-
Notifications
You must be signed in to change notification settings - Fork 16
Proposal: Modify MalwareLabelEnum Enumeration
Status: Open
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issues: https://github.com/MAECProject/schemas/issues/62
https://github.com/MAECProject/schemas/issues/64
Some of the values captured in the MalwareLabelEnum-1.0 enumeration do not have accurate descriptions, some potentially useful values are missing, and one value is too broad.
We propose to update MalwareLabelEnum-1.0 to MalwareLabelEnum-1.1 by making the following changes:
-
The
malcodevalue will be removed because it is too broad to be useful. -
Descriptions for the
fork bombandwabbitvalues will be changed as follows.
| Value | Description |
|---|---|
| fork bomb | The 'fork bomb' value specifies a program that replicates many times on one system, usually until the system runs out of memory or disk space, causing a denial of service. The replicated programs also replicate so that the number grows exponentially. A fork bomb is a type of wabbit. |
| wabbit | The 'wabbit' value specifies a form of self-replicating malware. Unlike worms, wabbits do not attempt to spread across networks. Also known as a 'rabbit'. |
The following new values will be added.
| Value | Description |
|---|---|
| joke program | The 'joke program' value specifies a program that interferes with the normal behavior of a machine, creating a nuisance. |
| scareware | The 'scareware' value specifies a program that reports false or significantly misleading information on the presence of security risks, threats, or system issues on the target computer. |
| parental control | The 'parental control' value specifies a program that monitors or limits machine usage. They can run undetected and can transmit monitoring information to another machine. |
| security assessment tool | The 'security assessment tool' value specifies a program that can be used to gather information for unauthorized access to computer systems. |
| trackware | The 'trackware' value specifies a program that traces a user's path on the Internet and sends information to third parties. Compare to spyware, which monitors system activity to capture confidential information such as passwords. |
As an optional, updated version of the MalwareLabelEnum, this change will be backward compatible.
- Are the proposed descriptions changes accurate and necessary?
- Are the proposed additional values appropriate?