Kaspersky Labs switches to a new naming scheme
Kapersky Labs makes some of the best anti-virus software out there, as analyzed by the Virus Test Center at the University of Hamburg.
They recently announced a new naming scheme. I’ve been thinking a lot about naming schemes recently, and I think this one could be better. Let me take it apart, and explain why. The scheme breaks down into:
Verdict: verdict clarification.
Verdict clarification includes the following categories:
An example name is thus: “Trojan-Dropper.Win32.Agent.a”
My first problem is that the name is long–29 characters, or 9 syllables. That makes it harder to work with than a shorter name. (This is probably more of a problem for those who spend their days working with them. For example, with CVEs, the 8 character length is longer than I can typically handle as one “chunk” and I need to look several times to ensure it’s right. If CVEs were 5-7 characters, they’d fit better in typical short-term memory. (This could be accomplished, for example, by using letters in place of numbers, getting a higher data density per character.)
My second issue is that much of the information is not needed. Today, 99+% of malware infects Windows. By actual infection, non-Windows malware is a rounding error. So why not leave off those 5 characters, except when they’re needed: “rootkit.macosx.opener“?
I think the ordering in use could be better. The name should be an index into a name list, and sometimes, human beings use visual scanning in place of search functions. In those cases, naming this “Agent.a-trojan-dropper” makes scanning much easier, without changing the information content.
Part of me wants to say that they should have used abbreviations in the name: “Agent.a.TD,” to make it harder to typo. But that runs into trouble with handling errors. If you do make a mistake, did you mean its a T(rojan) and added an extra character?
Generating good names that will satisfy all your different of user-types is very hard. Its also very important.
(From Nudecybot via email.) [Update: The cybot pointed me at the Kapersky labs article, he didn’t write the above.]