HP Shelves Virus Throttler Program 277
longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."
Wait just a minute... (Score:5, Informative)
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.
Viruses vs virii (Score:4, Informative)
Virii is not a word in the English language; or any other language as far as I know.
I recommend correctional facilities for those using the word 'virii'.
Not just HP.... (Score:3, Informative)
This is what today's Wall Street Journal said:
So how can you get rid of spyware and how can you avoid it in the first place? One nearly surefire cure is to dump your Windows machine and buy an Apple Macintosh.
http://ptech.wsj.com/archive/report-200408.html [wsj.com]
Microsoft actually made some efforts in SP2 (Score:5, Informative)
- TCP data cannot be sent over raw sockets.
- UDP datagrams with invalid source addresses cannot be sent over raw sockets.
Some changes to combat worms:
- Updated TCP/IP stack to limit the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. This only applies when connecting to unavailable hosts, for example worms like Sasser guessing where to spread to.
You fail it! RTFA (Score:4, Informative)
No.
HP got it to work on Linux and HPUX, but didn't have the source to Windows XP, and so couldn't implement it for windows.
Someone else asks if they've ever heard of firewalls, but this technology is intended to stop worms once they're inside your lan.
Re:You fail it! RTFA (Score:2, Informative)
Re:Uh oh... (Score:3, Informative)
The Network stack portion of Windows may be based upon one of the BSD varients, and as a result HP could very possibly test their ideas on all of the BSD varients and see if it works there as well, but there is no assurance that such a change would be possible to roll into Windows as an updated dll for netwroking, or any other fix.
They are claiming to own HP-UX (and from my perspective there are welcome to keep it!) but they make no claims to owning Linux.
Since they are shelving this idea, I doubt that the patchs, or source they wrote for these updates will ever be made available to the Linux community. Then again, perhaps they all ready have been, and I just don't know it.
-Rusty
Yes, it is. For several reasons. (Score:3, Informative)
Next, so what? Whether you can "blame" MS or not has nothing to do with
My favproite quote was ``"...we don't own Windws'', says Redmond.''
My next favorite:
``Virus Throttling only springs into action after a virus has penetrated an organization's network, which made it "more difficult to sell," he says.''
It's not a hard sell to a company that's just been brought to its knees! I was at [nevermind whom] when one of the major virii hit in 2001 (CodeRed? I forget). The network was literally unavailable for at least a day and a half, and this company's bloodstream was its network. If HP had walked in with Virus Throttler, they could have named about any price.
At least, if it worked with Windows. 8^(
That was the one time it didn't help much to have a non-Win system (we had plenty of Solaris, and some Linux and Mac systems). Because two many of us had the mandated Windows box. Even though everyone in my group was effectively immune, having turned off all the extra crap... But having a Solaris server did help; our group's SA put up a DNS server and a few other things, and we limped along better than most.
Not necessarily (Score:3, Informative)
You dumbfuck (Score:3, Informative)
You think you're cute, but you're not.
Re:You dumbfuck (Score:3, Informative)
Their networking stack is fully documented (much better than Linux thank you very much) - All that is needed is a simple filter driver to catch packets going in/out - apply a policy to them, and poof - off you go.
Anyone can go out and get a hold of the Windows DDK DDK Order Page [microsoft.com]
It contains all the docs that you should need to do pretty much anything you need in the windows kernel. Now lets see you do the same thing with Linux - heck there isn't even a decent kernel debugger, unless you go with a third party and pray it gets maintained
Re:Fair enough, (Score:1, Informative)
Re:Does ZoneAlarm limit the number of (Score:2, Informative)
I would say in this case, either Microsoft refused to help HP, or they offered help with conditions that were unacceptable to HP. No doubt the details of which are all under some sort of NDA...
Re:Need more details... (Score:1, Informative)
He was talking about what the administrators should do, not what workers should do.
The administrators should set up personal firewalls on all the company's machines, for the simple reason that this will stop viruses spreading so easily if someone brings an infected laptop (or USB keychain, etc.) in from outside. It's as simple as installing XP SP2 in most cases. Intranet traffic should not be trusted, on any operating system, and if an admin assumes it can be, he shouldn't be an admin.
Even more secure would be to make it a dismissable offence to plug an external machine into the corporate network, but as it's mostly PHBs who like to take their laptops home in my experience, good luck to the admin who tries to suggest that as a solution.