All the latest UK technology news, reviews and analysis
|
|
|
06 Oct 2005
The US Computer Emergency Readiness Team (US-CERT) has kicked of an initiative to create common names for internet worms and threats.
Common Malware Enumeration (CME) aims to reduce confusion with the public caused by disparate naming schemes for internet threats.
A recent worm that used a known vulnerability in the Windows operating system, for instance, was referred to as W32.Zotob.E by Symantec, W32/IRCbot.worm!MS05-039 by McAfee and WORM_RBOT.CBQ by Trend Micro.
Internet worms are often named using information about the virus or a description entered by the author when crafting the malware. The new scheme will use a sequential CME number, beginning with CME-1.
A similar naming system already exists for security vulnerabilities in software, which uses a Common Vulnerability and Exposure identifier that includes a sequential number and the year in which it was identified.
The worm naming initiative will not include the date because users incorrectly rely on this information and could take an 'old' vulnerability less seriously.
While using the names provided through the programme is optional, the creators hope that it will improve communication and information sharing between antivirus vendors and the larger security community.
The project is backed by several leading security and software vendors including Computer Associates, McAfee, Microsoft, Symantec and F-Secure.
The programme is limited to internet worms, and excludes spyware, but US-CERT said that it could be expanded over time.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
ScheduALL, the global leader of Enterprise Resource Management...
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
CME
Let me see now. We use URLs with names because it is easier for users to remember than IP numbers. But CMEs will have numbers to make it easier fior the vendors and more difficult for users. Hmmmmm where can I find the cross reference tables to see what CME-1 was...was that the Jerusalem virus? But that's no problem because it's optional. Confused users will be reluctant to change to a vendor that uses CMEs and vice versa. Will Symantec use both? If the approach indicated in the article comes to be, people will be more confused, not less confused. What? No spyware/adware? The article doesn't mention trojan horses...they are not viruses and they are not worms....they can be used for spying - does that mean that they will not be given CMEs or names? The article also says that "The worm naming initiative will not include the date because users incorrectly rely on this information and could take an 'old' vulnerability less seriously. [Viruses and worms are not "vulnerabilities". they are viruses, trojan horses and worms that in some cases take advantage of vulnerabilities]
Posted by: Howard Mirkin 06 Oct 2005