Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Malware Naming Plan Gets Chilly Reception

    By
    Paul F. Roberts
    -
    October 6, 2005
    Share
    Facebook
    Twitter
    Linkedin

      A discussion of a new system for tracking malicious code introduced by the U.S. Department of Homeland Security turned into a contentious argument Wednesday, with some anti-virus and enterprise IT analysts questioning the programs value and its dependence on major anti-virus software vendors.

      Attendees at a presentation on the CME (Common Malware Enumeration) program at the Virus Bulletin Conference, a gathering of computer virus analysts in Dublin, Ireland, peppered CME board members Desiree Beck, of MITRE Corporation, and McAfee Inc. Fellow Jimmy Quo with questions about how the new program will be implemented, what purpose CME numbers will serve, and whether the program will admit representatives from more anti-virus companies.

      While some saw the uproar as predictable resistance from entrenched interests in the balkanized anti-virus software industry, others said that changes to CME may be necessary to make the program work.

      The spat came on the same day that the US-CERT (U.S. Computer Emergency Readiness Team) officially launched CME, which is intended to clear up confusion that results from the current decentralized system for naming Internet threats.

      CME has been in development for over a year and is being run by the MITRE Corp. for DHS National Cyber Security Division.

      So far, the program has assigned CME numbers to 23 critical worms and viruses, a tiny fraction of all the malicious code samples that have been discovered during that time.

      Unlike previous virus-naming systems, CME will be based on samples of malicious code, not specific files that contain malicious code.

      The code samples will be submitted to MITRE, reviewed by experts at anti-virus companies that participate in the program, and then tagged with CME numbers, said Beck.

      But audience members noted, and Quo acknowledged, that different anti-virus engines identify threats differently, meaning that a new Internet attack might carry more than one CME number, or that the same CME number might apply to more than one attack.

      Audience members, many of them representatives of anti-virus companies that would use the new system, also expressed doubts about whether MITRE would be able to cope with the flood of threat data they would get from member companies.

      “[CME] is impossible to achieve,” said Vesselin Bontchev, an anti-virus researcher at FRISK Software International. “[CME] is based on CVE [MITREs Common Vulnerability Enumeration list], but the last time I looked, 73 percent of the vulnerabilities did not have a CVE number. Can you imagine coping with the number of viruses?”

      /zimages/1/28571.gifClick here to read more about obstacles to the US-CERT naming plan.

      CME member Nick Fitzgerald, an independent anti-virus analyst, said that member organizations will keep from being overwhelmed by “self limiting.”

      “We cant submit 20 or 30 [malicious code samples] a month. Were not so stupid that were going to DOS ourselves,” he said.

      MITRE and CME members will only work with the most critical threats, such as the recent Zotob worm, which are generating large numbers of infections and media attention, said Beck.

      “We want to help consumers and not have anything that theyre confused about,” said Quo.

      “If we determine that a threat is…something for them to be concerned about, well step in and assign it a CME number.”

      Not everybody was skeptical of the new system.

      “I want information on new malicious code that I havent seen…CME will provide a level of trust between our internal tests and in-house research,” said John Alexander of Wells Fargo.

      Many of the objections to the program were similar to those raised at the same conference last year, when the idea for CME was first introduced, and typical in a divided and deeply competitive anti-virus industry, which has tried for years and failed to come up with a uniform virus-naming standard, said Ken Dunham, director of malicious code research at iDefense Inc.

      “Everybody does whats right in their own mind, and its chaos,” he said.

      /zimages/1/28571.gifRead more here from columnist Larry Seltzer about the “naming mess.”

      Changes are likely as CME members begin to implement the program.

      While CME membership is invitation-only, the group may need to extend membership to more security companies to ensure its success, said Quo.

      “Im going to suggest that,” he said.

      But forces outside the industry have made accurate tracking more important, including new regulations that emphasize network auditing and compliance.

      Over time, those changes will force companies to come up with ways to accurately identify and correlate threats, Dunham said.

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×