CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

A tangle over virus IDs

The antivirus community is split over the merits of a scheme to give malicious software common identifiers.

The announcement that several major security players have joined forces to agree on a common malicious software taxonomy prompted some in the security community to question how effective such a system will be.

The Common Malware Enumeration (CME) system was launched on Wednesday at the Virus Bulletin event in Dublin by Mitre, a nonprofit research organization.

CME is a classification system for viruses and other forms of malicious software that gives them a common code (e.g. CME-154) as well as their name. Its supporters claim that a common naming schema will help to clear up confusion about what malicious software should be called.

But some experts claimed on Wednesday that CME will not make much of a difference, at least initially.

"Now every piece of malicious software will just have 18 names and a number," said David Perry, global director of education Trend Micro, arguing that antivirus customers won't stop giving newly discovered malicious software different names.

Martin Overton, independent researcher for IBM, also doubts that CME will bring order to the security space.

"It's going to make it worse," said Overton told. He was backed up by Jeanette Jarvis, security systems product manager at Boeing, who agreed that the new situation is no better than the old one.

However, other experts reject the claim that CME will add to the confusion.

"Malware will now be able to be tied together with a common thread," argued Graham Cluley of Sophos.

The enumeration will only initially apply to the "big hitters"--the most common forms of malicious software--rather than all new viruses that are detected. This led Perry to criticize CME for not going far enough.

Other experts believe this is a step in the right direction. "We have to crawl before we can walk, before we can run," said Larry Bridwell, content security programs manager for security watchdog ICSA. "CME was never designed to solve the naming problem, it was designed as an index," Bridwell added.

Currently, when new viruses appear on the Internet they are generally given different names by different companies who discover it independently. This can cause confusion for users, who need to know if they should be patching against one worm or several, and if their security product offers protection.

Only later do the antivirus firms agree on a single name, once they've ascertained that they are talking about the same piece of code.

CME does have the support of several large vendors, including Symantec, McAfee, Microsoft, Computer Associates, Kaspersky Labs, Sophos, Trend Micro, F-Secure and Message Labs. The system will be moderated by Mitre.

Tom Espiner of ZDNet UK reported from London.