-
Notifications
You must be signed in to change notification settings - Fork 16
Proposal: Modify MalwareLabelEnum Enumeration
Status: Open
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issues: https://github.com/MAECProject/schemas/issues/62
https://github.com/MAECProject/schemas/issues/64
Some of the values captured in the MalwareLabelEnum-1.0 enumeration do not have accurate descriptions, some potentially useful values are missing, and one value is too broad.
We propose to update MalwareLabelEnum-1.0 to MalwareLabelEnum-1.1 my making the following changes.
The malcode value will be removed because it is too broad to be useful.
Descriptions for the fork bomb and wabbit values will be changed as follows.
| Value | Description |
|---|---|
| fork bomb | The 'fork bomb' value specifies a program that replicates many times on one system, usually until the system runs out of memory or disk space, causing a denial of service. The replicated programs also replicate so that the number grows exponentially. A fork bomb is a type of wabbit. |
| wabbit | The 'wabbit' value specifies a form of self-replicating malware. Unlike worms, wabbits do not attempt to spread across networks. Also known as a 'rabbit'. |
The following new values will be added.
| Value | Description |
|---|---|
| joke program | The 'joke program' value specifies a program that interferes with the normal behavior of a machine, creating a nuisance. |
| scareware | The 'scareware' value specifies a program that reports false or significantly misleading information on the presence of security risks, threats, or system issues on the target computer. |
| parental control | The 'parental control' value specifies a program that monitors or limits machine usage. They can run undetected and can transmit monitoring information to another machine. |
| security assessment tool | The 'security assessment tool' value specifies a program that can be used to gather information for unauthorized access to computer systems. |
| trackware | The 'trackware' value specifies a program that traces a user's path on the Internet and sends information to third parties. Compare to spyware, which monitors system activity to capture confidential information such as passwords. |
As an optional, updated version of the MalwareLabelEnum, this change will be backward compatible.
- Are the proposed descriptions changes accurate and necessary?
- Are the proposed additional values appropriate?