In kurt wismer <
[email protected]> had this to say:
My reply is at the bottom of your sent message:
Galen wrote:
[snip]
It's about time... The question begs what will they do when the
numbers run out?
they increase the number of digits used...
Perhaps something that also includes date of discovery or of
numeration and would be acceptable?
wouldn't necessarily help... it's entirely possible to have more than
1000 significant malware threats in a single year...
As it is, if you look on their site, you'll see
that there's already a number of them taken up
are you sure? they're assigned a random number from within the
range...
and, according to them, it's
only numbers 1-999 which is pretty limited. Finally, one more
question, what about older versions of malware? Will those be
assigned numbers?
they aren't going to be enumerating all malware, only ones that are a
real threat (ones that are already being seen in the wild or will
probably be seen in the wild)... to that end, old malware *usually*
doesn't pose as much of a threat as new malware...
I'm not sure if I posed all of my concerns (keep in mind I'm only active in
the msnews.microsoft.com groups at the moment) with any greater clarity but
I think I addressed them and (perhaps) a potential solution. I note that you
mention that only significant threats would be included. By who's
definition? (And this boarders on soapbox so please bear with me.) By my
definition - anything that potentially puts my system's data at risk or my
system's stability at risk is serious enough for me to be concerned about it
and more so when there's people who won't patch their systems and keep
sending me year old worm variants... </climbs off soapbox but it's been an
afternoon of deleting emails> When I am obligated to support end-users, both
online and in the real world, with malware issues I don't want there to be
exclusions, I want all the information and I want a resolution as quickly as
possible because, to be frank, I don't have that much time and nor do they.
I think one of the greatest values in this proposal is trend monitoring. By
date I don't mean the specific year only, I mean a format such as defined in
the prior response such as CME-10052005-*** which, along with a description
field and a few others added for flavor would make this not only a valuable
standardization but also a repository for a wealth of information such as
trends, targeted systems, method of attack, and security flaws exploited for
instance... A standard, such as a stud being 16" on center to enable ease of
use with a 4x8 piece of sheet material sheathing, must stand the test of
time. While the number of digits is infinite if they just keep adding on to
them they also become meaningless after a while. Those who would be "in the
know" would be able to look at CME-10052005-123 and say "ha, that's
doomandgloom, a trojan, and this is how you remove it from your system." And
while that would only stay in memory for the tech for a short while, it's
easier (and at least has more information for reference even without the
database ideas) and it contains more information than a simple number. It's
also very simple to implement and this is truly something that's infinite.
The malware threats aren't going to go away and while you'll never run out
of numbers the idea for a standard is to have it last and in ten of fifteen
years I don't want to be reading CME-*********************************** and
be expected to know what that is.
Anyhow, that's about all I really have to say on the subject I think. I
might think of more.
Galen
--
"You know that a conjurer gets no credit when once he has explained his
trick; and if I show you too much of my method of working, you will
come to the conclusion that I am a very ordinary individual after all."
Sherlock Holmes
