Many of you have heard me discuss how underground groups are looking to distribute worms faster than the time an organization has time to react. 2004 was the year of worm QA and we all participated in the process. Once worm writers get it right, there *will* be a worm with a destructive payload.

Anyway, some folks here PMed me saying that I was nothing more than a paranoid geek looking for "1337" status. Well for those who feel this way, have a look at this:

Date: Wed, 01 Dec 2004 09:07:27 -0700
From: "NewsScan" <>
Subject: 'Virus-throttle' software from HP

Software engineers at Hewlett-Packard are developing "virus-throttling" software to slow the spread of viruses and worms on the Internet by identifying suspicious behavior. HP chief technology officer Tony Redmond says, "Any worm or virus that depends on its ability to spread itself will be hurt by this technology." Alan Paller, director of research at the SANS Institute, says the overall idea "makes sense," and adds, "It's an arms race, not a simple war. I've been hearing people talk about the notion of throttling for a long time, and it's a spectacular idea if HP can get it to work." [*The Washington Post*, 30 Nov 2004; NewsScan Daily, 1 Dec 2004]
Finally we see conformation that vendors are trying to widen the reaction time window. Until now, all vendors have kept quiet about this. I feel vindicated.