HP Shelves Virus Throttler Program 277
longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."
Need more details... (Score:5, Insightful)
Interesting (Score:2, Insightful)
Impeccable logic (Score:5, Insightful)
Anti-P2P Tool (Score:5, Insightful)
Microsoft's fault? More like the almighty buck's.. (Score:5, Insightful)
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.
Wait a second. This doesn't really protect internal networks as much as it protects the Internet from your-machine-gone-mad. That is to say, this product's operation assumes your anti-virus security measures have already failed you, and you've got a server making attack attempts outbound on the world at large. This would kick in and shut down that server's attempted attacks.
That'd be a great thing for all of us to be running to be good citizens of the Internet... but who'd buy such a thing? Afterall, you have to admit that your existing security products may occasionally fail you before you can even start to explain what this thing will do. And, after such a failure, you're already 0wned. So, you really have nothing internal left to protect at that point, and all there is to protect is the outside world. If your IT house is already on fire, it's sure nice to want to protect the neighborhood, but who's going to pay for that in advance?
Pointing to the fact that this would require some changes to Windows is a nice excuse, but anybody can get Microsoft to do anything when they come equipped with a truckload of money. I think the realization that people would run this if it was free, but no business in their right mind is going to buy it. I think HP realized that, and that's why they spiked this product. HP, afterall, is a business and can't afford to spend too much money on a research project that isn't going to lead to a profitable product.
I wonder if there are any academic groups working on similar projects who might be able to finish the work on this one...
In other news..... (Score:5, Insightful)
Re:/. worthy? (Score:2, Insightful)
Sounds like something already in SP2. (Score:3, Insightful)
Re:Redmond/HP says... (Score:4, Insightful)
Re:Microsoft's fault? More like the almighty buck' (Score:5, Insightful)
So, once you're infected, your server fails to spread at a rate of 10,000 connection attempts per second, instead it spreads slowly, maybe 100 attempts per second? Would this actually do anything besides give your sysadmins a few extra seconds to patch your system?
Wouldn't it be better to block the connection attempts instead, like with an outbound firewall? Maybe stop the app that was trying to connect unless authorised by the user (eg a P2P app)?
Re:Anti-P2P Tool (Score:4, Insightful)
Many of the problems of p2p stem from novice users. I really don't care if there are a few thousand less people spreading the latest teeny-bop tracks or infected files.
Re:/. worthy? (Score:2, Insightful)
Open source it (Score:4, Insightful)
Re:It's funny when (Score:3, Insightful)
And yes, the juxtaposition of the unfortunate person's name is very funny.
Re:Wait just a minute... (Score:3, Insightful)
Re:Viruses vs virii (Score:3, Insightful)
Re:/. worthy? (Score:3, Insightful)
I could just as easily write a program that won't run on Windows and not even try to port it to Windows and start claiming that Windows won't run it because it isn't Open.
Until I see something that says that Microsoft refused to make changes to Windows that HP suggested, I'll chalk this up to a publicity campaign by HP to join the M$ bashing bandwagon and make themselves look better to the F/OSS community.
Re:Wait just a minute... (Score:4, Insightful)
Re:Of course (Score:3, Insightful)
Here we go again: the virii-case. (Score:2, Insightful)
A whole bunch of "It's latin", "no, it's not", "it's slang", "no it's not" posts will pop-up like mushrooms.
While I agree that it's not correct latin, and I understand that some people have difficulties with the 'correctness' of it, it really doesn't matter one bit as to the validity of a word.
1)Language 'lives'; it changes with the passing of time.
2)Slang is not 'inferior' or 'wrong'; it are just words that are used in a subculture.
3)Words of a subculture can and have become 'mainstream'
4)In the past, english (as many other languages) has been 'corrupted' with equally 'wrong' words...yet we use them today as if they always have been correct, mostly not even being aware that once they were considered stupid, wrong, grammatically incorrect, foreign, nonsensical, inferior, ridiculous, the result of laziness, plain misspelled, etc.
Yet they are *all* considered mainstream english now! So, let's face it, there is *no* objective mechanism where you can say; this word has no place in our language or not.
