Thursday, October 06, 2005

Correction: Common Malware Enumeration (CME) gets mixed reception

Correction:

They are, indeed, listed in numerical order. There are, however, gaps large enough in the listing to drive a truck through. - ferg

Earlier:

Sure -- it would be nice to have a cross-reference enumeration database to make sense of the various naming conventions used by various anti-virus and anti-malware vendors, but when the CME database is not really a database, is not updated in real-time, and is not searchable, I see very little utility is this effort.

For example, F-Secure mentioned that one of the newest Sober variants this morning had been assigned CME-151. However, if you go to the CME webpage, there is no listing for it, or any number of others. They're not even listed in numerical order!

End of rant. - ferg

John Leyden writes in The Register:

A group dedicated to curing virus-naming confusion enjoyed its official launch on Wednesday. The Common Malware Enumeration (CME) aims to mitigate confusion in responding to viral outbreaks by providing a common name for high profile threats that can then be used in vendor products or their websites.

Users have been asking for consistency in naming from vendors for years and CME (which has been in gestation for two years) can only hope to mitigate - rather than cure - this confusion. Identifiers will be in the format of CME-N, where N is a unique number for each high profile malware strain.

In the rush to write virus definition signatures - and monikers likely to capture public attention - anti-virus firms often come up with a variety of different names for the same piece of malware. CME won't end this practice but it will add an index so that end users can more easily correlate data on the same big-hitting worm or virus.

0 Comments:

Post a Comment

<< Home