HP Shelves Virus Throttler Program 277
longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."
/. worthy? (Score:3, Interesting)
That aside, any coincedence that the vice president and chief technology officer of HP is named Tony Redmond?
Re:/. worthy? (Score:4, Funny)
'"we don't own Windows," Redmond says.'
WTF?
Re:/. worthy? (Score:2, Insightful)
Re:/. worthy? (Score:4, Interesting)
I'm pretty sure the people who wrote Tiny Personal Firewall didn't have access to the Windows source code.
So enlighten me again - what does this have to do with Windows being a "closed proprietary OS" again?
And BTW, this is something already built into XP, as you can tell from the many comments in this article.
Re:/. worthy? (Score:3, Interesting)
I'm pretty sure you're right. And I'm also pretty sure Tiny Personal Firewall doesn't come close to doing what the software from HP would do (I think it checks for the activity of worms or viruses and throtles their usage to "block" DoS attacks or something like that.) Anyone can write a firewall, it's a bitch writing software to throttle network and CPU usage for a particular process.
So enlight
Re:/. worthy? (Score:3, Insightful)
I could just as easily write a program that won't run on Windows and not even try to port it to Windows and start claiming that Windows won't run it because it isn't Open.
Until I see something that says that Microsoft refused to make changes to Windows that HP suggested, I'll chalk this up to a publicity campaign by HP to join the M$ bashing bandwagon and make th
Re:/. worthy? (Score:2, Insightful)
Re:/. worthy? (Score:5, Funny)
Re:/. worthy? (Score:3, Interesting)
yeah? So HP is saying they can't get it to run on Windows because they can't alter the networking code? WTF? Have they never heard of firewalls, that happily block network connections, even on Windows.
Perhaps they've altered the HP network stack so th
You fail it! RTFA (Score:4, Informative)
No.
HP got it to work on Linux and HPUX, but didn't have the source to Windows XP, and so couldn't implement it for windows.
Someone else asks if they've ever heard of firewalls, but this technology is intended to stop worms once they're inside your lan.
Re:You fail it! RTFA (Score:2, Informative)
Does ZoneAlarm limit the number of (Score:2)
Re:You fail it! RTFA (Score:2)
there have allready been developed worms that disable norton products when it infects a windows pc.
this trys to look for insane traffic patterns that you only get from a worm and kill it on a kernel level.
question is, could they develop this as
Re:You fail it! RTFA (Score:2)
Re:/. worthy? (Score:2, Funny)
pay no attention to the man behind the curtain.
The longer reason is because it isn't compatible with Windows [and Linux doesn't need it].
______________________________________
My Trunk Monkey can beat up your Trunk Monkey.
http://www.suburbanautogroup.com/ford/trunkmonkey
Yes, it is. For several reasons. (Score:3, Informative)
Next, so what? Whether you can "blame" MS or not has nothing to do with
My favproite quote was ``"...we don't own Windws'', says Redmond.''
My next favorite:
``Virus Throttling only springs into action after a virus has penetrated an organization's network, which made it "more difficult to sell," he says.''
It's not a hard sell to a company that's just been brought to its knees! I was at
I get it. (Score:5, Funny)
Take out Windows, and you take out the problem. Go HP!
Re:I get it. (Score:3, Funny)
It could be vaporware, but there are things that exist currently that do the same thing:
Seti@home, Folding@home, Slashdotting, and Windowsupdate during a scare...for instance.
Heck, even I've done it...of course the switch misconfiguration was a coincidence.
Re:I get it. (Score:2, Funny)
Need more details... (Score:5, Insightful)
Re:Need more details... (Score:5, Funny)
Re:Need more details... (Score:2, Insightful)
My favorite quote.... (Score:5, Funny)
Re:My favorite quote.... (Score:2)
(...unless it was deliberate, of course...?)
Re:My favorite quote.... (Score:5, Funny)
Re:My favorite quote.... (Score:3, Funny)
It's funny when (Score:2, Funny)
"we don't own Windows," Redmond says. and do a double take, thinking it's coming from Microsoft...
Re:It's funny when (Score:3, Insightful)
And yes, the juxtaposition of the unfortunate person's name is very funny.
Interesting (Score:2, Insightful)
Impeccable logic… (Score:5, Insightful)
Who said they didn't try? (Score:2)
Re:Impeccable logic… (Score:2, Insightful)
It seems the market for this is corporate networks, so they could release a product that is useful without being bundled with windows.
