The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral method for malware outbreaks.
enurating faults is never a satisfactory approach to security. security by design, not by elastoplast.
http://www.ranum.com/security/computer_security/editorials/dumb/
“…supported by an editorial board of anti-virus vendors…”
I think that says everything.
This is simply an initiative to give a vendor-independent name to a virus, so you can easily tell that McAfee: W32/Bozori.worm.b and Sophos: W32/Zotob-F refer to the same thing, as an example. Just like the CVE list which give a vendor-independent name to a vulnerability.
Early days yet – I counted only 23 items in the list.
And of course you don’t secure your systems by just checking for bad programs, do you ? (:-)
nah. i recall a 10 point or so list of computer security linked to a news item here on osnews not to long ago.
one of the points there that a agree with is to build a known good list rather then a known bad list.
as in, unless the user or some third party ok’s the program, assume its bad and sandbox or kill it.
basicly, assume that a unknown program is hostile until verified. kinda like how one guards a military site or similar.
err, ignore this.
page i was talking about is linked in the first comment to this news item.