To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39126217,00.htm

'Throttle' viruses with software
HP aims to slow the progress of viruses...

By Stephen Shankland

Published: Wednesday 01 December 2004

HP plans to give customers a new weapon against viruses: software that crimps their spread.

Early next year, the computer maker will begin selling software designed to slow the spread of viruses from its ProLiant servers and ProCurve networking equipment, an HP executive said on Tuesday. A version for HP's personal computers is planned for later release.

The software will give administrators time to respond to an attack, Tony Redmond, chief technology officer of HP Services, said at an HP security event in San Francisco. The time lag between a vulnerability in software being discovered and a virus being written is getting ever shorter, and viruses are spreading at a breakneck rate, he said.

"Ten years ago, all we worried about were floppy disk attacks. People would walk from PC to PC with an infected floppy. Five years ago, with 'I Love You' and 'Melissa' [viruses], we had a sudden acceleration of the threat," Redmond said. "Today, the type of viruses and worms we see are spreading at computational speed - a speed that a human can't deal with."

HP touted the software at a media event designed to spotlight the company's security efforts. Security is an active research area at HP Labs, and the company has 16 patents relating to the virus-throttling technology.

The program can distinguish between regular server process behaviour and viruses to detect an attack. "A rogue process such as a worm or virus tends to be making the same type of connection at a much more frequent pace," Redmond said. "If a process probes a particular socket on 1,000 systems a minute, what can you conclude? It's probably not a user or [a legitimate] server process."

The faster a virus is set to propagate, the easier it is to distinguish it from conventional computer tasks, Redmond said. Speedy propagation is a serious danger to networks and servers; the SQL Slammer attack hit 79,000 systems within 31 minutes, he said.

Once the software detects a process with virus-like characteristics, it slows that procedure down, without affecting regular processes. "Eventually it chokes it off," Redmond said.

HP will release virus-throttling support - likely as part of an add-on pack - for ProLiant servers running Windows 2000 and 2003 in early 2005. At the same time, it will release a version for its ProCurve network switching equipment. The software is undergoing Windows compatibility testing now, Redmond said.

Redmond declined to say when a PC version of the software might be released. It's in testing at HP Labs but, unlike the server version, is not in use as part of HP computing operations. He also declined to say whether a Linux version of the software would be coming, but said he hoped one would be released. Nothing technological stands in the way of a Linux version; indeed, prototypes were first shown on Linux.

Stephen Shankland writes for CNET News.com.