HP Shelves Virus Throttler Program

longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."

Wait just a minute...

[... James ...]

Microsoft introduced similar functionality in Windows XP SP2:

Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description

The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

Viruses vs virii

[leathered]

Can we settle this once and for all?

Virii is not a word in the English language; or any other language as far as I know.

I recommend correctional facilities for those using the word 'virii'.

Not just HP....

[XavierItzmann]

Though Apple has apparently designed a great OS for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows IT staff job security.

This is what today's Wall Street Journal said:
So how can you get rid of spyware and how can you avoid it in the first place? One nearly surefire cure is to dump your Windows machine and buy an Apple Macintosh.
http://ptech.wsj.com/archive/report-200408.html [wsj.com]

Microsoft actually made some efforts in SP2

[Jugalator]

Some changes to combat DDoS attacks:

- TCP data cannot be sent over raw sockets.
- UDP datagrams with invalid source addresses cannot be sent over raw sockets.

Some changes to combat worms:

- Updated TCP/IP stack to limit the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. This only applies when connecting to unavailable hosts, for example worms like Sasser guessing where to spread to.

You fail it! RTFA

[temojen]

No.

HP got it to work on Linux and HPUX, but didn't have the source to Windows XP, and so couldn't implement it for windows.

Someone else asks if they've ever heard of firewalls, but this technology is intended to stop worms once they're inside your lan.

Re:You fail it! RTFA

[TheSunborn]

Zonealarm don't have any problem with blocking connections from the inside. It really don't require access to the source of windows.

Re:Uh oh...

[rusty0101]

Nope. It means HP feels that since Linux is Free Software (as in speach) and they do own HP-UX, they have every right to go through the Operating System source code, write and compile tht tools, utilities, and features they are interested in testing for both Linux and HP-UX, but they are unable to do the same for Windows, because Windows is neither their own product, nor is it an Open Source product that they can do these things with.

The Network stack portion of Windows may be based upon one of the BSD varients, and as a result HP could very possibly test their ideas on all of the BSD varients and see if it works there as well, but there is no assurance that such a change would be possible to roll into Windows as an updated dll for netwroking, or any other fix.

They are claiming to own HP-UX (and from my perspective there are welcome to keep it!) but they make no claims to owning Linux.

Since they are shelving this idea, I doubt that the patchs, or source they wrote for these updates will ever be made available to the Linux community. Then again, perhaps they all ready have been, and I just don't know it.

-Rusty

Yes, it is. For several reasons.

[Roadkills-R-Us]

Did you read the article? They had it working on Linux and HPUX! So it wasn't just intended for Windows.

Next, so what? Whether you can "blame" MS or not has nothing to do with /.worthiness.

My favproite quote was ``"...we don't own Windws'', says Redmond.''

My next favorite:
``Virus Throttling only springs into action after a virus has penetrated an organization's network, which made it "more difficult to sell," he says.''

It's not a hard sell to a company that's just been brought to its knees! I was at [nevermind whom] when one of the major virii hit in 2001 (CodeRed? I forget). The network was literally unavailable for at least a day and a half, and this company's bloodstream was its network. If HP had walked in with Virus Throttler, they could have named about any price.

At least, if it worked with Windows. 8^(

That was the one time it didn't help much to have a non-Win system (we had plenty of Solaris, and some Linux and Mac systems). Because two many of us had the mandated Windows box. Even though everyone in my group was effectively immune, having turned off all the extra crap... But having a Solaris server did help; our group's SA put up a DNS server and a few other things, and we limped along better than most.

Not necessarily

[b00m3rang]

It detects /changes/ in the traffic patterns. If your computer sends thousands of packets per second to port 6346, it can probably identify that as your usual traffic. If you suddenly start sending millions of packets to port 25 on various machines, that's out of the ordinary and can be throttled.

You dumbfuck

[b00m3rang]

Let's see you reverse engineer Windows to the point where your program can integrate seamlessly and reliably with the OS kernel and the networking stacks without any documentation or help from Microsoft.

You think you're cute, but you're not.

Re:You dumbfuck

[MerlynEmrys67]

Easy enough to do...

Their networking stack is fully documented (much better than Linux thank you very much) - All that is needed is a simple filter driver to catch packets going in/out - apply a policy to them, and poof - off you go.

Anyone can go out and get a hold of the Windows DDK DDK Order Page [microsoft.com]

It contains all the docs that you should need to do pretty much anything you need in the windows kernel. Now lets see you do the same thing with Linux - heck there isn't even a decent kernel debugger, unless you go with a third party and pray it gets maintained

Re:Fair enough,

[Anonymous Coward]

Diskeeper by Executive Software installed a patched Windows NT kernel to allow defragging NTFS partitions. So? Well it just goes to show that it *is* possible to modify just about any aspect of Windows' functionality. I would guess that in this case, Microsoft decided they didn't want to give that much info / cooperation to HP, though.

Re:Does ZoneAlarm limit the number of

[Anonymous Coward]

Microsoft has helped 3rd party vendors in the past (ex: Diskeeper by Executive Software, installed a modified Windows NT kernel to allow NTFS defragging).

I would say in this case, either Microsoft refused to help HP, or they offered help with conditions that were unacceptable to HP. No doubt the details of which are all under some sort of NDA...

Re:Need more details...

[Anonymous Coward]

Installing a personal firewall requires administrative priveleges, which you are unlikely to have on a corporate machine...

He was talking about what the administrators should do, not what workers should do.

The administrators should set up personal firewalls on all the company's machines, for the simple reason that this will stop viruses spreading so easily if someone brings an infected laptop (or USB keychain, etc.) in from outside. It's as simple as installing XP SP2 in most cases. Intranet traffic should not be trusted, on any operating system, and if an admin assumes it can be, he shouldn't be an admin.

Even more secure would be to make it a dismissable offence to plug an external machine into the corporate network, but as it's mostly PHBs who like to take their laptops home in my experience, good luck to the admin who tries to suggest that as a solution.