Slashdot Mirror

← Back to Stories (view on slashdot.org)

Throttling Computer Viruses

Posted by michael on from the slow-down-cowboy dept.

An anonymous reader writes "An article in the Economist that looks at a new way to thwart computer viral epidemics, by focusing on making computers more resilient rather than resistant. The idea is to slow the spread of viral epidemics allowing effective human intervention rather than attempting to make a computer completely resistant to attack."

4 of 268 comments (clear)

  1. Re:I have a brilliantly original idea by gorilla · · Score: 4, Interesting

    You have to seperate computer scientists, who research basic principles, with programmers, who implement those principles in available packages. No computer scientist would recommend that your develop an OS without memory protection, nor try to simulate multipe users on a system without file ownership. It didn't stop Microsoft.

  2. Re:I have a brilliantly original idea by mseeger · · Score: 4, Interesting
    We need to stop working just to accomplish the minimal functionality desired and start testing the hell out of our software to ensure that it's secure.

    Everyone has two complaints about the software he/she uses:

    • It's not secure/stable enough
    • It doesn't have enough features

    No one accepts, that the enhancement of one leads to a degradation of the other one. Cisco has a nice approach (at least they had it during my ISP days): There is a feature rich version and a stability oriented version. The pick is yours.

    Martin

  3. Re:Technique by OeLeWaPpErKe · · Score: 5, Interesting

    heuristic scanning is very ineffective.

    why ? new viruses are designed to subvert them. I've done it, installing 5 virusscanners to check if, and how they detect your virus. (btw my virus was a .com infector without a chdir instruction, not very dangerous, but it worked)

    example :

    wrong:
    -> to_infect = "*.com"; // oops, heuristics detect this

    right:
    -> boem = "*.c";
    -> othervariable = 5;
    -> to_infect = strcat(boem,"om");

    I have yet to see the first scanner that detects this one. The difference in codesize is about 3 extra bytes (assuming you were using strcat anyway) so in today's 500kb viruses it is negligeable.

    Heuristics are nice, they do have some effect, but they are no solution.

    Virusscanning is inherently responsive. The best they can hope to do is to repair the damage when it is done. They have no use whatsoever for online worms.

  4. No Replacement for Good Security Practice by Mandi+Walls · · Score: 4, Interesting
    While throttling is an interesting idea, it can be no replacement for methods that have been available for some time.

    • Patching your goddamn systems
    • ingress and egress filtering of IP addresses, at the local LAN and ISP level, to prevent IP address spoofing
    • using some common sense when filtering outbound traffic. does my web server need to be able to initialize outbound connections? no? then why does it?
    • host-based firewalling. reporting based on permitting outbound connections to known services to prevent droning of workstations
    • get rid of Outlook. if you're going to sit there and tell me that using Outlook is more important than the chance your financial statements, contract bids, salary information, etc gets sent offsite, you're insane
    • get HR and legal involved in the security policy. make turning off the host firewall and virus protection a terminable offense, up there with trying to access forbidden data
    • No unencrypted communications with business partners and customers
    • NAT everyone. Your accountant does not need a publicly-accessible workstation
    • VPN. It's a nice idea, but do you trust the marketing director's teenage kids on the computer at the other end?

    Now. why don't these things happen? Time. Money. Combination of both. Convenience. Lack of understanding on the part of users.

    But the big one is the belief that security is a product that can be purchased, that there is a quick fix out there that will solve all your security ills and hide you from all the bad guys.

    Security is a PROCESS. Better yet, it's a combination of processes, relating to employees at all levels of your organization, from the CEO to the custodial service contracted by your property manager. Hell, even building safer software isn't going to help you if your users refuse to use it 'cause it's a pain in the ass. Remember, they believe in the panacea of the "single sign-on". They put their passwords on post-its around their workstations. They keep their contacts (oh help us) in their Hotmail addressbook, regardless of how many 'sploits have been uncovered in Hotmail. They're afraid of computers.

    Security is expensive. And it should be, because it has to be done right. You need user participation, on all levels. It requires education and training, and a reduction in ease of use.

    There is no magic wand.

    --mandi