Bug Watch: Who names viruses?

Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week's expert is Jack Clark, product manager at Network Associates.

This week fresh concerns were raised over the 'inconsistency' of the world's leading antivirus companies when naming viruses.

On Wednesday, a new Lovebug variant was discovered. Names of the virus ranged from VBS_Columbia, to VBS_Plan.A, to Loveletter.AS, which sent a ripple of confusion through the community. As a result, end-users and network managers became concerned over whether or not their software offered them protection - if you don't know what a virus is called, how do you know if you're protected?

A code of ethics between antivirus vendors means that as soon as we discover a new virus, we share it with the community.

The next question is, what happens if two companies discover a virus at the same time? Both will name it differently, and both will be reluctant to change the name of the virus for something new.

Most AV companies list the aliases by which viruses are known on their websites and in their virus alerts, but does this simply add to the confusion?

There is some need for standardisation across the industry, and the majority of vendors accept this. At the moment, several industry groups are geared towards speeding up the system of identifying and preventing the spread of viruses. Most of us also stick to the CARO (Computer Antivirus Research Organisation) rules in order to name viruses.

The truth for network managers is much simpler. If you've got the right type of antivirus protection, it doesn't matter what a virus is called.

List these three things in priority order. Identifying a virus. Dealing with a virus. Naming a virus.

It's the responsibility of the antivirus community to educate the market and allay the fears and concerns of network managers and end users. The real issue is that if users are employing the right sort of technology, they can essentially 'forget' about virus attacks. The name becomes irrelevant.

The next step for vendors will be to link their antivirus labs directly to the software that sits on a network. As soon as a new virus is discovered, a cure would be issued and sent down the line to update a user's antivirus software automatically.

The user need play no part. No need to request an update, or even manually update the software. No need to visit their AV company's website to check whether they're protected, or search through a list as long as your arm for potential aliases.

By keeping companies aware of the technology available, and taking the worry out of antivirus management, hopefully the AV community can quash much of the hype that surrounds many virus outbreaks. We've already learned how to deal with the threat of viruses. Now we need to deal with the far bigger issue of getting users to entrust their antivirus management to the experts.

Next edition: 13 October