-Drea-
Who says MS didn't say wait for Longhorn... (Score:2)
They may have said, "See you in 2005-2006" and that's why HP put it back in the lab, instead of just outright cancelling the project and deleting the source code. (Which is the implication your post makes.)
why not? (Score:5, Funny)
Anti-P2P Tool (Score:5, Insightful)
Re:Anti-P2P Tool (Score:4, Insightful)
Many of the problems of p2p stem from novice users. I really don't care if there are a few thousand less people spreading the latest teeny-bop tracks or infected files.
Not necessarily (Score:3, Informative)
Re:Anti-P2P Tool (Score:2)
never underestimate what people will go through to get something for free!
Microsoft's fault? More like the almighty buck's.. (Score:5, Insightful)
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.
Wait a second. This doesn't really protect internal networks as much as it protects the Internet from your-machine-gone-mad. That is to say, this product's operation assumes your anti-virus security measures have already failed you, and you've got a server making attack attempts outbound on the world at large. This would kick in and shut down that server's attempted attacks.
That'd be a great thing for all of us to be running to be good citizens of the Internet... but who'd buy such a thing? Afterall, you have to admit that your existing security products may occasionally fail you before you can even start to explain what this thing will do. And, after such a failure, you're already 0wned. So, you really have nothing internal left to protect at that point, and all there is to protect is the outside world. If your IT house is already on fire, it's sure nice to want to protect the neighborhood, but who's going to pay for that in advance?
Pointing to the fact that this would require some changes to Windows is a nice excuse, but anybody can get Microsoft to do anything when they come equipped with a truckload of money. I think the realization that people would run this if it was free, but no business in their right mind is going to buy it. I think HP realized that, and that's why they spiked this product. HP, afterall, is a business and can't afford to spend too much money on a research project that isn't going to lead to a profitable product.
I wonder if there are any academic groups working on similar projects who might be able to finish the work on this one...
Re:Microsoft's fault? More like the almighty buck' (Score:5, Insightful)
So, once you're infected, your server fails to spread at a rate of 10,000 connection attempts per second, instead it spreads slowly, maybe 100 attempts per second? Would this actually do anything besides give your sysadmins a few extra seconds to patch your system?
Wouldn't it be better to block the connection attempts instead, like with an outbound firewall? Maybe stop the app that was trying to connect unless authorised by the user (eg a P2P app)?
Re:Microsoft's fault? More like the almighty buck' (Score:2)
Of course, the problem is that these machines have been comprimised, and it's damn near impossible to unpwn a machine without formatting the hard
Re:Microsoft's fault? More like the almighty buck' (Score:2)
Well, maybe only one machine on your LAN has been infected yet and you don't want them all to be.
Re:Microsoft's fault? More like the almighty buck' (Score:2)
Re:Microsoft's fault? More like the almighty buck' (Score:3, Insightful)
The neighborhood would want to pay for that. Really, we're talking about people who already can't figure out how to operate windows update or install firewalls of their own, they certainly aren't going to buy this because they don't care. But, when their ISP gives them a nice shiny CD that just happens to include this, they'll chuck it onto the machine with the rest of the
Re:Microsoft's fault? More like the almighty buck' (Score:3, Insightful)
HP owns two class A networks (15.* is old HP's, and 16.* is old DEC's which came with the Compaq merger). If you have that much network of your own, you want to suppress infected machines in order to defend your own network. It's not the Internet they are trying to defend. Other companies with big networks may also have similar problems, so they are the potential customers for this technology.
I suspect that the problem is not that HP can't get something to work on some particular Windows configuration, but
SNAFU (Score:2)
Situation Normal All Fxxxed Up.
Just one of the ways you know Microsoft has never been serious about security.
The best security is when your own people are aware of what's going on and are in a position to put a stop to stuff going on that shouldn't be going on. The problem's not getting a virus, it's passing it on to a bunch of unsuspecting friends and neighbors.
Redmond/HP says... (Score:2)
Re:Redmond/HP says... (Score:4, Insightful)
In other news..... (Score:5, Insightful)
Wait just a minute... (Score:5, Informative)
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.
Re:Wait just a minute... (Score:2)
Re:Wait just a minute... (Score:3, Insightful)
Re:Wait just a minute... (Score:3, Interesting)
Last I checked winpcap could be installed without a reboot or any user intervention via a silent option to the installer, at least under 2000/XP. I know for a fact you can construct raw packets however you want with winpcap since I use it in my tunneling program.
