Slashdot Mirror
HP Shelves Virus Throttler Program
longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."
This is a product that was intended for use on Windows, they obviously couldn't get it working on Windows. Don't start blaming MS for this one...
:) j/k
That aside, any coincedence that the vice president and chief technology officer of HP is named Tony Redmond?
So it throttles Windows in general, thereby slowing the spread of viruses! I like it!
Take out Windows, and you take out the problem. Go HP!
I'd like to know what the problems are with Windows machines. If you're router/gateway/firewall is limiting outgoing connections, your OS should be able to handle it. Even if it does cause problems, how often does the throttle kick in where there isn't a worm/virus present on the host machine? If this false positive rate is low enough then I'd implement it anyways.
...because "we don't own Windows," Redmond says.
It's funny when you read a sentence like
"we don't own Windows," Redmond says. and do a double take, thinking it's coming from Microsoft...
I didn't RTFA, but did they by any chance "invent" Linux or some other Unix system? It seems to me that the permissions thing in Linux would stop worms cold.
This is a pretty interesting idea, I only wish I worked. Of course, the only thing that DOES work in Windows, is everything that you DON'T want to work, such as...you guessed it...viruses.
It's not compatible with windows, so let's not even try getting MS to make newer versions compatible, or spend resources writing a virtual device driver. They argue that defense is better than treatment, but forget that a 2 pronged attack is better than pure defense. Even the best firewall and antivirus programs can be worked around. What happens when the next virus or worm comes out and antivirus and firewall manufacturers are caught with their pants down again? Do they plan on letting it spread freely until someone makes a removal tool?
If it has these bugs, why not release the program? Then the machines will BSOD and they'll stop spreading viruses. Goal achieved!
I'm afraid that this tool will also affect P2P tools which connect to many hosts every second aswell. Novice users will stop using P2P cause they don't understand why it isn't working.
From the article...
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.
Wait a second. This doesn't really protect internal networks as much as it protects the Internet from your-machine-gone-mad. That is to say, this product's operation assumes your anti-virus security measures have already failed you, and you've got a server making attack attempts outbound on the world at large. This would kick in and shut down that server's attempted attacks.
That'd be a great thing for all of us to be running to be good citizens of the Internet... but who'd buy such a thing? Afterall, you have to admit that your existing security products may occasionally fail you before you can even start to explain what this thing will do. And, after such a failure, you're already 0wned. So, you really have nothing internal left to protect at that point, and all there is to protect is the outside world. If your IT house is already on fire, it's sure nice to want to protect the neighborhood, but who's going to pay for that in advance?
Pointing to the fact that this would require some changes to Windows is a nice excuse, but anybody can get Microsoft to do anything when they come equipped with a truckload of money. I think the realization that people would run this if it was free, but no business in their right mind is going to buy it. I think HP realized that, and that's why they spiked this product. HP, afterall, is a business and can't afford to spend too much money on a research project that isn't going to lead to a profitable product.
I wonder if there are any academic groups working on similar projects who might be able to finish the work on this one...
What a fantastically creative author that article has. To end every other paragraph with "Redmond/HP says"... Sheer brilliance. If only Shakespeare had thought of that.
In other news a cure for cancer and AIDS is quietly being shelved. The medical wonder has incompatibilities with most HMOs . Maybe I just don't see the point or perhaps the technology really wasn't all that good.
Microsoft introduced similar functionality in Windows XP SP2:
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.
get nemulator
'I think I have some virii on my boxen, and it's affecting my NIC card's performance. Now I can't connect to the internet!'
I can just see me telling my boss...
Me: "I had to shelve the clients project, sorry."
Boss: "Why?!"
Me: "Incompatabilities with Windows."
My arse.
Anything designed to prevent the spread of bloated, malicious, performance-killing programs would have to be incompatible with Windows.
SP2, from what I understand, limits the number of outgoing connections a PC can make. Could it be that HP was just a bit too slow to market on this one? Why pay for a product that does something your OS is about to start doing for free?
