condom.fingersniffer.STD.2455205.44618

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to Smokey Bear

Premium Member

to Smokey Bear
Folks, "virii" is not a word any more than dogii or computerii is.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by KodiacZiller:

Folks, "virii" is not a word any more than dogii or computerii is.
There may not be an English word "virii", but since "virus" is an adopted Latin word (as your posted image verifies), "virii" is a valid plural name for "virus" in Latin. It has been many years since I studied Latin grammar, but I am pretty sure that is the case.

EGeezer
Premium Member
join:2002-08-04
Midwest

1 recommendation

EGeezer

Premium Member

From the useless trivia dept.

Found this explanation -
Latin Plural of Virus

Virus is a second-declension neuter noun that ends in -us. Unfortunately, forms of Latin before Neo-Latin do not indicate what a plural form of such a noun should be. Moreover, the word seems to be a mass noun like the English word air, so a plural form would not usually be used. The writer Ammianus Marcellinus seemed to have used the word as a fourth-declension masculine noun, so its genitive singular and nominative plural would be virus. There is a hypothesis about how the word virus could be interpreted as a accusative singular in the Ammianus passage. (However, it must be understood that using the word as a accusative singular is not an error. Such a usage is not an example of a misunderstanding of the writer.)

Neo-Latin, which uses the word to refer to our modern concept of viruses, uses the plural form vira (on the analogy of officia, nominative plural form of officium). It might be argued that such a method of pluralizing the word assumes that virus should work like neuter nouns that in -um, and not like masculine nouns that end in -us. (It does neither.) The method of pluralization can be based on something else. We know all of the forms of second-declension neuter nouns ending in -um, but we do not know all of the forms of second-declension neuter nouns ending in -us, and we would like to use a plural form, so for want of a better method, why not use forms of second-declension neuter nouns that we do know of and use them to fill in the blanks in the paradigm for virus? According to that idea, vira can be used as a nominative plural form. (Virorum would mean “of the viruses,” and it is different from virorum, meaning “of men.”) Sure, such forms are heteroclitical, and there is no known precedent for such a paradign, but then we are not dealing with a common situation. An usual paradign for virus should not surprise us.

William T. Stearn’s Botanical Latin contains two plural forms for virus: vira (implied long i) and virorum. Unfortunately, Mr. Stearn does not explain how he came up with those forms. Nuntii Latini, a weekly review of world news in Latin, has used vira as a plural for virus: vira computatoria, meaning “computer viruses.” The writers do not explain how they came up with that form, either. The LEXICON RECENTIORIS LATINITATIS, an online dictionary of recent Latin neologisms, uses vira ordinatralia for “computer viruses.” They also do not explain how they came up with that form. It is likely that the LEXICON RECENTIORIS LATINITATIS writers, the Nuntii Latini writers, and Mr. Stearn simply used known second-declension neuter forms to fill in gaps in the paradigm for virus (as I explained in the previous paragraph).

If you chose to use “vira” in English, and someone says it is wrong, you could say that the word virus has the modern meaning of “virus” in Neo-Latin, and the users of Neo-Latin tend to use that plural.

The spellings “virii” and “viri” are pseudo-Latin.
Source: »www.genvid.com/diesgaudi ··· dex.html

From what I can find, the Latin root "virus" meant sap, poison, slime etc and is neuter gender and had no plural in contemporary usage. So from that perspective, the singular and plural would be the same in latin - virus.

However, English, being the incredibly dynamic, ocnfusing and entertaining language it is, allows for multiple plurals, including virii, vira and viruses.

That was a fun little diversion. Thanks for the nudge to research a bit

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird

Premium Member

Well, we certainly wouldn't want our use of terminology to be heteroclitical. (Hmm. I like that word... it sort of rolls off the tongue and has a certain risque sound to it...)

