Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Working to Block Viruses at the Router

Posted by michael on from the license-to-surf dept.

macmouse writes "The San Francisco Chronicle has an article about Cisco and Anti-Virus companies working together to block viruses at the ISP (Router) level. It sounds like they will be using traffic shaping to block malicious traffic. Looking at it in an negative light however, it might mean that your required to have anti-virus software installed in order to use the internet. This can be a *big* problem for *nix/mac users which normally don't need or use AV software. Not to mention, being forced to purchase software from 'company x,y or z' in order to get online, regardless of platform. Hopefully, this is not going to happen."

9 of 369 comments (clear)

  1. nmap on a router? by x-router · · Score: 5, Interesting
    I think what they are 'trying' to say is the the router itself will scan your machine in a nmap way to see if it can find problems.

    If it finds issues then it will drop you from the network or block that port / problem.

    Rather than check if you have the latest version of norton installed..but perhaps I read it wrong?

  2. Implications? by spektr · · Score: 5, Interesting

    Does this mean that I can't talk about viruses using code-samples over the internet? I can't download and study exploits anymore? If there is any possibility to encode the virus-code to circumvent the filter, then the virus can possibly do the same...

    1. Re:Implications? by GoofyBoy · · Score: 3, Interesting

      Maybe even worse, it could be used for filtering out non-virus data, such as copyright infringing files or controversal political opinions.

      Then again, that might be just "Doesn't this shiny metallic hat look good on me?" talk.

      --
      The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
  3. LAN Systems by grahamm · · Score: 3, Interesting

    Will it check that every computer connected to an internal network, probably hidden behind an internal NATing router, has the appropriate protection installed?

  4. We kinda do this at Rutgers by pyite · · Score: 5, Interesting

    We sort of do this at Rutgers University This summer was absolutely crazy for the network, due to all the worms and such. A new policy was instituted which requires users to visit a website which checks their operating system. If they're running Windows, they are *required* to download a scanner that checks for the relevant worms and installs Anti-Virus software. Users running alternative operating systems are completely exempt. It just says "There are currently no additional requirements for running Linux on the residential network." We've just begun shutting people off who fail to comply with the policy. I, for one, like it. However, the routers start to get overloaded if they have too many access control lists because they have trouble running them on the ASICs. So, they have to run in software mode, which starts to slow things down.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  5. Routers are transparent to end systems by cpghost · · Score: 4, Interesting

    End systems are not affected by routers dropping IP packets with harmful content. All what end systems see are IP packets. They may see less of them, if filtering is enabled on the router, but the packets have nothing special about them that would need AV software on the clients.

    But, a router doesn't always have to drop packets. It could tag them with a special marker, and clients could then react accordingly, e.g. by dropping them in their TCP/IP stack.

    This could be somewhat similar to what SpamAssassin does, when tagging spam mail with an X-Spam header. It's up to the mail user agent to decide what to do with mails tagged that way.

    --
    cpghost at Cordula's Web.
  6. Security measures by pjrc · · Score: 4, Interesting
    From the article:

    Any device trying to connect to the network will be checked to see whether it has security measures already in place.

    I just gotta wonder if this is going to look for any response on certain ports like 135-139, or if Cisco is specificly going to check for a proprietary response from the products of Network Asc, Symantec and Trend Micro?

    What it ought to do is a TCP fingerprint and look for any Microsoft Windows operating system.

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  7. I don't mind this by digitalgimpus · · Score: 3, Interesting

    I'm sure a open source product will allow Mac/Nix users to access such networks (at no cost).

    Would make computing much more secure.

    It's still annoying for Mac/nix users to get thousands of annoying virus emails from their windows friends (if you can call them friends).

    Every product normally starts out with 1 company producing it... if it's good, normally clones come about.

  8. Re:Uh by julesh · · Score: 3, Interesting

    . All that means is that Linux and Mac users are going to have to keep up with pathces too (and yes, there *are* occasional holse for those systems, just not worms)

    Speaking as someone who was nearly infected by a Linux worm through a BIND exploit, I can confirm that such things do exist and are in the wild.

    The worm in question attempted to install a back door into my machine and was foiled by the greatest security measure ever taken: not having a LF on the end of /etc/inetd.conf (!)