I don't really see what would stop somebody from embeding winpcap or something similar and spewing out garbage completely bypassing windows tcp/ip stack. Other then size of course, it would be a large worm to include a bunch of dlls just for that.
Re:Wait just a minute... (Score:4, Insightful)
Re:Wait just a minute... (Score:5, Insightful)
The throttling functionality really needs to reside on the router side, on routers that don't run Windows. Then every joe-shmoe virus/worm won't be able to bypass it easily.
Or they couldn't get it to work.... (Score:5, Funny)
Me: "I had to shelve the clients project, sorry."
Boss: "Why?!"
Me: "Incompatabilities with Windows."
My arse.
You dumbfuck (Score:3, Informative)
You think you're cute, but you're not.
Re:You dumbfuck (Score:3, Informative)
Their networking stack is fully documented (much better than Linux thank you very much) - All that is needed is a simple filter driver to catch packets going in/out - apply a policy to them, and poof - off you go.
Anyone can go out and get a hold of the Windows DDK DDK Order Page [microsoft.com]
It contains all the docs that you should need to do pretty much anything you need in the windows kernel. Now lets see you do the same thing with Linux - heck there isn't even a decent kernel debugger, unless
Fair enough, (Score:3, Interesting)
Sounds like something already in SP2. (Score:3, Insightful)
Viruses vs virii (Score:4, Informative)
Virii is not a word in the English language; or any other language as far as I know.
I recommend correctional facilities for those using the word 'virii'.
Re:Viruses vs virii (Score:2)
Re:Viruses vs virii (Score:5, Funny)
I think you mean "facilitii".
Re:Viruses vs virii (Score:5, Funny)
Remember --- one virus, two virii, three viriii, four viriv ...
Latin is easy!
Re:Viruses vs virii (Score:2)
http://dictionary.reference.com/search?q=virus
virus
n. pl. viruses
http://dictionary.reference.com/search?q=virii
No entry found for virii.
Re:Viruses vs virii (Score:2, Interesting)
How many people use alot?
Just because many poeple use the word doesn't make it proper and all my English teachers have proven this to me when they used to take points away from my papers for using words that were infact not words.
IMHO virii is a word construted by nerds here at
Re:Viruses vs virii (Score:2)
Re:Viruses vs virii (Score:3, Insightful)
Re: Viruses vs virii (Score:3, Interesting)
Rather different from this case, which seems to result from pure ignorance.
Personally, what really irks me is the use of a Latinate plural for a naturalised English word. English already has a perfectly good mechanism for indicating a plural, one that's used by the h
Not just HP.... (Score:3, Informative)
This is what today's Wall Street Journal said:
So how can you get rid of spyware and how can you avoid it in the first place? One nearly surefire cure is to dump your Windows machine and buy an Apple Macintosh.
http://ptech.wsj.com/archive/report-200408.html [wsj.com]
Of course (Score:2)
Re:Of course (Score:3, Insightful)
Re:Of course (Score:2, Insightful)
That's exactly the difference. It takes an experienced user to make Windows secure. It also takes an experienced user to make a Mac insecure. How many "ignorant users" would buy a Mac, and then spend an hour or so de-activating the firewall, changing the default permissions, and enabling the root account?
The obvious (Score:2)
So, they are starting their own GNU/Linux distribution?
Feel ready to own one or many Tux Stickers [ptaff.ca]?
Uh oh... (Score:2)
Does that imply that HP thinks they own Linux? I think we just figured out their new strategy to generate revenue in the future.
Re:Uh oh... (Score:3, Informative)
The Network stack portion of Windows may be based upon one of the BSD var
Re:Uh oh... (Score:2)
I don't think there is the slightest danger of HP becoming the next SCOundrel, unless they want their share price to go the same way...... The SCOundrel strategy failed to generate revenue except from a few idiots who paid up, it would not have paid for one m
Microsoft actually made some efforts in SP2 (Score:5, Informative)
- TCP data cannot be sent over raw sockets.
- UDP datagrams with invalid source addresses cannot be sent over raw sockets.
Some changes to combat worms:
- Updated TCP/IP stack to limit the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. This only applies when connecting to unavailable hosts, for example worms like Sasser guessing where to spread to.
A good idea- implemented in the wrong place (Score:2)
What about all the machines on the same side (Score:2)
Re:What about all the machines on the same side (Score:2)
Great.. (Score:2)
Open source it (Score:4, Insightful)
Pre-emptive better than reactive? Sence when? (Score:4, Interesting)
Im my experience it has always been easier to sell reactive solutions to DDoS, worms, and virii.
