Slashdot Mirror
Cisco Working to Block Viruses at the Router
macmouse writes "The San Francisco Chronicle has an article about Cisco and Anti-Virus companies working together to block viruses at the ISP (Router) level. It sounds like they will be using traffic shaping to block malicious traffic. Looking at it in an negative light however, it might mean that your required to have anti-virus software installed in order to use the internet. This can be a *big* problem for *nix/mac users which normally don't need or use AV software. Not to mention, being forced to purchase software from 'company x,y or z' in order to get online, regardless of platform. Hopefully, this is not going to happen."
The article doesn't say that client software is required at all... it says that after some checks the user may be prompted to download some software (presumably from an internal source) before it can connec to the internet.
However, if this original check is just done by some network secutiry checking (ie. looking to see if there is a vulnerable version of SSH or a misconfigured IIS etc) then all that would needed to be done would be to fix the potential exploit rather than install a piece of client software.
Potentially, this would just be like running nmap and other similar tools against the machine in question to test it out fot net-worthiness.
It could also check for open mail relays, which could help in the Fight Against Spam (tm).
D.
... and got my CCNA in June. We have a saying... "Let routers route and servers serve." Anti-virus is clearly a IT problem, but it's also a server responsibility. Not a router responsibility. I can't imagine supporting this. Every once in a while, we get someone (customer, whomever) who says "Oh! This new virus works on port 7654! Please block port 7654!" ... then I say "What happens if I run my website on port 7654? You can't get to it?". Limiting the function of a routing device because it might carry malicious code on an application level is a bad idea. This isn't a solution to the problem, this is another band-aid.
FLR
Also, how will the router check the security of devices where desktop security doesn't apply, like routers, printers, proxy servers, PDAs, or heck, even a promiscuous traffic logger?
"Access to 'HP LaserJet 8000' on 10.16.2.88 denied. The Cisco DRM system has determined that this host listens to ports (80/tcp, 135/tcp, 515/tcp), but does not run approved virus protection software." Yes, I can imagine explaining that to a vice president at 7am...
Regards,
--
*Art
Boy, and how long until a virus can make the response "yup, I'm secure"...
I wonder if this is the next step in the "Trusted Secure Computing" world? Routers won't accept traffic from non-trusted computers?
That is way veeery different. Stations will be ENFORCED to have installed this software in networks with this scheme. WTF???
It's entirely possible this article and the security program is directed at Windows users only. Neither Cisco or the Anti-virus vendors are malicious enough (IMHO) to block Unix/Mac boxes because they don't need the anti-virus software the companies sell. The wild internet frontier of email-address-confirming porn and Gatorware is probably here to stay.
It's also possible they might figure out a way to block certain version of programs, say WuFTPd, from having an unsecured link to the outside world. This could help prevent a university network being used as a DDOS tool because a student didn't upgrade his ftp server. Or a mail server which doesn't smart-relay through an authenticating server to stop student PC's spamming.
It's not always a virus that brings a network down. But when a university is forced to print 10,000 CDs with anti-virus and windows worm-removing tools to give to new students (who aren't allowed access to the university network if their box looks active on port 137) this might look like an alternative.
The evil that it does bring is in the form of anti-Free networking, where Linux boxes are used to form cheap routers and gateways, without a Cisco(R)-Symantec(R) licensed monitoring system, your access to the larger internet may be limited by your upstream provider, ala Verisign certs.
This system is probably for the intranet users to stop an OE/ IE virus bringing down their system before the poor tech guy patches the boxes.
In conclusion, don't be so smug with your Linux machine during the next round of Welchia or Klez, because if Linux had the desktop market share of Windows, then YOU'D be feeling the pain.
Bullshit. Could you describe how this would be possible? Is Pine or Balsa or [your email application here] integrated into the OS and have full access and scripting ability on your machine? Does it automatically run code and have the ability to add services to your computer that run automatically on startup? If this is possible I'd like to know how.
Bad boys rape our young girls but Violet gives willingly.
Why the hell is this classical moronic Windows-astroturfer-tripe moderated as insightful?
Let me tell you something: we don't have to speak in what-if's; we can look at an actual situation: Web server market.
According to netcraft, the most widely used Webserver is Apache. Now, do you see any Code Red worms on Apache? No.
Do you see any Nimda worms on Apache? No.
Do you see any other kind of worm on Apache? No
So there goes this nice theory. Next time a windows user trots out the old line of "windows is the primary target of viruses because of market penetration", smack him right into the face!