Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Shelves Virus Throttler Program

Posted by timothy on from the simply-too-arcane-and-complicated dept.

longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."

8 of 277 comments (clear)

  1. Need more details... by Nos. · · Score: 5, Insightful

    I'd like to know what the problems are with Windows machines. If you're router/gateway/firewall is limiting outgoing connections, your OS should be able to handle it. Even if it does cause problems, how often does the throttle kick in where there isn't a worm/virus present on the host machine? If this false positive rate is low enough then I'd implement it anyways.

  2. Impeccable logic… by Izago909 · · Score: 4, Insightful

    It's not compatible with windows, so let's not even try getting MS to make newer versions compatible, or spend resources writing a virtual device driver. They argue that defense is better than treatment, but forget that a 2 pronged attack is better than pure defense. Even the best firewall and antivirus programs can be worked around. What happens when the next virus or worm comes out and antivirus and firewall manufacturers are caught with their pants down again? Do they plan on letting it spread freely until someone makes a removal tool?

  3. Anti-P2P Tool by SkunkAh · · Score: 5, Insightful

    I'm afraid that this tool will also affect P2P tools which connect to many hosts every second aswell. Novice users will stop using P2P cause they don't understand why it isn't working.

  4. Microsoft's fault? More like the almighty buck's.. by LostCluster · · Score: 4, Insightful

    From the article...
    Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.

    Wait a second. This doesn't really protect internal networks as much as it protects the Internet from your-machine-gone-mad. That is to say, this product's operation assumes your anti-virus security measures have already failed you, and you've got a server making attack attempts outbound on the world at large. This would kick in and shut down that server's attempted attacks.

    That'd be a great thing for all of us to be running to be good citizens of the Internet... but who'd buy such a thing? Afterall, you have to admit that your existing security products may occasionally fail you before you can even start to explain what this thing will do. And, after such a failure, you're already 0wned. So, you really have nothing internal left to protect at that point, and all there is to protect is the outside world. If your IT house is already on fire, it's sure nice to want to protect the neighborhood, but who's going to pay for that in advance?

    Pointing to the fact that this would require some changes to Windows is a nice excuse, but anybody can get Microsoft to do anything when they come equipped with a truckload of money. I think the realization that people would run this if it was free, but no business in their right mind is going to buy it. I think HP realized that, and that's why they spiked this product. HP, afterall, is a business and can't afford to spend too much money on a research project that isn't going to lead to a profitable product.

    I wonder if there are any academic groups working on similar projects who might be able to finish the work on this one...

  5. In other news..... by Concrete+Nomad · · Score: 5, Insightful

    In other news a cure for cancer and AIDS is quietly being shelved. The medical wonder has incompatibilities with most HMOs . Maybe I just don't see the point or perhaps the technology really wasn't all that good.

  6. Re:Microsoft's fault? More like the almighty buck' by gbjbaanb · · Score: 4, Insightful

    true - it protects the internet at large from you. By limiting the number of connection attempts per second.

    So, once you're infected, your server fails to spread at a rate of 10,000 connection attempts per second, instead it spreads slowly, maybe 100 attempts per second? Would this actually do anything besides give your sysadmins a few extra seconds to patch your system?

    Wouldn't it be better to block the connection attempts instead, like with an outbound firewall? Maybe stop the app that was trying to connect unless authorised by the user (eg a P2P app)?

  7. Open source it by Hoodsen · · Score: 4, Insightful

    This seems like a good idea that they just couldn't get to work. If they're just going to shelve it and not make a penny anyway, how about releasing the source code and see what the community can do with it? HP makes the same amount of money on it either way ($0), but this way they can get open source brownie points and maybe start something that could be useful down the line.

  8. Re:Wait just a minute... by interiot · · Score: 5, Insightful
    And how long will it take until one of the smarter virus writers writes a patch for tcpip.sys, after which the hoard of stupid virus writers just include that in their programs?

    The throttling functionality really needs to reside on the router side, on routers that don't run Windows. Then every joe-shmoe virus/worm won't be able to bypass it easily.