Working on OpenVision*SecureMAX and Securify(kerberos) back at OpenVision (bought by veritas, products sold to PlatniumGroup, then who knows where), we had a very very hard time selling our prevenative security software (for all the *nix platforms of the time and Windows NT). Everyone wanted virus removal software. Even when Satan was released, people didn't want to have an audit of which machines were vulnerable in the company.
I left the computer security buisness back in '97. At which point did it become easier to sell prevenative measures? Was it just this past year or two with all the outbreaks? Or did veritas make a huge mistake is selling off its aquired security products when it did?
Re:Pre-emptive better than reactive? Sence when? (Score:2)
I would venture so. Three or so major virus incidents (such that they noticibly slow the entire internet) per year for the last three years gets people thinking.
Most people wouldn't believe there is a problem until it slaps them upside the head. Much like road commisions don't do risk assessments of intersections until after several people die in accidents. Only after then does th
Bandwidth Limiting Howto (Score:2)
So will Microsoft pick up the ball? (Score:2)
If so, will they patent it?
I tend to think that the technology would be useful and should be implemented. Maybe HP can license the technology to Microsoft. Here's hopin'
In other news.... (Score:2)
HAH! (Score:2)
Its not hard to find the connections, you just have to google them!
http://www.commondreams.org/news2004/0310-11.ht
Seriously, someone needs to make a game called 6 degrees of Halliburton. That would rock.
What so special (Score:3, Interesting)
Sad, but... (Score:2)
But there might have been another way, after all Zone Alarm manages to insert itself between the core of Windoze and the outside world (as presumably do all software firewalls, even the ones that don't work properly, like Symantec). I guess that would need code so radically different from the *nix version that it would be an entirely different thing.
On the other hand, if you w
Looks like a kludge anyway (Score:2, Interesting)
But really, I believe the concept of virus scanners and throttler's such as this are a temporary patch to a problem, not a solution. What if instead of putting on a governor on the IP stack, the OS or a router down the line detects these types of problems. The infected OS is alerted and optionally suspends the attacking process until it is cleared by the user or administrator.
Some ISP's do something simular. One emails the user saying tha
Re:Looks like a kludge anyway (Score:2, Interesting)
It is a bit like the algorithms used by some mobile phone networks to detect that your phone has been stolen, and block its use, by detecting a very abnormal usage pattern.
But the ultimate answer is to sub-contract the suppression of virii etc to the RIAA, after all they have shown how (not!) to tackle minor amounts of illegal file copying.....
:-)
Here we go again: the virii-case. (Score:2, Insightful)
Re:Here we go again: the virii-case. (Score:3, Insightful)
Now I understand that languages change; but saying "virii" instead of "viruses" is a STUPID change, and I want it to stop. I'm perfectly willing to let good changes come along (like being able to use "they" as the third-person non-gender-specific singular
Kind of Funny really (Score:4, Insightful)
Already in XP (Score:2, Interesting)
Perhaps, HP got it a bit too late, unfortunately, thats how software market is. Unless HP was sure they have a better product, no point in competing with something the OS offers now.
I have seen this before (Score:2)
Hyuga: Fast! Too fast!
Aoba: The calculation speed is incredible!
Ritsuko: Change the login mode! Change synchronisation code, to every fifteen seconds!
Aoba: Roger.
Hyuga: Yes ma'am.
Fuyutsuki: How much time did we buy?
Aoba: At least two hours, I think.
If Microsoft was wiling to actually fix Windows... (Score:3, Interesting)
HP could have done it by implementing their own network stack, the way VPN and private firewall software vendors do, but it would be much easier if Microsoft was willing to play along.
But then if Microsoft was willing to work with anyone else on fixing Windows, they'd be better of if they started with the many many features of Windows that actively encourage the spread of viruses instead of messing about with half-measures like this. Instead of crippling the OS so it can't do occasionally useful and sometimes vital operations (as Microsoft themselves are doing in XP SP2, don't forget) they should start by splitting IE into a safe HTML-rendering engine and a web-browser that uses it but takes control of its own security...
Sounds like a good application for home routers (Score:2, Insightful)
The software would need to monitor every IP address on the LAN for viral indications, and then kick into throttle mode only for the indicated IP address.
It wouldn't take too much CPU or memory to monitor 1-10 IP addresses, but it might be prohibitive for 100-1000.