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

1 recommendation

Cudni to EGeezer

MVM

to EGeezer

Re: Why AV vendors don't name malcode consistently

said by EGeezer:

For multiple threats, i.e backdoor.trojan.downloader.keylogger.spreader;
WIN32.Arsebugger.condom.fingersniffer.STD.2455205.44618

If I was in charge you would be responsible for all malware naming with Blackbird See Profile there to help
said by Blackbird:

Well, we certainly wouldn't want our use of terminology to be heteroclitical. (Hmm. I like that word... it sort of rolls off the tongue and has a certain risque sound to it...)
Cudni
munky99999
Munky
join:2004-04-10
canada

munky99999 to KodiacZiller

Member

to KodiacZiller
said by KodiacZiller:

Folks, "virii" is not a word any more than dogii or computerii is.
because nobody says dogus or computerus?

Sorry but in english. There is no authority of the language. Unlike the french who do have an institute who are supposed to be the "authority" of what is a word or not. Most french dont give any authority to them.

Since there's no authority in english. I have absolutely no reason to acknowledge any authority. People who want to make money by selling dictionaries. They try to hoodwink you into presenting themselves as an authority; saying that if the word isnt in their dictionary... the word doesnt exist... how could it? We dont make mistakes?

Sorry but I dont acknowledge that authority. The only authority I acknowledge is my own; and by extension any dictionary who doesnt try to hoodwink you and say that any word is somehow not a word.

»en.wiktionary.org/wiki/virii

Yes it does say something about latin. I dont know latin. Nor do I care. Virii is a word and is a plural noun.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by munky99999:

I have absolutely no reason to acknowledge any authority.
As long as I agree with a rule I'll adhere to it occasionally.
said by munky99999:

»en.wiktionary.org/wiki/virii
Yes it does say something about latin. I dont know latin. Nor do I care. Virii is a word and is a plural noun.
"Virii"?
Too complicated to pronounce in general.
"viruses" is easy to pronounce & being a big fan of easy...
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to munky99999

Premium Member

to munky99999
If you only recognize your own authority when it comes to words then how do you communicate with other people? You can't ... not effectively. A dictionary is simply a compilation of the current agreed upon meaning, spelling and pronunciation of words in use in American English. Meanings, spelling and pronunciation changes over time and words drop out of the language and new ones enter it. A dictionary keeps track of all this. It is not an authority unto itself but is "commissioned" by the users of the language it reports on.

The "authority" is the people of the USA and what is used by the majority of English speakers in this nation. Virii is currently not used by enough speakers to have become the accepted plural for virus probably because it violates rules of the English language and Latin. The current word in use as the plural is viruses. So, if you want to be understood clearly that is the word you use.

Virus is a Latin word with no plural so virii is not correct. If you want to make it "correct" then it is your job to convince a majority of American English speakers to go along with you. If that happens then the dictionaries will reflect the change to "virii" as being the preferred plural of "virus"...so get out there and start working!!
munky99999
Munky
join:2004-04-10
canada

munky99999

Member

quote:
If you only recognize your own authority when it comes to words then how do you communicate with other people?
As far as I know. I'm doing it right now. If you disagree. Perhaps you discount yourself as being considering "people" Which is possible.
quote:
You can't ... not effectively
Except you seem to have read my post effectively.
quote:
A dictionary is simply a compilation of the current agreed upon meaning, spelling and pronunciation of words in use in American English.
If I use the word Aint. you would again say it's NOT A WORD. Who says this? It's the dictionary people who say it's not.

»www.ted.com/talks/lang/e ··· ary.html
quote:
Meanings, spelling and pronunciation changes over time and words drop out of the language and new ones enter it. A dictionary keeps track of all this. It is not an authority unto itself but is "commissioned" by the users of the language it reports on.
If that was true. Nobody would have the issue.

The issue is exactly what happened in this thread. Coming to say something isnt a word.
quote:
Virii is currently not used by enough speakers to have become the accepted plural for virus probably because it violates rules of the English language and Latin.
Not used by enough? Have you done the statistics on how many people use it?

How many is enough? I'm pretty sure I'm using it. Wictionary there has it.