Can we settle this once and for all?
Virii is not a word in the English language; or any other language as far as I know.
I recommend correctional facilities for those using the word 'virii'.
For all intensive porpoises your a bunch of rediculous loosers
Though Apple has apparently designed a great OS for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows IT staff job security.
This is what today's Wall Street Journal said:
So how can you get rid of spyware and how can you avoid it in the first place? One nearly surefire cure is to dump your Windows machine and buy an Apple Macintosh.
http://ptech.wsj.com/archive/report-200408.html
The next pasture is always greener
But SP2 for Windows XP already has this technology or something very similar to it built in. WAIT A MINUTE?! Linux DOESN'T have this tech. but Windows does?!?! Granted, there is obviously less need for it on linux machines.....NOW...but I'd feel safer if linux had it too.
So ... Route all your outbound traffic through Linux routers with this tool installed?
So, they are starting their own GNU/Linux distribution?
Feel ready to own one or many Tux Stickers?
viruses, according to http://dictionary.reference.com/help/faq/language/ v/virus.html
Does that imply that HP thinks they own Linux? I think we just figured out their new strategy to generate revenue in the future.
Show me on the doll where his noodly appendage touched you.
Some changes to combat DDoS attacks:
- TCP data cannot be sent over raw sockets.
- UDP datagrams with invalid source addresses cannot be sent over raw sockets.
Some changes to combat worms:
- Updated TCP/IP stack to limit the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. This only applies when connecting to unavailable hosts, for example worms like Sasser guessing where to spread to.
Beware: In C++, your friends can see your privates!
There's no such thing as virii.
true - it protects the internet at large from you. By limiting the number of connection attempts per second.
So, once you're infected, your server fails to spread at a rate of 10,000 connection attempts per second, instead it spreads slowly, maybe 100 attempts per second? Would this actually do anything besides give your sysadmins a few extra seconds to patch your system?
Wouldn't it be better to block the connection attempts instead, like with an outbound firewall? Maybe stop the app that was trying to connect unless authorised by the user (eg a P2P app)?
Shouldn't this be implemented at the switch or router? Thus making it impossible for the virus to disable (unless, of course, the computer being infected IS the router) and not requireing changes in workstation OSs?
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I think we should have a FAQ for /. that has some of the most common misconceptions and that way when some one uses something that is wrong we just point to the FAQ.
So why don't we finally get this settled as I have seen it twice today. Am I correct when I say virii is not a word. At dictionary.com the plural for
virus is viruses.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
..perhaps one of those rare instances where the enabler technology (the OS in this case), has actually throttled innovation!
http://efil.blogspot.com/
No.
HP got it to work on Linux and HPUX, but didn't have the source to Windows XP, and so couldn't implement it for windows.
Someone else asks if they've ever heard of firewalls, but this technology is intended to stop worms once they're inside your lan.
This seems like a good idea that they just couldn't get to work. If they're just going to shelve it and not make a penny anyway, how about releasing the source code and see what the community can do with it? HP makes the same amount of money on it either way ($0), but this way they can get open source brownie points and maybe start something that could be useful down the line.
SP2 for XP already has this functionality built in...and yes..its more about protecting OTHER machines from you.
First off, this is not a troll.
Im my experience it has always been easier to sell reactive solutions to DDoS, worms, and virii.
Working on OpenVision*SecureMAX and Securify(kerberos) back at OpenVision (bought by veritas, products sold to PlatniumGroup, then who knows where), we had a very very hard time selling our prevenative security software (for all the *nix platforms of the time and Windows NT). Everyone wanted virus removal software. Even when Satan was released, people didn't want to have an audit of which machines were vulnerable in the company.
I left the computer security buisness back in '97. At which point did it become easier to sell prevenative measures? Was it just this past year or two with all the outbreaks? Or did veritas make a huge mistake is selling off its aquired security products when it did?
potatoe potato, calm the fuck down.
Well, I guess HP could not understand that howto guide on TLDP either...
