Now that the smoke has cleared, and security professionals have had time to reflect on these events, I want to let you in on a little secret: The virus name game has gotten out of hand.
Sometime during the Bagle/Netsky war earlier this year, virus variant names assigned by antivirus software companies got out of synch. We can understand how that could have happened. There were multiple versions of those viruses coming out every day, with virus writers trying to outdo each other in some childish game of hacker supremacy. At the same time, IT people were dealing with the waves of malware as fast as they could.
When the virus war slowed down with the arrest of the author of Netsky, virus variant names stayed out of synch. Customers were able to deal with it -- as the new viruses trickled in at their normal pace -- by working together as a community via the Internet Storm Center, Secunia's virus information page, VGrep Online and MyITforum's security message boards and antivirus e-mail list.
This latest Bagle outbreak reminded us what a mess we are in. Since some antivirus companies have adopted an isolationist attitude, and don't usually share information with one another, customers are left confused as to exactly what they are dealing with.
Some AV companies provided more detail, but didn't match the threat level of others, since they received a low number of submissions from their customers. Their virus variant names were different from other AV companies, so some customers were left in the dark.
Still other companies had only one or two of these variants listed, with various degrees of detail -- again with completely different variant names, since that was all their customers had submitted to them. This left even more customers in the dark. For those who use more than one company's antivirus product -- and I know there are plenty out there -- that left them with an even bigger mess than just the virus outbreak.
With all of this going on, customers dealt with it as they usually do: working together as community. We sorted through all the information that trickled down to us. As usual, we got through it, with some of us showing a few more gray hairs.
I think I can speak for everyone in the security community when I say that "dealing with it" is not acceptable anymore. As customers, we should not have to work so hard to figure out which products keep us protected.
We know antivirus software companies can do better, and we challenge them to do so. With the increasing problem of spyware, spam and patch management, we have enough to deal with.
However things are fixed might not matter, as long as something is done before things get worse. Companies should work together as a community of security professionals and help out customers at the same time. With Microsoft expected to enter the antivirus software business, companies should determine how to accomplish this and keep customers better informed about how they are protected.