Slashdot Mirror
Internet Immunization
xav_jones writes "Nature.com reports on computer experts from Israel who are proposing a different strategy for combating fast-spreading worms and viruses -- one in which the fix can, theoretically, keep up with or stay ahead of the malicious code. They 'propose a system in which a few honeypot computers lie in wait for viruses. These computers run automated software that first identifies the virus, and then sends out its signature across the Internet. This enables a sentinel program on all the other computers in the network to identify the virus and bar it before it can attack them.' The honeypot computers would reside in a secure, dedicated network. For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'"
All that to combat worms and viruses? If I am correct, most of the worms and viruses infect because of a vulnerabilitly in the software. So what if these sentinnels of "guardian angels" themselves have some flaws which these viruses exploit. How about spending some money on training developers to practise safe coding. How about educating average joe to not click on the Britney's image and let him know that she is not going to blow him? How about lobbying to pass laws to force software companies to pass a higher standard? Heck even children toys have certain standards that the companies have to adhere to.
Seems like rational ideas are just an illision now a days. Don quixote suddenly seems more reasonable to me than this guy.
Except that no system is prefectly secure.
And once someone finds a hole in this magic system, it will become the most effective means of distributing viruses ever invented.
The honeypot computers would reside in a secure, dedicated network Wouldn't that make it just a little difficult for the honeypots to contract a virus? Or is this some new definition of the word "secure" that I'm not familiar with?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
...for the ~1 million honey-pots, their connectivity, and their management?
Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind. - Dr. Seuss
If it happens and is widely adopted, I think I'll start a betting pool on how long it will be before some hacker delivers a worm via this network's distribution system.
Information wants to be anthropomorphized.
Great.. until of course:
1) Worm writers figure out a way to avoid them or
2) Someone decides to use the "honeypots" to attack the network itself by flooding it with slightly different worms, making the signal to noise ratio patently obscene.
This is just rephrased terminology for a DMZ in which resides a viruschecker proxy/firewall, this is nothing checkpoint, ISA-2005 doesn't already do.
So now, instead of getting spam for viagra, I get spam for v1agra, vi4gra, vyagra, viegra, etc.
Virus writers will just add mutational code to their virius, so each instance of infection will have a unique signature.
...or is this not so different from the way anti-virus packages distribute updated signature lists? The TFA uses a lot of biological metaphors, but if you s/honeypot/anti-virus research lab/ this is pretty much the same thing everybody does already. The bit about creating faster-than-virus "wormholes" is mentioned kind of as an afterthought, when, really, it's the most important (and problematic) aspect of the whole plan.
I always wondered if the future of human defense against viruses was similar. Use "honeypots" with human-like susceptibility (genetically modified pigs or something). Once their immune systems start figuring out what virus is attacking, take a part of the virus DNA and post the code for the world to see.
Individuals at home would have their DNA sequencers crank out a batch and they'd then inoculate themselves, prepping their immune system for the real virus.
This is all future stuff, of course. It could also be prone to problems, such as someone hacking into the system and posting a DNA sequence that does bad things to people. Shucks, the autism/vaccine scares already show people's fear of such things. Might make for a good story, though.
I maintain mail servers with some honeypot addresses. Incoming mail is not only used to train our own filters, but reported to other services like Razor. The whole thing about getting the signatures to travel faster than the worm is easy if you already know where you're sending the data (the worm either has to do scans or pick destinations at random).
Is the novelty
1. Using this technique for viruses?
2. Using a dedicated honeynet?
I make it 0.4% ...
Ok, I think i figured it out!
If I find out a way to infect the singal the honeypots are sending out, then I can infect even more people, because the people relying on the honeypot machines won't be running anti-virus programs themselves.
Hmm, that would be fun!
...it would be like if the internet had peanut allergies and malicious code kissed it after eating Reeses Cups.
However, I'm willing to give these guys a fair shake. No matter what anyone has to say about their politics, the Israelis definitely know how to do high-tech.
From TFA:
[Fuck Beta]
o0t!
Can this also keep me from receiving the same link to flash cartoons a hundred times from my friends?
How in the hell does 0.4% get "interpreted" into "[(0.004%)]?"
Goddamn, I am dumb, and even I caught that error without having to bust out a calculator...
From TFA:
""And as the network grows, the same proportion of honeypots, around 0.4%, gives you even better protection," says Shir. He and his team present their proposal in this month's edition of Nature Physics1."
I like the magic part where this incredibly advanced piece of software figures out that the machine has been infected. It's so smart, in fact, it can figure out what viral signature can uniquely identify it.
Ya know, if ya had some code that could reliably identify virii without signatures, wouldn't we all be running *that* on all our desktops?