Let me ask you. How many people do you think use Virii.
How many people do you think use erinaceous?
»en.wiktionary.org/wiki/e ··· inaceous

What is that not a word now because there's not enough people using it? Which frankly I'd be surprised there's 5 people in the world who use it legitimately and not to insult it like she did in her vid. Sorry but the # of users is not applicable to the word's status as a word. Both erinaceous and virii are words.

Oh also. I dont follow any rules for the english language neither.
quote:
The current word in use as the plural is viruses.
And virii. As I used it. So has MANY others.
quote:
So, if you want to be understood clearly that is the word you use.
You show me the person who doesnt understand the word virii. I'll show you the person who is ignorant of english. I'm sure I can find many "English as a second language" people who dont understand what virii is. They almost certainly dont know what virus is neither.
quote:
Virus is a Latin word with no plural so virii is not correct.
I do not speak latin. I speak english. I dont care what latin doesnt have. Perhaps latin has some sort of authority like the french have. In english. The plural of virus can be viruses or virii; or maybe something else I cant think of atm.
quote:
If you want to make it "correct" then it is your job to convince a majority of American English speakers to go along with you.
I am not american. I do not attribute myself to "american english" or some similar grouping of english.
quote:
If that happens then the dictionaries will reflect the change to "virii" as being the preferred plural of "virus"...so get out there and start working!!
Guess what. I already linked you to the dictionary which does reflect virii as being a word. Also notice again. You are giving the dictionary people some sort of faux authority of the language.
Expand your moderator at work
munky99999

munky99999 to Smokey Bear

Member

to Smokey Bear

Re: Why AV vendors don't name malcode consistently

quote:
Your entire post is absurd now that you tell me you aren't American but want to argue that Americans should do what you say about a particular word...geez....! I'm out of here on this...you just wasted my time just because you think you are the arbiter of the use of American English yet you are not American
So you are a hypocrite who is the one who was originally saying that virii isnt a word.

Also never have I stated what american english should be or not. I simply stated virii is a word.

Unknown_P
@verizon.net

Unknown_P to Mele20

Anon

to Mele20
said by Mele20:

Virus is a Latin word with no plural so virii is not correct. If you want to make it "correct" then it is your job to convince a majority of American English speakers to go along with you.
I'm in.
So that's one down, 250 million to go.

What about the Latin speakers? Do we have to get the okay from them, too?

DataDoc
My avatar looks like me, if I was 2D.
Premium Member
join:2000-05-14
Hedgesville, WV
·StarLink
·HughesNet

DataDoc to KodiacZiller

Premium Member

to KodiacZiller
said by KodiacZiller:

Folks, "virii" is not a word any more than dogii or computerii is.
I'd rather argue about "comparing apples to oranges."

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

1 recommendation

DownTheShore to Smokey Bear

Premium Member

to Smokey Bear
Boy, this argument is bringing back reminders of the confusion I always have with alumnus-alumna-alumnae-alumni.

I use the word "viruses", I'll accept virii as another plural version, but vira seems pretentious.

seankelly
join:2005-09-05
united kingd

seankelly to munky99999

Member

to munky99999
said by munky99999:

As far as I know. I'm doing it right now. If you disagree. Perhaps you discount yourself as being considering "people" Which is possible.
I see a lot of full stops, or periods, but no proper sentences and a final clause (or "sentence") which doesn't make sense and has "W" in the middle. Tell me, what are you doing right now?

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear

Premium Member

said by seankelly:
said by munky99999:

As far as I know. I'm doing it right now. If you disagree. Perhaps you discount yourself as being considering "people" Which is possible.
I see a lot of full stops, or periods, but no proper sentences and a final clause (or "sentence") which doesn't make sense and has "W" in the middle. Tell me, what are you doing right now?
To me, post made by munky99999 See Profile is understandable so what and where's the problem?

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Smokey Bear:

said by seankelly:
said by munky99999:

As far as I know. I'm doing it right now. If you disagree. Perhaps you discount yourself as being considering "people" Which is possible.
I see a lot of full stops, or periods, but no proper sentences and a final clause (or "sentence") which doesn't make sense and has "W" in the middle. Tell me, what are you doing right now?
To me, post made by munky99999 See Profile is understandable so what and where's the problem?
It's not that munky99999 See Profile was unintelligible, it's that if everyone started to not follow the rules of a language, then eventually you'd end with a language that would be pretty useless for it's intended purpose.
short version: what would a language look like 4-5 generations after the rules were abolished?