It was clear that the reason they couldn't make the technology work was because it required some changes to the core of various Windows operating systems. Will Microsoft make its own version of the technology?
:)
If so, will they patent it?
I tend to think that the technology would be useful and should be implemented. Maybe HP can license the technology to Microsoft. Here's hopin'
Well, maybe only one machine on your LAN has been infected yet and you don't want them all to be.
outbound connections per second? No, it doesn't, does it? That why they didn't just invent ZoneAlarm. It's not doing the same thing. Pretty obvious, really.
VIRII!!! woot
Did you read the article? They had it working on Linux and HPUX! So it wasn't just intended for Windows.
/.worthiness.
Next, so what? Whether you can "blame" MS or not has nothing to do with
My favproite quote was ``"...we don't own Windws'', says Redmond.''
My next favorite:
``Virus Throttling only springs into action after a virus has penetrated an organization's network, which made it "more difficult to sell," he says.''
It's not a hard sell to a company that's just been brought to its knees! I was at [nevermind whom] when one of the major virii hit in 2001 (CodeRed? I forget). The network was literally unavailable for at least a day and a half, and this company's bloodstream was its network. If HP had walked in with Virus Throttler, they could have named about any price.
At least, if it worked with Windows. 8^(
That was the one time it didn't help much to have a non-Win system (we had plenty of Solaris, and some Linux and Mac systems). Because two many of us had the mandated Windows box. Even though everyone in my group was effectively immune, having turned off all the extra crap... But having a Solaris server did help; our group's SA put up a DNS server and a few other things, and we limped along better than most.
Well, maybe only one machine on your LAN has been infected yet and you don't want them all to be.
That's where you pull the plug on the other machines and then kill your infection before you plug the others in.
Click here for a free picture of an iPod!
Surely this could have been anticipated at the beginning of the project?
The article didn't say anything to that effect. Maybe they did try, and Microsoft was uncooperative. Is it beyond the realm of possibility that Microsoft would be uncooperative in revamping their TCP/IP implementation?
No, I'm New Here
http://jayceecorder.blogspot.com
It detects /changes/ in the traffic patterns. If your computer sends thousands of packets per second to port 6346, it can probably identify that as your usual traffic. If you suddenly start sending millions of packets to port 25 on various machines, that's out of the ordinary and can be throttled.
Virus Throttler is intended to alert the sysadmin to infected machines. Reducing the impact of the infection is useful, but not the only focus of the product.
Let's see you reverse engineer Windows to the point where your program can integrate seamlessly and reliably with the OS kernel and the networking stacks without any documentation or help from Microsoft.
You think you're cute, but you're not.
If you notice the infection within 5 seconds.
The whole reason it is incompatible is; it stops viruses, the most common Windows applications!
Besides, when was the last time you got an email telling you to su to root and run make install on this code!
I am the unwilling control for my Origin.
How could I be so blind? An OS which has no concept of permissions, where everything runs with superuser permissions couldn't possibly be more secure than one with rigid constraints on which processes can access what. The old 'market share' argument is a weak one.
See! I knew it they're in bed with the virus makers! And Halliburton too I bet!
m
Its not hard to find the connections, you just have to google them!
http://www.commondreams.org/news2004/0310-11.ht
Seriously, someone needs to make a game called 6 degrees of Halliburton. That would rock.
He who knows not and knows he knows not is a wise man. He who knows not and knows not he knows not is a fool.
How is this news?
After unveiling cutting-edge technology for choking off the spread of viruses in March, Hewlett-Packard is quietly shelving the project, citing conflicts with Microsoft's Windows operating system, a company executive says.
Wait... does the technology conflict with Windows? Or does choking off the spread of viruses conflict with Windows?
*ba-boom-ching*
the router as the offending machine? Could be many thousand.
Network Throttling is nothing new, the honeynet project has been doing this for years.http://project.honeynet.org/tools/index.html
Now they are using Inline Snort (Snort + IPtables) to make a signature base firewall. Essential a layer 7 firewall, but with the cool feature to modify packets and not just block them.