If it's understood and used in this language, then ipso facto, it *IS* part of that language.
Now, anyone understands what is meant by 'virii' and more and more people/posts use the term virii, with purpose, even beyond their 1337 roots.
So it really is silly to fulminate that virii is not a word; it is used as one, it is understood as one, and it even has left it's pure sub-culture 1337 roots behind so that now it's actually becoming slowly mainstream. So what, in a year or 5, it may end up in the dictionary, as so many 'non-existent' words before it...and what will be the the contra-argument then?
Why, in another 20 years most persons won't even know anymore that it was once considered as 'non-existent' or 'wrong'. They will use it, as we use all those other words where people fulminated against, just as with they will with new, totally wrong words that will pop-up. That's what it means when we say a language lives, after all.
Re:Wait just a minute... (Score:5, Insightful)
The throttling functionality really needs to reside on the router side, on routers that don't run Windows. Then every joe-shmoe virus/worm won't be able to bypass it easily.
Re:Viruses vs virii (Score:1, Insightful)
Well, no. You can't.
English is a decentralized and developing language. Refrences like dictionaries follow rather than lead.
Kind of Funny really (Score:4, Insightful)
Re:Of course (Score:2, Insightful)
That's exactly the difference. It takes an experienced user to make Windows secure. It also takes an experienced user to make a Mac insecure. How many "ignorant users" would buy a Mac, and then spend an hour or so de-activating the firewall, changing the default permissions, and enabling the root account?
Re:Impeccable logic (Score:2, Insightful)
It seems the market for this is corporate networks, so they could release a product that is useful without being bundled with windows.
-Drea-
Re:Here we go again: the virii-case. (Score:3, Insightful)
Now I understand that languages change; but saying "virii" instead of "viruses" is a STUPID change, and I want it to stop. I'm perfectly willing to let good changes come along (like being able to use "they" as the third-person non-gender-specific singular), but I'm going to do my damnedest to put a stop to "virii."
To everyone who says "virii": You sound like an uneducated rube. It's "viruses," not "virii." Cut it out.
Yes, languages change, and I have just as much right to try to stop people from changing the language as they do to try to change it. We'll see who wins.
Re:Need more details... (Score:2, Insightful)
Re:Microsoft's fault? More like the almighty buck' (Score:3, Insightful)
The neighborhood would want to pay for that. Really, we're talking about people who already can't figure out how to operate windows update or install firewalls of their own, they certainly aren't going to buy this because they don't care. But, when their ISP gives them a nice shiny CD that just happens to include this, they'll chuck it onto the machine with the rest of the junk ISPs give you. Think AOL, SBC Yahoo's self-install CD, Roadrunner.
Sounds like a good application for home routers (Score:2, Insightful)
The software would need to monitor every IP address on the LAN for viral indications, and then kick into throttle mode only for the indicated IP address.
It wouldn't take too much CPU or memory to monitor 1-10 IP addresses, but it might be prohibitive for 100-1000.
Re:Microsoft's fault? More like the almighty buck' (Score:3, Insightful)
HP owns two class A networks (15.* is old HP's, and 16.* is old DEC's which came with the Compaq merger). If you have that much network of your own, you want to suppress infected machines in order to defend your own network. It's not the Internet they are trying to defend. Other companies with big networks may also have similar problems, so they are the potential customers for this technology.
I suspect that the problem is not that HP can't get something to work on some particular Windows configuration, but that they can't create a commercially viable product that can be deployed to all kinds of corporate Windows desktops without an XP SP2 kind of incompatibility nightmare. Remember that it's the corporates who are holding back on SP2 because of compatibility issues, and no sane company wants to stare into that support black hole with no control over the main engines.
Note also that the article did not say that HP were abandoning the work, it is going back into the labs and they are looking for other ways to use it.
Re:Need more details... (Score:2, Insightful)
Any *decent* corporate network will be VLAN-ed well enough that a break-out will not affect the whole network. There's plenty of monitoring/centralised administration stuff out there that can force updates to remote hosts or even block infected clients from network access.
Any sysadmin that can't see this after the blaster deserves what they have coming.
I'm scared that people actually think that corporate LAN security == personal firewall.