Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM's Billy Goat Squashes Worms

Posted by Hemos on from the behavior-based-activity dept.

fr0z writes "InformationWeek is running a story on "Billy Goat", a novel worm-squashing software developed by researchers in Zurich, Switzerland. IBM says it wants to turn Billy Goat into a product to help guard against computer-network attacks such as those that slowed Internet traffic earlier this month."

13 of 170 comments (clear)

  1. What's the point? by mOoZik · · Score: 5, Insightful

    Detecting potential attacks is one thing and preventing damage and slow-down of the internet is another. Even now we can somewhat predict them before they begin to slow the entire net down. But seeing how something akin to these last two worms will slip right by even with our knowledge, this technology becomes rather redundant. Eventually, educating the end-user will be a greater force than some goat.

    P.S. any coincidence it is named "Billy"?

    --
    A blog like any other.
    1. Re:What's the point? by mOoZik · · Score: 3, Insightful

      All good points, but I was actually referring to the many worms which dwell in os holes. If users were educated enough to know why a patch is useful, then the effects of the last two (or three?) worms, for example, would be nulled. The warning and patch predated the swarm by 3 weeks. Even for someone on 56K and even with assumed problems with the windows update site, 3 weeks is plenty of time to avoid such a mess. Granted, it wouldn't solve all the problems, and a heavy fist on the side of the ISP's would alleviate the problems, but something like billy goat just doesn't solve them.

      --
      A blog like any other.
    2. Re:What's the point? by KrispyKringle · · Score: 3, Insightful
      I suppose there are multiple avenues to success. And while educating the end-user may be ideal, I just don't think its reasonable to expect that it will happen any time soon. Heavy-handed ISP's, as you put it, are a good alternative.

      End-users often don't see why they should secure their PC's. They figure they don't have anything important on them, so what's the big deal? Then they are used as launching points for DoS attacks, they spread worms, and so forth. But end users don't have the time or inclination to be security professionals.

      ISPs could implement stronger router controls to block DoS attacks from zombied machines. They could implement automatic IDS-based router controls to block the spread of worms. And--egads--perhaps software companies could start focusing on security a bit more (with some added incentive from the legal liability they ought to have, in my opinion). In other words, end users should be taken as end users. We cannot expect that all or most will secure their machines to the extent that you or I may. So we find work arounds.

  2. Interesting technique by farnz · · Score: 5, Insightful

    It sounds like a nice extension of egress filtering; you know which of your IPs are unassigned, and so you assume that boxes trying to access unused IPs are up to no good, and act accordingly (firewall the affected box off, and investigate). Slows worm propagation, and discourages people from scanning your entire address space unnecessarily.

    --
    I appear to have a blog. Odd.
  3. Well... by Kai_MH · · Score: 2, Insightful

    You can always depend on IBM. They contribute to Linux... help Windows users... make awesome products, even if they do cost too much... But, hey, IBM is great.

    1. Re:Well... by alangmead · · Score: 2, Insightful

      I'm sorry. I remember too much of the antitrust suit against IBM to fully trust them. I'll thank them for each thing they do to help advance free software, and the computer industry as a whole, but I reserve the right to examine each decision individually.

  4. Re:Billy Goat by bubbasatan · · Score: 3, Insightful

    An amusing interpretation, but how about calling it a billy goat because it will eat anything?

    --
    Windows is going the way of phlogiston...
  5. A better mousetrap, perhaps by Mostly+a+lurker · · Score: 3, Insightful
    I have two immediate reactions. The first is that, on the face of it, there is nothing very revolutionary here. On the other hand, maybe all that is needed is a high quality implementation of techniques that are already known. I have read in several places recently that (excluding false alarms) rapid detection of attacks was not actually that difficult.

    My second reaction is that the focus needs to be at the level of the ISPs. To expect all users to reliably protect themselves against attacks is just naive. Technology that could immediately detect attacks and prevent their propogation to individual users in the first place seems to me feasible and desirable.

  6. In case you don't get the names... by Vexar · · Score: 3, Insightful
    short for anal-retentive, a 'clever' way of articulating someone has a detail-oriented obsession or obsessive-compulsive behavior. It describes the person as unable to relax, or constipated.

    Sadly, people just know 'anal' these days. Gone are days of long ago when people said what they meant, and did not lean on the spindly crutch of catchphrases and colloquialisms.

    I can now imagine that this sort of intrusion detection software will be known only as Billy Goat, just as so many use 'trojan' and 'virus' when such terms are far from inappropriate to describe a specific piece of software with destructive intent. Why, just this morning, an interview with the prosecutor of Blaster.B accused author Jeffrey Lee Parsons, yielded such terms as "cyber-hacker." Since when did "cyber" need to be prefixed? I'm waiting for someone in the legal profession to butcher that term, and vomit terms like Cyber-goat.

    IBM was foolish to announce this so early. I just know they will get targeted by the crackers out there for it (note, that's criminal-hacker, not ebonic-slang/slur for white peson), and then the crackers will roast the billy goat over IBM's own firewall!

    For those who aren't well-educated on nursery rhymes, go read up on Three Billy Goats Gruff. You will find the proper origin of the software name there, trade-related double-entendre's notwithstanding.

  7. Re:inapproporiate title? by Overly+Critical+Guy · · Score: 2, Insightful

    The result is that something like Blaster gets caught before your whole network is infested.

    Instead of buying something called "Billy Goat," you could also just download the free patch that fixed it a month before...

    --
    "Sufferin' succotash."
  8. Let billygoat's platform of choice be Linux! by mwfolsom · · Score: 3, Insightful

    Strikes me that it would be great if billgygoat was designed on top of a Linux kernel.

    If it turned out to be a great product that would be a wonderful bit of irony. Linux working to say a messed up windows world.

  9. Missed it by THAT much! by The+Monster · · Score: 3, Insightful
    block ip
    So close. Instead of blocking the IP, tarpit it! Force the attacker to
    s l o w . d o w n
    while keeping the rest of the network moving right along while emailing the admin about it.
    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.

  10. Re:inapproporiate title? by mcc · · Score: 4, Insightful

    you could also just download the free patch that fixed it a month before...

    I think the idea is that the product is going to be targetted at ISPs and people in similar situations.. you know, where the people controlling the network don't necessarily have control of the computers actually running on the network. What good is a patch if you can't get your users to install it cuz they're dumb?

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts