Loading ...
Sorry, an error occurred while loading the content.
 

New Defense Against Computer Viruses

Expand Messages
  • NHNE
    NHNE News List Current Members: 756 Subscribe/unsubscribe/archive info at the bottom of this message. NHNE 2002 Fall/Winter Fundraiser: Money needed = $2090.00
    Message 1 of 1 , Dec 9, 2002
      NHNE News List
      Current Members: 756
      Subscribe/unsubscribe/archive info at the bottom of this message.

      NHNE 2002 Fall/Winter Fundraiser:
      Money needed = $2090.00
      Donations to date = $920.00
      Number of people who have helped = 22
      Funds still needed = $1170.00
      To make a tax-deductible donation:
      Web: http://www.nhne.com/main/donations.html
      eMail: nhne@...
      Phone: (928) 282-6120
      Fax: (815) 346-1492
      Mail: NHNE, P.O. Box 2242, Sedona, AZ 86339
      Credit Cards: Please include number, expiration date, phone number.
      Thank you!

      ------------

      VIRUS THROTTLE A HOPEFUL DEFENSE
      By Michelle Delio
      Wired
      Monday, December 9, 2002

      Computer viruses and worms live in the fast lane, propagating themselves
      through a network faster than even the most highly caffeinated techie can
      purge them from a system.

      But Matthew Williamson, a researcher at the Hewlett-Packard laboratories in
      Bristol, England, has come up with a new way to handle the quick-moving
      cybercritters: Throttle 'em.

      Computers contaminated by a virus behave differently from uninfected
      computers. An infected computer's primary goal in life is to reproduce the
      virus it harbors. In order to do that, the infected computer will try to
      make connections ­- through e-mail or directly -- with as many other
      computers as possible, as quickly as possible.

      Williamson's idea hinges around slowing viral spread by limiting a
      computer's ability to connect to new computers.

      Virus throttling (http://www.hpl.hp.com/techreports/2002/HPL-2002-172.pdf),
      which Williamson is working on at HP's labs, uses a filter to set limits on
      how many other computers a throttled computer can connect to in any given
      period of time.

      Throttling doesn't prevent an individual machine from becoming infected, but
      it can contain the spread of a virus and reduce the infected machine's
      ability to inflict damage.

      "We realized that most antivirus techniques concentrate on protecting
      individual machines, not the community as a whole," Williamson explained.
      "So we thought about ways to protect the overall system, without worrying if
      a few individual machines are 'sacrificed' for the common good."

      Along with displaying common courtesy for others, throttling is an effective
      way to contain damage until systems administrators can flush out a virus
      from infected systems.

      At the HP lab, the throttle was tested on a network of 16 machines. When one
      computer was exposed to the Nimda virus, all 16 throttle-free machines were
      infected in about 10 minutes.

      But when the throttle was used on the test network, it took 13 minutes for a
      second machine to be infected, and half an hour for a third to succumb. By
      that point, a reasonably alert administrator could have easily contained the
      virus.

      "It sounds like a clever idea that would make sense to include as part of a
      larger Web server security package," security researcher Richard Smith said
      of the throttle.

      Williamson sheepishly admitted that after the first round of tests, he was
      amazed at how well his idea worked.

      "I was surprised that something so simple could be so effective at quickly
      slowing and stopping further propagation from an infected machine, as well
      as letting through normal traffic without delay."

      The limits imposed by throttling have no noticeable effect on a throttled
      computer's user. Williamson said the most severe delay he's seen in sending
      his own e-mail in three months of tests was about five seconds.

      Throttle research is ongoing, but Williamson believes the idea could be
      successfully applied to other security issues.

      "Rather than trying to prevent a problem from occurring, such as a machine
      being infected with a virus, we'll work on containing the damage that is
      caused," Williamson explained. "This approach ends up protecting the
      community rather than the individual, which is vital for preventing
      large-scale problems."

      ------------

      NHNE News List:

      To subscribe, send a message to:
      nhnenews-subscribe@yahoogroups.com

      To unsubscribe, send a message to:
      nhnenews-unsubscribe@yahoogroups.com

      To review current posts:
      http://groups.yahoo.com/group/nhnenews/messages

      Published by NewHeavenNewEarth (NHNE)
      eMail: nhne@...
      NHNE Website: http://www.nhne.com/
      Phone: (928) 282-6120
      Fax: (815) 346-1492

      Appreciate what we are doing?
      You can say so with a tax-deductible donation:
      http://www.nhne.com/main/donations.html

      P.O. Box 2242
      Sedona, AZ 86339
    Your message has been successfully submitted and would be delivered to recipients shortly.