Time to call a spade a spade

Of course, things get more complicated if you then look at the numerous mailing lists covering new malware "releases" and try to work out if you can sit back and relax over your morning cup of coffee, or hold your breath until the necessary update comes down the wire.

This should be a simple exercise. Unfortunately, vendors pick different names for the same thing, and steadfastly refuse to amend their naming scheme in line with the majority when things settle down. It's so bad now that there is even a tool to find out what company X and company Y call the same thing (the very handy vgrep, from www.virusbtn.com).

Add in the occasional phone call from the CEO to find out whether the firm is protected against the virus he's heard about on the news, and the coffee goes cold long before you can relax.

This is all rather strange, and seems to be a computer industry thing. The medical community seems to have little trouble identifying specific pathogens without resorting to the name game; there's no need for "vgrep" for them. In fairness, though, they have been at it somewhat longer than us – perhaps back in Lister's day things were just as bad.

This would be just about manageable if the marketing people hadn't cottoned on. Now it seems that whenever there's a "new" attack (which is usually just a new twist on an old tactic), there needs to be a new name, usually one beginning with "ph".

So we have "phishing" to describe social engineering via email, "pharming" for its web companion, and so on. And we have the term "evil twin" to describe what for decades was called an impersonation attack. Each new name tends to be accompanied by a press release and a new product update. The Bluetooth security crowd is busy sticking "blue" in front of every verb in sight (although I suspect this is somewhat tongue in cheek).

Maybe I'm just an old cynic, but things would be a lot simpler if we stuck to a more limited vocabulary. Apart from anything else, people get conned into thinking that "new" attacks need new defences. In most cases, a proper application of basic principles will prevail against the old and the new. But it won't get you a nice headline on the breakfast news.