The charges were made in a report published by e-mail services company MessageLabs, which claims that the recent release of three different strains of the Yaha in the space of 11 days, causing havoc with the naming conventions used by the anti-virus industry. Although the three versions had names ranging from Yaha.J to Yaha.M, antivirus companies could not agree on which name went with which version of the virus.
"When the anti-virus vendors brought their initial virus signatures out for Yaha.J, not all products were able to detect all three variants. Some could detect one, others two; and a few, all three," read the report. "This causes problems for end users, who check their vendor website to make sure they are protected against Yaha.J, but find it sailing through their defences."
All antivirus companies contacted by ZDNet Australia disagreed that this was a problem for the industry.
"Broadly [virus names] are the same but over a period of time they align," said David Banes, regional manager for Symantec Security Response, Asia Pacific. "Often there is plain disagreement over what something will be called, and one vendor will stick to a different thing. Or we'll think that its not a variant, then learn that it is, or think something is new and then later realise it's a variant."
However, the confusion over names was not seen by any anti-virus company to hinder protection. "If the user is up-to-date and protected, would it really matter if one vendor calls it variant X and another labels it variant Z?" said Central Command product manager Steven Sundermeier. "The only important issue is if it got stopped."
Sundermeier admitted that, like all anti-virus companies, the Central Command support department often had to respond to queries over viruses that had been named differently by a competitor, but was unconcerned. "In my opinion, its the users that are not subscribed to various newsletters, that do not have multiple [antivirus] sites bookmarked and are not staying on top of things, asking about differences in virus naming, etc, that are usually not up-to-date and who cause our support teams the biggest headaches."
This sentiment is echoed by Steinar Wigtil, R&D manager for Norman ASA, who claimed that users did not need to know the name of a virus. "When you buy anti-virus software, you also buy the expertise of the anti-virus company, which has a sizeable staff of experts to do this job for you," he said.
"Any virus defence that presupposes defensive action by the user from case to case, is totally inadequate and irresponsible in today's virus scene," said Wigtil. "Any modern anti-virus software must update itself automatically, with no user intervention what-so-ever."
Buckley's chance of a standardised naming system
Most anti-virus vendors support the Computer Antivirus Research Organisation (CARO) naming convention. Despite this, it can sometimes take weeks to standardise on a name, according to Banes.
"In the early days you'd get one sample and it would spread so slowly that everyone would have a copy before it was an issue," said Banes. "Now it spreads so quickly the vendors are not going to wait until there is a name, they want to get it out as soon as possible."
Banes said a lot of people in the industry are discussing the naming of viruses at the moment, such as the Association of anti-virus Asia Researchers (AVAR), which will hold its annual meeting in Australia early next year.
"What we're trying to do is come up with a naming convention to do two things which contradict each other," said Banes. "We want the names to be descriptive and easy to understand."
Although most anti-virus companies support a system to standardise virus names in principle, none of them expect to see any advancement in this area anytime soon.
"Naming criteria has been improved and that evolution can be seen today," said Luis Corrons, lab director for Panda Software. "We believe (and hope) that it will come close to standard, but it is too difficult to find "the standard" nowadays. In one hand viruses reach different countries at the same time and the solutions need to be out at once, so there is not much time to spend to name the virus."
"On the other hand, the IT industry has opened certain communication channels that allow them to gather information rather quickly and agree on a name in certain cases," he added.
Sundermeier said the difference in detection abilities and corporate policies of various companies meant that it would take a considerable time to agree on the surrounding issues, and would not be likely to happen in the near future.
Others pointed out a standardised naming system still wouldn't avoid the problems created when several variants of a virus are released close together.
"Even if an independent body to name viruses is formed, we will not avoid the naming chaos we got for Yaha in the last two weeks of December 02, when at least ten new variants were released simultaneously or within a very short time span," said Wigtil. "For the anti-virus industry, detection will always come before naming issues."