Nothing more, For me to say; About my life, A life of dreams....
Probably the best GNAA FP yet. I command you, good sirs, on a work well done.
But there might have been another way, after all Zone Alarm manages to insert itself between the core of Windoze and the outside world (as presumably do all software firewalls, even the ones that don't work properly, like Symantec). I guess that would need code so radically different from the *nix version that it would be an entirely different thing.
On the other hand, if you want to make a good security product, it is best to start with a stable, secure, fairly neat and tidy OS, not put it on top of Billware/Bugware/Bloatware. In fact that goes for any application, start with a stable underlying platform with a tidy API set, and the development costs are reduced enormously. Windoze programmers that I know tell me that productivity is abysmally low because they spend a lot of time writing conditional code to cope with the unique bugs and stupid API variations in every Windoze variant, together with system calls that don't actually work as documented, on the rare occasions that they are documented. All of this is largely unknown, and has been since about 1970, in the *nix world, where the basic API set is very consistent and in conformance with the documentation, which usually includes the Posix specs.
Slowing the OS? Sounds like that's already in XP SP2... kidding.
But really, I believe the concept of virus scanners and throttler's such as this are a temporary patch to a problem, not a solution. What if instead of putting on a governor on the IP stack, the OS or a router down the line detects these types of problems. The infected OS is alerted and optionally suspends the attacking process until it is cleared by the user or administrator.
Some ISP's do something simular. One emails the user saying that they may have a virus because of large number of SMTP connections. I think that's a decent start.
Oz
This *always* happens on slashdot when 'virii' is mentionned. It's worth noting, however, that the protests when encountering the word 'virii' are getting less frequent and not as fast as they used to be. A tell-tale sign that, even here, it's slowly becoming accepted. After all, immer more artcles and posts make use of it, outside the pure scriptkiddie/leet speaking populace. Let's face it: it's getting commonly used and well on it's way to some day reach dictionary status. But in the meantime, you always will have those that opose it.
A whole bunch of "It's latin", "no, it's not", "it's slang", "no it's not" posts will pop-up like mushrooms.
While I agree that it's not correct latin, and I understand that some people have difficulties with the 'correctness' of it, it really doesn't matter one bit as to the validity of a word.
1)Language 'lives'; it changes with the passing of time.
2)Slang is not 'inferior' or 'wrong'; it are just words that are used in a subculture.
3)Words of a subculture can and have become 'mainstream'
4)In the past, english (as many other languages) has been 'corrupted' with equally 'wrong' words...yet we use them today as if they always have been correct, mostly not even being aware that once they were considered stupid, wrong, grammatically incorrect, foreign, nonsensical, inferior, ridiculous, the result of laziness, plain misspelled, etc.
Yet they are *all* considered mainstream english now! So, let's face it, there is *no* objective mechanism where you can say; this word has no place in our language or not.
If it's understood and used in this language, then ipso facto, it *IS* part of that language.
Now, anyone understands what is meant by 'virii' and more and more people/posts use the term virii, with purpose, even beyond their 1337 roots.
So it really is silly to fulminate that virii is not a word; it is used as one, it is understood as one, and it even has left it's pure sub-culture 1337 roots behind so that now it's actually becoming slowly mainstream. So what, in a year or 5, it may end up in the dictionary, as so many 'non-existent' words before it...and what will be the the contra-argument then?
Why, in another 20 years most persons won't even know anymore that it was once considered as 'non-existent' or 'wrong'. They will use it, as we use all those other words where people fulminated against, just as with they will with new, totally wrong words that will pop-up. That's what it means when we say a language lives, after all.
--- "To pee or not to pee, that is the question." ---
As a member of an "IT staff" my job security is not guarenteed through Windows. Even macs gets trashed buddy. I know idiot users who can screw up a well built G4 3 times a week. Although virii and general instability are not as huge of issues, I'm 100% sure that if the market shares of mac and windows were reversed, the recent spyware boom would be on that platform.
That's where IT time is going these days, cleaning up bloody messes because John Q. User wants a poorly drawn monkey dancing in the corner.
Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
Why don't they rethink it a little bit and possibly make it an add-on for a hp-ux firewall with IDS. Possibly having the firewall throttle the connections to the net with a super sexy IDS attached, market the whole thing as the best business solution ever and profit. Or was there other things about this software that they forgot to mention so they will just use microsoft as an excuse.
It's called an exponent. If you only infect 100 machines, then they only infect 100, that's only 10100 machines infecteted. If you infect 10,000 and then them 10,000 that's a LOT more.
That's not true. It should also slow the infection's spread on your own network.
Does anyone else think it's funny that slowing the spread of viruses is incompatible with Windows?
A program to slow the spread of viruses and it does not work on Windows. So basically, if you can run this program you will (by nature of not running windows) not contribute to the spread of viruses and worms. BRILLIANT!
" Did you read the article? They had it working on Linux and HPUX! So it wasn't just intended for Windows."
I wonder if we are not missing something here.
HP developed the product and made it work on HPUX and Linux. But most servers HP sells run Windows OSes. An HP app that only runs on a minority of servers sold is not going to be poular with marketing.
Go quickly OOssaamaa BBeenn LLaaddeenn!!!
Hehehehe, 1 vs 100millions.
The guiltyies are M$, F.B.I., N.S.A., D.o.D., Bill Gates, Bush, ...
For all we know, Microsoft said that they're not planning on making MORE changes to their OS, even for such a good cause.
They may have said, "See you in 2005-2006" and that's why HP put it back in the lab, instead of just outright cancelling the project and deleting the source code. (Which is the implication your post makes.)
My mom says I'm cool.
That's a load of codswallop [1] from a fopping squeeshbobbler [2]. Bite it [3], you knob [4].
[1] Slang for a well-reasoned argument.
[2] Slang for meticulous researcher.
[3] Slang for good work.
[4] Slang for knob. Language drift takes time.
This feature is already in XP SP2 here Basically, if a program demonstrates worm like behavious, windows makes the network connectivity slower. One of the many steps in the right direction (I'm a very happy linux user, but don't want to always blame MS for all evil).
Perhaps, HP got it a bit too late, unfortunately, thats how software market is. Unless HP was sure they have a better product, no point in competing with something the OS offers now.
Aoba: No it's taken over Melchior and it's hacking into Balthasar!
Hyuga: Fast! Too fast!
Aoba: The calculation speed is incredible!
Ritsuko: Change the login mode! Change synchronisation code, to every fifteen seconds!
Aoba: Roger.
Hyuga: Yes ma'am.
Fuyutsuki: How much time did we buy?
Aoba: At least two hours, I think.
"I think this line is mostly filler"
...have no idea it is a haven for a hate group...
try discussing real solutions, helpful ideas, instead of spouting FUD and propaganda like a buncha 12 year old monkey spanking nerds and the confusion would go away.
Actually, in a cyberverse where such connection rates are possible, slowing down the exponential spread, even if it only buys two or three seconds to get the system offline, would be somewhat effective in containing a worm or DDoS attack attempt. Those involved with network administration have to be quick on their feet anyway to unplug machines doing such things.
Of course, the problem is that these machines have been comprimised, and it's damn near impossible to unpwn a machine without formatting the hard drive. (Of course, if one must format the hard drive due to remote pwnership, one might as well switch to Linux or a BSD.)
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
If a box is infected and misbehaving it's _everybody else_
who has to control it. Why did they think their
s/w would continue to work once a virus was in place on the same host ?
To spout about this with the term of more intelligent solutions
perhaps tells us HP have lost the plot.
"In swift action by Microsoft and their developers /A> released a new product called VirusThrottler.NET to help stop the spread of viruses.
Microsoft credits HP for the heads up and inspiration."
Perhaps they could add a patch that deletes windows operating systems and installs a new one.
If your IT house is already on fire, it's sure nice to want to protect the neighborhood, but who's going to pay for that in advance?
