Results 1 to 6 of 6

Thread: Virus Throttling - The war begins

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Virus Throttling - The war begins

    Many of you have heard me discuss how underground groups are looking to distribute worms faster than the time an organization has time to react. 2004 was the year of worm QA and we all participated in the process. Once worm writers get it right, there *will* be a worm with a destructive payload.

    Anyway, some folks here PMed me saying that I was nothing more than a paranoid geek looking for "1337" status. Well for those who feel this way, have a look at this:

    Date: Wed, 01 Dec 2004 09:07:27 -0700
    From: "NewsScan" <newsscan@newsscan.com>
    Subject: 'Virus-throttle' software from HP

    Software engineers at Hewlett-Packard are developing "virus-throttling" software to slow the spread of viruses and worms on the Internet by identifying suspicious behavior. HP chief technology officer Tony Redmond says, "Any worm or virus that depends on its ability to spread itself will be hurt by this technology." Alan Paller, director of research at the SANS Institute, says the overall idea "makes sense," and adds, "It's an arms race, not a simple war. I've been hearing people talk about the notion of throttling for a long time, and it's a spectacular idea if HP can get it to work." [*The Washington Post*, 30 Nov 2004; NewsScan Daily, 1 Dec 2004]
    http://www.washingtonpost.com/wp-dyn...2004Nov30.html
    Finally we see conformation that vendors are trying to widen the reaction time window. Until now, all vendors have kept quiet about this. I feel vindicated.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    For sure, the techniques described in [1] (As far as I understood, these are the same as
    mentioned in the washington post article ?) are very promising (e.g. the plot (Fig.3) of
    the nimba distribution as a function of time and the number of "throttling" machines).

    In addition, I am wondering about how wide-ranged one can perform "virus-throttling"
    on a "hardware"-level, like Cisco's (?) technique of NAT limiting[2] or different methods (?).

    How many people (or companies) have already activated "virus-throttling" using
    such (hardware-based) solutions, and, to which extent is this efficient to slow down
    the distribution of worms? Any experience?
    I apologize for the huge amount of question marks in this post

    Cheers


    [1] http://www.hpl.hp.com/techreports/2003/HPL-2003-69.html
    [2] http://www.cisco.com/en/US/products/...0.html#1046622
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Personally, I think this is a band-aid and more of an approach that attempts to cure the symptom and not the root cause. There is no way to uniformly apply this technique across the internet. More over, when commercial interests are at the wheel and not an internet regulatory group, things tend to go to hell quickly.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    Re: Virus Throttling - The war begins

    Software engineers at Hewlett-Packard are developing "virus-throttling" software to slow the spread of viruses and worms on the Internet by identifying suspicious behavior. HP chief technology officer Tony Redmond says, "Any worm or virus that depends on its ability to spread itself will be hurt by this technology." Alan Paller, director of research at the SANS Institute, says the overall idea "makes sense," and adds, "It's an arms race, not a simple war. I've been hearing people talk about the notion of throttling for a long time, and it's a spectacular idea if HP can get it to work.
    Can you provide any additional information about how they plan to implement it.Slowing down the progress of a virus on internet sounds to be a good idea but what about implementation.
    where do they plan to install those softwares?
    nobody is perfect i am nobody

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    As I said, the implementation is fuzzy at this point and I really feel that the only good thing that has come of this announcement is that the industry has fessed up and acknowledged that they have recognized the issue and are now attempting to deal with it. The problem, as I noted above, is that they are trying to cure the symptom and not the root cause.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    You should feel vidicated, horse, and deservedly so. The changes in the types of malware I'm seeing, and the methods used to distribute and infect, bear you out.

    I agree that HP's efforts are addressing a symptom, not the disease. However, if there is an effective method of identifying suspicious behavior and it can be included in switch and router firmware--I would welcome any reprieve that may provide. I'll welcome any tools that will help me keep the network running and give me a chance to respond to malware.

    Maybe HP's efforts will prompt others to try working on other areas. The more people/organizations looking at the problem, the better chance we have of getting good solutions, instead of band-aids.

    Just my $US0.02.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •