Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tolerating Viruses In Order To Ignore Them

Posted by timothy on from the very-zen dept.

Tammy writes "This article discusses how a new approach to computer security focuses on allowing computers to function even when infected with a virus or worm. This relatively new approach contrasts with traditional, preventitive security that has been sucseptible to numerous attacks."

18 comments

  1. Passive Resistence by BuddaPxx · · Score: 1

    The Ghandi approach, eh?

  2. Seems to work... by darkov · · Score: 1

    People still get get work done even if their computer is infested with Windows.

    --
    Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
    1. Re:Seems to work... by Anonymous Coward · · Score: 0

      ...and while their noses run, and they sneeze onto the monitor.

  3. Big mistake by JimDabell · · Score: 1

    Keeping computers functioning after infection only serves to increase the propogation of the virus. Successful viruses keep the host healthy enough to aid transmission.

    For instance, if word viruses stopped you from opening word, they'd find it difficult to move from host to host. What would be better - an outlook virus that disabled email, or one that couldn't?

    1. Re:Big mistake by stoborrobots · · Score: 1

      But what they're describing here is *theoretically* a technique for preventing DoS attacks... Even though you are under the influence of malicious code, your services are "protected" from going down.

      So they're good.

      Except:

      Their technique is a combination of proxy servers, URLSpy-style query validation, clustered servers, and comparative validation. So:

      • how are they preventing anything, if every hit on the service produces 3 hits on the backend?
      • how are you protected from exploits against known vulnerabilities?
      • how are you protected from viruses propagating across your various systems?
      • how are you defending against Denial of Service when your "proxy server" can choose to deny service at will?
      Just my $0.02
      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
  4. Firewall by suss · · Score: 1

    To make a long story short, this is really nothing new; they're using firewalls, even though they're calling them 'proxy servers' and 'ballotting systems' for some reason.

    *shrug* move along, nothing to see here.

    1. Re:Firewall by Moeses · · Score: 1

      The novel approach here is the combination of a firewall like proxy with the balloting system and a suspicious activity monitor. The combination of these can provide a much more robust system (at the expense of complexity and more resources) than running a firewall alone.

      So while examples of each of the 3 sub-systems used in this approach have a existed for a long time, the combination of them in this context is a less well know (possibly new) idea and has merrit.

  5. Kind of silly.. by QuantumG · · Score: 1

    there's virtually no information in this pop-targeted piece. Frankly I think half the problem is calling something a virus that is clearly a worm. They're two different risks and require two different approaches to countermeasures. A simple layer of mandatory access control would stop the kinds of computer viruses I'm more likely to be refering to when I say 'virus'. Network worms require an approach that is mainly to do with a lack of any access control on sockets. Consider this: once one has gone to the trouble of indentifying and authenticating one's self to a computer system, why is one then permitted to start a process which gives the same access rights to anyone who connects on a high port? Surely anyone connecting on any port should be required to provide the same authentication to gain the access rights that are granted by the ssh daemon, for example. A system wide policy of how much access a process which is connected to the network should have by default is simple. To put this in terms that the unix jockeys will understand, accept() should result in setuid(nobody), until such time that the process can authenticate itself again.

    --
    How we know is more important than what we know.
  6. I hate the Bush Administration by Anonymous Coward · · Score: 0

    It's amazing this fraud was voted into. . .wait a minute.

    Nevermind.

    We live in fictitious times with a fictitious President.

  7. funny article, but also, redundant by z01d · · Score: 1

    SITAR employs fault-tolerance principles such as providing redundancy in key functions and diversity in configuration. For example, ... two different programs running on two different computers with two different operating systems.

    so you are going to help customers porting their key application, and buy the computer/OS, and call this "fault-tolerance "?

    SITAR's first line of defense consists of "proxy servers," computers that stand as intermediaries between the protected system and the outside world. The proxy servers screen incoming requests for service and decide whether to pass a request on to internal servers that do the real work.

    CheckPoint doesn't have a product with this feature?

    OK, stop, I have other things todo...

  8. irony by BortQ · · Score: 1

    This article seems like it's a virus that slashdot is willing to live with.

    --

    A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
  9. New? by clambake · · Score: 1

    This relatively new approach contrasts with traditional, preventitive security that has been sucseptible to numerous attacks.

    New approach to handling viruses? My company has left Windows running on thier machines for years... *rimshot*

  10. SITAR by warewolfsmith · · Score: 1

    Sitar

    Indian stringed instrument: an Indian stringed instrument with a rounded resonating body and a long fretted neck. There are several playing strings and a larger number that vibrate sympathetically. Need I Say More!!!!!!

  11. Virtual PC by cgenman · · Score: 1

    The meat of this article seems to be that you have 3 different OS's running, presumably as virtual machines, with a host that handles balloting of responses. So, in order to achieve security of outgoing responses, you have 4 times the infrastructure. However, for the military's purposes, they want to hide secrets and limit access to the machine... a problem that will be compounded when 3 different sets of vulnerabilities are placed on the internet. Apparently another set of machines will be needed to store data on a private network, lest someone hack into one of the secured machines. Ignoring what must be greatly reduced response per second times, you have now 8x the infrastructure. Somehow this seems like a solution only the Army would come up with.

    --
    The ______ Agenda
  12. Read-only by iamacat · · Score: 1
    Suppose I send a request to withdraw some cash from my account. If two backends agree to withdraw $100 and the last one decides to donate $100 to world peace, what exactly happens to my account and how much cash do I get?

    Clearly the systems that do real work, that need to be protected the most, can not be duplicated. Would work well for DNS/web servers though.

  13. . . . (long silence). . . by jonjon737 · · Score: 1

    ...(long silence)... ...(long silence)... ...(long silence)... ...ha ha ha, whoa, I almost forgot to laugh...

  14. Re:I hate the Bush Administration by thatdamnkid · · Score: 0, Flamebait

    you moronic, dirtbag, communist.

  15. I do not by AEton · · Score: 1

    I do not think that this article means what you think it means.
    This article describe the ability of a DDoS'd server to ignore the DoS'ing going on around it with a bunch of funny acronyms. It is not about a program continuing to work even after being infected by a virus, as the /. article suggests; besides, a good virus wants its host program to function mostly properly--a DDoS attack does not. The technology sounds interesting but flashy.
    And the article is not terribly informative. You know something is wrong when you see "History supports Wang's view." and it gets worse from there: "SITAR's first line of defense consists of "proxy servers"...
    So please read the article before you comment; the focus on redundancy instead of IDS is certainly not new--in fact, it's the more "old school" approach, unlike what the article suggests--but it's an interesting acronym-ridden approach we see here.

    --
    We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.