The neighborhood would want to pay for that. Really, we're talking about people who already can't figure out how to operate windows update or install firewalls of their own, they certainly aren't going to buy this because they don't care. But, when their ISP gives them a nice shiny CD that just happens to include this, they'll chuck it onto the machine with the rest of the junk ISPs give you. Think AOL, SBC Yahoo's self-install CD, Roadrunner.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Why not sell a $60 network card that has a built in hardware firewall that could do something like this?
It could run embedded linux on a very low cost, low power embedded processor.
Does anyone else think it's funny that slowing the spread of viruses is incompatible with Windows?
Situation Normal All Fxxxed Up.
Just one of the ways you know Microsoft has never been serious about security.
The best security is when your own people are aware of what's going on and are in a position to put a stop to stuff going on that shouldn't be going on. The problem's not getting a virus, it's passing it on to a bunch of unsuspecting friends and neighbors.
what is the definition of a "word" ?
A sound or a combination of sounds, or its representation in writing or printing, that symbolizes and communicates a meaning and may consist of a single morpheme or of a combination of morphemes.
ok so do you understand the information or "meaning" that the word "virii" conveys ?
if you do then it's job is done, it is a word by definition, like it or not.
i don't think "color" is a word or "aluminum" but a lot of Americans will disagree
Enough said.
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.
HP could have done it by implementing their own network stack, the way VPN and private firewall software vendors do, but it would be much easier if Microsoft was willing to play along.
But then if Microsoft was willing to work with anyone else on fixing Windows, they'd be better of if they started with the many many features of Windows that actively encourage the spread of viruses instead of messing about with half-measures like this. Instead of crippling the OS so it can't do occasionally useful and sometimes vital operations (as Microsoft themselves are doing in XP SP2, don't forget) they should start by splitting IE into a safe HTML-rendering engine and a web-browser that uses it but takes control of its own security...
This is obviously HP just trying to rail microsoft. I find it utterly ridiculous that HP is saying that they're not able to do something that many many people are doing. Writing an NDIS driver to hook a network device's ip stack while not the most pleasant thing to do with win32, is quite possible. As has been pointed out, many software firewalls take this exact approach.
The only thing a silly package like this is going to do is to fuck us in the end. Currently most viruses are happy running in user space and doing their thing. The last thing we need is virus writers getting off their asses and start fighting with products like this in kernel space so they can do whatever it is that they need to. Honestly the virus writers have gone easy on everyone so far. While it's not the best, documentation for doing some pretty awful things to the nt based kernel exists. Things such as hooking the various system calls to open an entire world of nasty things. For example think of a virus that was able to completely hide itself from a virus scanner. Once you can hook system calls, hiding yourself (for real) in memory and on the filesystem becomes a relatively straightforward task.
You're kidding right? You're completely neglecting the low-end server market that is dominated (as far as HP is concerned) by PA-RISC systems running HPUX.
If HP or somebody would modify the approach, it would work well in a home router, without having to modify any O.S. outside the router.
The software would need to monitor every IP address on the LAN for viral indications, and then kick into throttle mode only for the indicated IP address.
It wouldn't take too much CPU or memory to monitor 1-10 IP addresses, but it might be prohibitive for 100-1000.
My approach filters out or 'renders harmless' ALL mass-mailing email malware. It only has 2 flaws:
1) The Windows registry setting affecting '.txt files' must not be compromised.
2) The user must not rename decoded email file attachments unless they know for sure the file is not malware. If the attachment is/contains malware, renaming it (and clicking on it) will run the malware and compromise the computer system.
the fault in that arguement is that the virus that infects 10,000 will saturate the available pool of vulnerable machines faster and often be easier to eradicate due to it's agressive nature.
Snowden and Manning are heroes.
I just have a hard time believing that if it were that easy that HP couldn't figure it out. Companies I've worked for in the past have had to completely re-engineer a Kernel to gain all the functionality required to manipulate all aspects of the IP implementation and the way it interacts with the other layers of the OS to achieve the performance, security, routing, etc. required for the application. This isn't possible without Windows source code, which is not available. I wouldn't think the scenario they describe is out of the realm of reasonability.
