Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping Malware Before It Hits

Posted by timothy on from the every-bit-helps dept.

SpudGunMan writes "John Lockwood, Ph.D, an assistant professor of computer science at Washington University, and the graduate students that work in his research laboratory, have developed a hardware platform called the Field-programmable Port Extender (FPX) that scans for malware transmitted over a network and filters out unwanted data."

9 of 163 comments (clear)

  1. hah by mxn · · Score: 5, Funny

    Belkin beat him to it.. Though, their system goes one step further: rather than filter out unwanted data it turns it into precious precious ad revenue.

  2. A great idea, but..... by thewiz · · Score: 5, Insightful

    Who does the reprogramming of the device; the end user or the company that make the device? For security, I'd rather it be the end user.
    Also, shouldn't they make a cheap version for home users since those are the machines that are most vulnerable?

    --
    If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
  3. Nifty. by MoriarGryphon · · Score: 5, Insightful

    Sounds like a nifty piece of hardware. Put one at the front of your network, and reduce internal bandwidth wastage from propogation of virii/worms inward. Even if all your stuff is patched, this could help keep all your servers from having to listen to the worms and script kiddies several hundred times a second. ;>

  4. So windows.... by utlemming · · Score: 5, Funny

    Did it verify that Windows is mal-ware?
    What about Windows-update?

    These are hard questions that we need to know...

    --
    The views expressed are mine own and do not express the views of my employer.
  5. How it works by Anonymous Coward · · Score: 5, Funny

    For non geeky types, here is how it works.

    As part of the TCP/IP connection specification, Each Ethernet Cable has 65,536 exactly small fibers. To send data, a prgoram must tell the network card to "pluck" the fibers 5000 tines a second to send data.

    Now Viruses pluck usually unused fibers to confuse the Network card. Once it is confused the virus can Execute it self by running on the firmware of the Ether, which sends rouge Assebly instructions to the GBX register on the CPU which is an illegal instruction. This disables the ECIR and RIF jumpers on the motherboard. Then it can pluck all the wires at the same time, which of course causes a D-DOS attack.

    Now you know how it works, get a Firewall to stop the wrong fiber being plucked.

  6. advantages by BubbleNOP · · Score: 5, Interesting
    Some advantages I can think of:
    1. Speed. Servers often are already too loaded to run more apps that check for signatures.
    2. A hardware device is usually harder to hack than the software platform doing checking. A clever piece of malware can compromise the checking machine itself.
    3. If checking is done by a secondary machine, by the time it detects the malware the infected machine may be significantly damaged already. A hardware device placed between the network and the machine, on the other hand, can stop things early enough.
  7. it's the freeware, stupid by Potor · · Score: 5, Insightful
    Indeed. Funny how malware does not seem to infest products we actually pay for. The desire to find free software leads us to download products that are more and more iffy. The key is not detecting malware, for malware will always be one step ahead. The key is carefully screening what we will download, searching out reviews, reading the EULA before the install, and basically being intelligent.

    I am not against freeware -- far from it. However, I would say that there is freeware addiction out there that opens the doors to malware. Moreover, I am not against this product; it will certainly be helpful. Yet, those who put their trust in yet another algorithm will certainly get bit again, albeit in some other way.

    cheers, potor

  8. Sounds great. by rune.w · · Score: 5, Insightful

    Quoting from the abstract of the paper:

    FPGA logic is used to implement circuits that track the state of Internet flows and search for regular expressions and fixed-strings that appear in the content of packets.

    So apparently this hardware can only recognize patterns programmed beforehand (which makes a lot of sense). However, a problem would arise whenever an original piece of malware is released into the net. I mean, how do they plan to identify and program new strings into the machine before the systems behind it are infected? Worms tend to expand fairly quickly...

    Further insight is always welcome.

    R.
  9. Isn't this just a network censorship device? by Bookwyrm · · Score: 5, Insightful

    I am rather surprised at the commentary so far on this device, given the usual tone of responses made on slashdot that I have seen.

    This device appears to be, at heart, a box that is put in along side the routers to filter out content that the owner of the device does not want to be sent over the network. It is capable of looking for specific patterns of data and blocking the transfer of the data based on that in real time.

    Is this not precisely what one would use to filter out, say, unwanted political documents going in/out of China? To, say, spot a specific MP3 file being traded on a P2P network and stop it?

    Other comments seem to suggest people think this might actually be a workable, good idea -- guess folks are finally realizing that the Internet cannot route around all forms of censorship after all, if they think this will work.