HP Shelves Virus Throttler Program

longlanekid writes "Though HP has apparently designed a great program for slowing the spread/proliferation of virii and reducing the impact of DoS attacks, it's all being shelved due to Windows incompatibilities."

/. worthy?

[wo1verin3]

This is a product that was intended for use on Windows, they obviously couldn't get it working on Windows. Don't start blaming MS for this one...

That aside, any coincedence that the vice president and chief technology officer of HP is named Tony Redmond? :) j/k

Re:/. worthy?

[gbjbaanb]

The technology notices changes in host machine behavior, which indicates a virus infection. It then chokes off the attack by limiting the frequency of outbound communications from the host machine to "throttle" communications with other hosts on the network

yeah? So HP is saying they can't get it to run on Windows because they can't alter the networking code? WTF? Have they never heard of firewalls, that happily block network connections, even on Windows.

Perhaps they've altered the HP network stack so that if you make a connection, it is held until the flurry of connection attempts are reduced. Somwthing that is not likely if you're infected with a worm; so maybe it delays the connect attempt for a short amount of time - big deal if you're infected as the connection will succeed eventually. Could this be the real reason why it's been shelved - it doesn't work to actually do much of anything?

I really don't understand why this is such a 'Windows is rubbish' and not a 'HP programmers don't understand how to code properly' story.

oh, except usual slashdot bias. Silly me, I forgot that for a moment.

Re:/. worthy?

[The+Bungi]

Really? That's funny. I have this thing, you know, a software firewall? It intercepts every single network call (heck, it will even plug the loopback if you tell it to) and it works fine, 100% of the time. If it can pop up a dialog asking me if I want ApplicationX to contact a given domain (or IP address) I figure it could also throttle the connection. Any connection.

I'm pretty sure the people who wrote Tiny Personal Firewall didn't have access to the Windows source code.

So enlighten me again - what does this have to do with Windows being a "closed proprietary OS" again?

And BTW, this is something already built into XP, as you can tell from the many comments in this article.

Pre-emptive better than reactive? Sence when?

[Derivin]

First off, this is not a troll.
Im my experience it has always been easier to sell reactive solutions to DDoS, worms, and virii.

Working on OpenVision*SecureMAX and Securify(kerberos) back at OpenVision (bought by veritas, products sold to PlatniumGroup, then who knows where), we had a very very hard time selling our prevenative security software (for all the *nix platforms of the time and Windows NT). Everyone wanted virus removal software. Even when Satan was released, people didn't want to have an audit of which machines were vulnerable in the company.

I left the computer security buisness back in '97. At which point did it become easier to sell prevenative measures? Was it just this past year or two with all the outbreaks? Or did veritas make a huge mistake is selling off its aquired security products when it did?

What so special

[neopara]

Network Throttling is nothing new, the honeynet project has been doing this for years.http://project.honeynet.org/tools/index.html Now they are using Inline Snort (Snort + IPtables) to make a signature base firewall. Essential a layer 7 firewall, but with the cool feature to modify packets and not just block them.