That's where you pull the plug on the other machines and then kill your infection before you plug the others in.
Uh, no. Assuming that you even know immediately which machines are owned, you can't just go pulling 50 (100? 250? 1,000???) other machines off the network. You have to worry about servers (with uptime requirements) and workstations, probably in different offices/server rooms, probably on different floors, in different buildings, maybe even in different cities. Not to mention the fact that all of those hacked machines will constantly try to reinfect each other and will completely kill off all of your internal network bandwidth (don't even think about your uplinks to the internet). You need an automated tool to deal with this, and it needs to be running on *all* of your machines. It may not stop the initial infection, but it will allow your office to keep working without everything going offline at once.
--guru
Upon me actually RTFA, this isn't home use software. The old "unplug the cable" trick doesn't scale well in the environment you described.
Click here for a free picture of an iPod!
Except, of course, if you're a programmer.
.... wasting all your time programming for a trash OS.
HP owns two class A networks (15.* is old HP's, and 16.* is old DEC's which came with the Compaq merger). If you have that much network of your own, you want to suppress infected machines in order to defend your own network. It's not the Internet they are trying to defend. Other companies with big networks may also have similar problems, so they are the potential customers for this technology.
I suspect that the problem is not that HP can't get something to work on some particular Windows configuration, but that they can't create a commercially viable product that can be deployed to all kinds of corporate Windows desktops without an XP SP2 kind of incompatibility nightmare. Remember that it's the corporates who are holding back on SP2 because of compatibility issues, and no sane company wants to stare into that support black hole with no control over the main engines.
Note also that the article did not say that HP were abandoning the work, it is going back into the labs and they are looking for other ways to use it.
Please tell me this article summary doesn't use the word virii !!!
but have you considered the following argument: shut up.
And if it were installed on individual clients, it would protect your own internal network as well.
... is release the code and not let this program get to waste. it seems they already spend a lot of time on it, it would be silly to just shelve it.
ofcourse, i don't buy the story. i'm not sure why they stopped developing though. and wouldn't HP be one of those 'partners' that has access to the windows code?
On a long enough timeline, the survival rate for everyone drops to zero.
(ok, it would be ii, but that's just too much).
Clearly the way out of this conundrum was determined long ago, as follows:
A keeper at the London zoo wrote to a colleague at the Bombay zoo, "I would like to order two of your mongooses for my zoo."
He looked at what he had written, tossed it out and re-wrote, "I would like to order two of your mongeese for my zoo."
He looked at what he had re-written, tossed it out and re-re-wrote, "I would like to order a mongoose of yours for my zoo. While you're at it, please send me another one."
few quotes from http://www.ofb.net/~jlm/virus.html ... ...
... ... ... or at least, one for which no plural is classically attested, is a fruitless endeavour.
"
what's the classical plural of virus? The simple answer is that there wasn't one. The longer answer follows.
Latin already had a word *VIRI*, but it was the nominative plural not of virus (slime, poison, or venom), but of vir (man)... Such hanky panky would certainly get you talked about, and probably your hand slapped as well.
Those confused souls who write *VIRII* are tacitly positing the existence of the non-word *virius, and declining it as though it were like filius.
Virii is still completely silly, so don't do that; otherwise, everyone will know you're just a blathering script kiddie.
Trying to find a plural for something that didn't take a plural
Best to stick with English and use *VIRUSES*.
"
please stop the virii !
"There is nothing more frightful than ignorance in action." Johann Wolfgang von Goethe
These guys look like they know what they're doing: hackers at work
Shame they seemed unable to keep google from spidering their IRC logs!!
(You can view them all in google's cache -- well, right up until around 16 Aug 2004)
Virii is not a word in the English language; or any other language as far as I know.
Actually, you have it technically correct, but for the wrong reason.
The correct plural of "virus", as a neuter third declension, comes out to "vira". "Virii" would result from the masculine second declension of "virius", a non-word.
