Sunbelt have responded to an article in Infosecurity about what I described way back in the early 90s (when putting together the alt.comp.virus FAQ) as the "thorny issue of malware naming". Well, I've been banging the drum about educating users and pretty much everyone else away from the concept that malware naming is useful for quite a while:
http://www.eset.com/download/whitepapers/cfet2009naming.pdf
http://www.eset.com/download/whitepapers/Harley-Bureau-VB2008.pdf
Lysa Myers also addressed it in Virus Bulletin quite recently:
http://www.virusbtn.com/virusbulletin/archive/2009/06/vb200906-comment
Still, Tom Kelchner's article is a succinct consumer-level statement that covers most of the issues. I wish, though, that he hadn't suggested using Virus Total as a means of comparing "the detections of different AV companies". Hopefully, he meant that in terms of ascertaining what different companies call a given sample, not as a means of comparing the effectiveness of detection between different products. That's not what VT is for, and to assume that it can be used that way, as SRI do, is just so misleading. As I've said, among other places, here. And as Hispasec/Virus Total themselves say here.
[1] "Lessons of the War. I. Naming of Parts": Henry Reed, in New Statesman and Nation 24, no. 598 (8 August 1942): 92. http://www.solearabiantree.net/namingofparts/namingofparts.html
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
