The following platform names have previously been mooted or used by some developers but are now deprecated. The Comments column explains which platform name from the ‘officially accepted’ list to use instead. This is not intended to be an exhaustive list of platform names that should no longer be used, whereas the list in OfficialPlatforms is authoritative. A platform name that does not appear in OfficialPlatforms is not officially supported so should not be used.
| Short form | Long form | Comments |
|---|---|---|
| ATVX, OCX | ActiveX | ActiveX ‘controls’ are really just Win32 DLLs with an attitude. As such, any malware based on them would correctly be classed as Win32. Malware that exploits one of the many ActiveX security flaws exists. However, it is not classified relative to the security flaws exploited but the scripting platform (or whatever) on which it depends, so again, these platform names are nonsense. |
| IIS | IIS | Malware exploiting security flaws in IIS may only work (or, at least that part of it may only work) on IIS machines, but for now most IIS machines are Win32 or Win64 and some will soon be .Net Server (platform MSIL). The fact that it was IIS that was exploited is not relevant to AV research naming interests, at least not for now. |
| IRC | <various> | IRC is a network protocol that is not currently known to be virusable, per se. Sure, some of the most popular IRC clients are virusable through poorly designed/implemened/secured scripting interfaces and the like, but that does not make IRC virusable even if 99.99% of IRC users run that client. |
| HTML | HTML | As this guide was finalized, bare HTML was still not virusable, but HTML files can be ‘carriers’ of various script-based nasties. Thus use of HTML as a platform name is clearly mis-directed. Most malware designated as being of this type will really be of JS or VBS types. |
| JV | Java | ‘Java’ is the only acceptable short form for the platform name of malware requiring a Java runtime environment (at four characters it certainly does not need artificial and confusing abbreviation). |
| MPF | MultiPlatform | Some vendors have adopted this for various reasons — some use it for Java (and similar multi-OS hosted platforms). Use Java, the appropriate {<id1>,<id2>} formulation or even the new Mul pseudo-platform. |
| Palm | PalmOS | Palm is a registered trademark; use PalmOS for long and short platform names (see OfficialPlatforms ). |
| Malware that distributes itself in a PDF file is not necessarily a ‘PDF infector’. When writing this guide, the only malware known to use PDF files was the VBS/Peachy family which depends on the full (‘authoring’) version of Adobe Acrobat to be able to ‘unpack’ the VBS script that performs the actual replication step. Thus, the Peachy family is correctly classified as a VBS platform virus but it has two non-VBS ‘phases’ or components. Note that with the PDF format being based on the eminently virusable PostScript platform, ‘PDF’ may yet come into its own as a virus platform name — this admonition is against the incorrect use of PDF as the platform name for viruses like Peachy that use PDF files as a form of transport, archive or other ‘obfuscation’ mechanism. It is not an outright ban on the possibility of its use as a platform name. | ||
| W3X, W31, Win3X, Win31 | Windows3X, Windows31 | Some developers have classified malware that requires Windows 3.x as Windows3X or Windows31. This classification is not officially supported — such malware should be classified as Win16. (See footnote.) |
| W95, Win95 | Windows95 | Works under one or more of Windows 95, 98, 98SE and/or ME but not NT, Win2K or XP. Some products classified malware that used VxD mechanisms and/or Win9x-specific tricks as Win95. Such malware is now classified as Win32. (See footnote.) |
| W98, Win98 | Windows98 | Works under one or more of Windows 98, 98SE and/or ME but not NT, Win2K, XP. Some products classified malware that used Win98/ME-specific tricks as Win98. Such malware is now classified as Win32. (See footnote.) |
| WinME | WindowsME | Works under Windows ME but not NT, Win2K, XP. Malware that uses WinME -specific tricks should not be classified as WinME but as Win32. (See footnote.) |
| WNT, WinNT | WindowsNT | Some developers have classified malware that requires Windows NT or later, or which is NT-specific, as WindowsNT. This classification is not officially supported — such malware should be classified as Win32. (See footnote.) |
| W2K, W2000, Win2K, Win2000 | Windows2K, Windows2000 | Some developers have classified malware that requires Windows 2000 or later, or which is Windows 2000-specific, as Windows2K. This classification is not officially supported — such malware should be classified as Win32. (See footnote.) |
| WXP, WinXP | WindowsXP | Some developers may have classified malware that requires Windows XP as WindowsXP This classification is not officially supported — such malware should be classified as Win32. (See footnote.) |
| .Net | DotNet | Some developers may classify malware that requires .Net as DotNet or similar. This classification is not officially supported — such malware should be classified as Win32 if it is not ‘pure’ .Net (e.g. still depends on Win32 PE stub tricks) or MSIL if it is ‘pure’ .Net (even if it has other platform specificities). |
| SWF | ShockWaveFlash | A good example of a badly chosen platform name. See why this is wrong, and the official name choices for the so-called SWF/LFM.926 virus in the Considerations when naming malware section. |
| ELF | ELF | Used by some vendors for Linux, or more generally Unix, malware. Vendors currently designating ELF as a malware type should change this to Unix. |
Note: For the sake of backwards compatibility, renaming all existing malware using these platform names should not be considered a high priority. New malware should be correctly assigned platforms as per this guide, but existing named malware with these platform names at the time this guide was formulated should be considered equivalent to the suggested platform by anyone doing naming standards compliance tests. When naming new variants of existing families that retain one of these old platform names under this grace condition, the new variant must be correctly named in a standards-compliant product — whether the rest of the existing family members are then also renamed is a decision left (for now) to the implementer.