"Viri" could conceivably count as correct, though only if "virus" has a gender, which it does not (at least not in Latin). And even with a gender, if you consider it fourth declension rather than second, "virus" would count as its own plural, pronounced with a long "u" sound.
Now, if you want to consider "virus" as a "pure" English word (since we pronounce it differently than the Latin anyway), you could use "viruses". But, you have to consider that approach as a double-edged sword, because by the exact same argument, "virii" suddenly becomes a perfectly valid irregular plural!
So you can argue against "virii". If you do so, however, you cannot favor "viruses" without contradicting your own best supporting argument.
Therefore, as the only really supportable plural of "virus", we have "vira". That has its own problems (of a more historical nature than grammatical), but it would count as the "most" correct form.
Many games and game server finder utilities such as qstat, GameSpy, and All-Seeing Eye send out an initial request to a "master server" to get a list all available game servers, then send a query to each such server to get its current status. A given game server might operate on an arbitrary port, and some hosts run multiple game servers on different ports. For a popular game this can result in a flood of UDP packets flung far and wide across the Internet to seemingly-random ports. One would somehow need to inform the Virus Throttle that this was legitimate activity.
The word is was and will be viruses. Virii is a made up bastardization of the word virus from a Latin root. I don't care what Ken "Caesar" Fishbrain says, it is not neoclassical Latin (his excuse)
Maybe, you have sensitive data on your computers and you don't want some uberkiddie from East Germany broadcasting random bits from your computer all over the internet. To this date, there are no examples of such a thing occurring, but there's no reason why someone couldn't modify any standard virus to include big chunks of private database info with whatever else it's screaming about. Duh!
I doubt your first argument is true. The words that were considered abhorent misuses of language in the past weren't stopped, apparently, by the witholding of approval.
Ofcourse, it's difficult to say the succes rate of such a thing, because words that would be stopped in that way aren't around to be counted anymore, obviously.
But at any rate, it's fair to say that witholding approval isn't that effective, otherwise a whole lot more of formerly wrong words would not have made it.
What is far more detrimental, is the widespread use of the word, and in that option, speaking of 'virii', even in a negative way, contributes to this.
You other example eludes me (as an argument). Of course when you use a word only locally, it won't get mainstream, that's a given in the 'duh' area. and probably other people would noot get the inside joke...but, what? Do you think all words that started as insidejokes and got mainstream are now still recognised as insidejokes?
I really fail to see your argument with this. If 'Interweb' was widely used, and people understood what was meant by it, then, yes, it could become a regular 'real' word too. So what's your point?
As for your last paragraph, it's true that in some sense, evryone has an influence...but let's face it, it's more like saying 'I influence the weather'. Everyone influences the weather in some small part, and maybe even in a big way, as demonstrated by the chaos-theory, but oàne can't really direct it, and one can't really know the measure of influence, so the point is rather accademical.
As for your less then dignitory feelings and remarks about users of the word 'virii', that's just it: it spread well beyond the mere use of the so-called 'losers'. It's true it's still not mainstream, but it's equally true it has left its roots of scriptkiddies and leet-speaking geeks behind.
But, even if you were right, it doesn't make of a consistent argument against it. Do you have any idea, how many words have roots in the subburbs, subcultures by hoi palloi that couldn't speak a proper sentence and were, back then, considered far worse then mere geeky losers?
Yet, those words today are mainstream, and often lack the degenatory context it once had. So, while you may think it's a sign of losers and idiots today, within ten years it can be easily considered the standard word for computerviruses, and nobody in the future may see it in the negative image of 'losers' anymore, just as we don't see many words in a negative light anymore, even when they did, back when they started.
All by all, there is no logical argument given as yet, why it would or should be impossible, to incorporate virii in the mainstream language, once it is used widely and people understand what is meant by it. History shows us that the first has happend many times, and for the second it would mean you couldn't use a LOT of words if you wan't to remain consistent with your own viewpoint.
--- "To pee or not to pee, that is the question." ---