Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

Tolerating Viruses In Order To Ignore Them 18

Posted by timothy from the very-zen dept.
Tammy writes "This article discusses how a new approach to computer security focuses on allowing computers to function even when infected with a virus or worm. This relatively new approach contrasts with traditional, preventitive security that has been sucseptible to numerous attacks."
This discussion has been archived. No new comments can be posted.

Tolerating Viruses In Order To Ignore Them More

Tolerating Viruses In Order To Ignore Them

Comments Filter:
  • The Ghandi approach, eh?
  • People still get get work done even if their computer is infested with Windows.

  • Keeping computers functioning after infection only serves to increase the propogation of the virus. Successful viruses keep the host healthy enough to aid transmission.

    For instance, if word viruses stopped you from opening word, they'd find it difficult to move from host to host. What would be better - an outlook virus that disabled email, or one that couldn't?

    • But what they're describing here is *theoretically* a technique for preventing DoS attacks... Even though you are under the influence of malicious code, your services are "protected" from going down.

      So they're good.

      Except:

      Their technique is a combination of proxy servers, URLSpy-style query validation, clustered servers, and comparative validation. So:

      • how are they preventing anything, if every hit on the service produces 3 hits on the backend?
      • how are you protected from exploits against known v
  • To make a long story short, this is really nothing new; they're using firewalls, even though they're calling them 'proxy servers' and 'ballotting systems' for some reason.

    *shrug* move along, nothing to see here.
    • The novel approach here is the combination of a firewall like proxy with the balloting system and a suspicious activity monitor. The combination of these can provide a much more robust system (at the expense of complexity and more resources) than running a firewall alone.

      So while examples of each of the 3 sub-systems used in this approach have a existed for a long time, the combination of them in this context is a less well know (possibly new) idea and has merrit.

  • there's virtually no information in this pop-targeted piece. Frankly I think half the problem is calling something a virus that is clearly a worm. They're two different risks and require two different approaches to countermeasures. A simple layer of mandatory access control would stop the kinds of computer viruses I'm more likely to be refering to when I say 'virus'. Network worms require an approach that is mainly to do with a lack of any access control on sockets. Consider this: once one has gone to
  • SITAR employs fault-tolerance principles such as providing redundancy in key functions and diversity in configuration. For example, ... two different programs running on two different computers with two different operating systems.

    so you are going to help customers porting their key application, and buy the computer/OS, and call this "fault-tolerance "?

    SITAR's first line of defense consists of "proxy servers," computers that stand as intermediaries between the protected system and the outside world. T

  • irony (Score:1)

    by BortQ ( 468164 )
    This article seems like it's a virus that slashdot is willing to live with.
  • This relatively new approach contrasts with traditional, preventitive security that has been sucseptible to numerous attacks.

    New approach to handling viruses? My company has left Windows running on thier machines for years... *rimshot*
  • Sitar

    Indian stringed instrument: an Indian stringed instrument with a rounded resonating body and a long fretted neck. There are several playing strings and a larger number that vibrate sympathetically. Need I Say More!!!!!!
  • The meat of this article seems to be that you have 3 different OS's running, presumably as virtual machines, with a host that handles balloting of responses. So, in order to achieve security of outgoing responses, you have 4 times the infrastructure. However, for the military's purposes, they want to hide secrets and limit access to the machine... a problem that will be compounded when 3 different sets of vulnerabilities are placed on the internet. Apparently another set of machines will be needed to sto
  • Suppose I send a request to withdraw some cash from my account. If two backends agree to withdraw $100 and the last one decides to donate $100 to world peace, what exactly happens to my account and how much cash do I get?

    Clearly the systems that do real work, that need to be protected the most, can not be duplicated. Would work well for DNS/web servers though.

  • I do not think that this article means what you think it means.
    This article describe the ability of a DDoS'd server to ignore the DoS'ing going on around it with a bunch of funny acronyms. It is not about a program continuing to work even after being infected by a virus, as the /. article suggests; besides, a good virus wants its host program to function mostly properly--a DDoS attack does not. The technology sounds interesting but flashy.
    And the article is not terribly informative. You know something is

Slashdot Top Deals

Real Users know your home telephone number.

Close