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to Smokey Bear

Premium Member

to Smokey Bear
I recalled many years ago that there was a proposed standard to have companies to agree on standard names or something. I guess that plan fell apart.

»www.securityfocus.com/in ··· cus/1587 and »news.cnet.com/Name-that- ··· 293.html that I recalled.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to munky99999

Premium Member

to munky99999
said by munky99999:

Also never have I stated what american english should be or not. I simply stated virii is a word.
So is badunkadunk. This approach opens up a whole new world of Scrabble.

For those who want to brush up on their Latin, here's a Latin news and Latin-speaking radio site;
»www.yleradio1.fi/nuntii/

zteardrop
join:2005-12-20
Brooklyn, NY

zteardrop to Smokey Bear

Member

to Smokey Bear
quote:
Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the top three slots of its own malware threat
The day Kaspersky uses the same name as its competitors for a popular malware is when hell freezes over. Lets face it they have a huge chip on their shoulder and think they are oh so cool and way better than everybody else. Not sure any of you have seen their ads and how they beat down every other competitor by name, especially Symantec, McAfee and Trend. So they would never use a name that any of these companies use, because thats just admitting that they weren't the first to discover the threat.
munky99999
Munky
join:2004-04-10
canada

1 edit

munky99999 to Snowy

Member

to Snowy
said by Snowy:

It's not that munky99999 See Profile was unintelligible, it's that if everyone started to not follow the rules of a language, then eventually you'd end with a language that would be pretty useless for it's intended purpose.
short version: what would a language look like 4-5 generations after the rules were abolished?
This is what you call a slippery slope fallacy. If X happens, Y must happen.

The reality is.. this wouldnt happen. Even with msn speak or 1337 speak. There is still the ability to understand each other. Sure there will be a learning curve as language changes. For example. You certainly had to ask what LOL and ROFL meant the first time you saw it.

As for what the language is going to look like in what? Well frankly I think it will evolve to make it easier to communicate through a keyboard. IT doesnt matter. Language evolves. If you dont like that... Go speak Yee olde English; see how many people will understand you.

Frankly speaking; the people who understand yee olde english are people I dont like; and thusly have no interest in communicating with.
ZeekWatson
join:2002-02-05

ZeekWatson to Smokey Bear

Member

to Smokey Bear
Virii isn't the plural of virus, its a name. You can put any combination of letters together and have a valid name.

Virii, malware, etc are all new names used to describe this kind of software.
munky99999
Munky
join:2004-04-10
canada

munky99999

Member

said by ZeekWatson:

Virii isn't the plural of virus, its a name. You can put any combination of letters together and have a valid name.

Virii, malware, etc are all new names used to describe this kind of software.
Dont try to kowtow to the people who demand we follow yee olde english's rules or hell demand we follow the rules of another language nobody speaks. Dont try to make these compatible. Acknowledge that they are behind the times and are following obsolete rules and insist if they cannot follow the new language's evolution. They can go ahead and find some rock to go hide under while they watch their language die off. While the new one is born.
ctggzg
Premium Member
join:2005-02-11
USA

1 edit

ctggzg to Smokey Bear

Premium Member

to Smokey Bear
Most end-users don't (and shouldn't) know or care which threats are the most prevalent. Common sense is the best defense anyway. I haven't had any kind of virus in at least 15 years, while many people that use software firewalls, NoScript, and other snake oil continue to get infected.
Gonzorito
Premium Member
join:2008-10-08
San Jose, CA

Gonzorito to Smokey Bear

Premium Member

to Smokey Bear
It isn't in their best interest to consolidate and consistently name threats anyway - even if it was feasible.

I'm sure security companies make more money nameing threats uniquely. It makes it harder to identify a false positive and increases FUD.

My 2-cents