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
It's difficult to do on global scale, because there's no one to pay for it. And you can't force every internet user in the world to install the "sentinel program". Another problem, it's difficult to automatically identify viruses. But the antivirus companies do set honeypots, identify viruses and send updates to their users. So the idea is not new, it's just realized in a way that IS possible today.
1's and 0's should be free.
You want to a create a network of machines that are vulnerable to viruses/worms/other baddies, provide a full index of these computers and their addresses on a huge number of central servers, and then you want to deliberately expose those central servers to malacious code?
Is that what I'm reading? If that's so, then count me out. I can't take care of my own, thankyouverymuch.
if(!toilet_paper) roll.replace(new roll);
What would happen if the viruses become smarter and avoid the honeypot computers?
and welcome to the Matrix.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Let's see:
800,000 / 200,000,000
That's 0.004 or 0.4%
Certainly not 0.004%
100 times more expensive.
...we could just not use operating systems which have abysmal security. You know, the one that attracts malware in the same way a magnet attracts iron ore. Yeah, you're right, that's crazy talk.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Symantec, at least, already has a network like this in place and it has been in place for several years. I believe other companies do as well.
Why do they need dedicated honeypots? Why not just include software in SMTP servers that lets them notify each other when they identify a virus locally? An SMTP operator could subscribe to several dozen peers, in a network of trust. When their own threshold of peers reporting the same virus is reached, they've got a hit.
Maybe this is a good application for the Usenet tech, to flood the trust networks with info rapidly, reliably, and without a centralized authority that itself can be attacked or otherwise compromised. Most of this tech already exists. We don't need 800K new servers that do nothing else, when we've got even more that also serve mail. Maybe the researchers are setting up a spinoff security network. But their research actually points to a better system than relying on them for more than the starting point.
--
make install -not war
There are already appliance makers that do this very thing: identify malware and viruses, and signal the others, usually in the guise of spam control appliances.
Webs of early notifiers is also not a new idea; look at the honeypot networks that are on the web, the honeypot project, and so on.
The containment cited is theoretical, subject to the ability to correctly identify behavior, and doesn't prevent users from clicking on URLs that have malware, or filter signatures that have fast breakout behavior.
And so, the merit of the Nature article is in question. It's just a PR release in disguise.
---- Teach Peace. It's Cheaper Than War.
Microsoft and University of Cambridge have been working on the same kind of thing for a while. There was a paper at the SOSP 2005 conference.
take two OSS tablets (not applicable in France) and call me in the morning
A feeling of having made the same mistake before: Deja Foobar
This is a fine idea, and one that could be done at little cost save for the 'global honeypot network' part. Why not use info from an existing distributed log source like Dshield?
I don't want to be subject to an "automatic immunity" system because I don't want to lose control of my computer, internet connectivity and communication. I can imagine a "sentinel program" being told to exclude or dump, without warning, my choice or even my knowledge, dangerous packets containing strings like "ACLU," "EFF," "Vote for [fill in]," "PGP," ".torrent," "[name of allegedly copyrighted file]," etc.
Only Women Bleed (Sex, Sharia remix)
Brightmail's anti-spam system (Brightmail was acquired by Symantec) does just that. And has been doing so for about 5 years. It has a similar honeypot system, and was, as an example, the first vendor to trap and prevent the "I Love You" virus. I believe they already have the patents on this.
This is nothing new. IBM has a whitepaper discussing this. It's called an "Immunity system". Essentially a cluster of machines are dedicated to automatically and manually process potential candidates for Viruses, and then creates and propigates the signiture file for the virus.
no big deal.
it just amazed me. This is nothing but a replication of the natural immune system... where the honeypots are the lymphatic ganglions, and the signatures are the antibodies.
I'd like to see how this results... whatever the outcome, it's an interesting experiment.
Anyone care to imagine what 800,000 computers in the Internet equivalent of anaphylactic shock would look like?
I'm sure this system would work if the honeypots were evenly distributed among IP blocks but they simply can't be (huge chunks of the IPv4 address space are already taken). A worm might infect hundreds of thousands of computers before ever hitting one of the honeypots. Even if the honeypot gets it and sends it to an AV company, and they issue an immediate update, it takes hours for everyone to get updated. History's most damaging worms were able to infect millions of computers within this kind of timeframe.
Also, what if someone manages to find one of these honeypots and sends an exploit with a payload containing a competitors software signature? Would the AV company start issuing immediate updates? What kinds of systems are in place for preventing this?
I didn't know that Nature was such a high end CS publication. At SOSP this year Vigilante (http://research.microsoft.com/~manuelc/MS/Vigilan teSOSP.pdf) was presented--a much more complete paper in a more salient venue.
/ ), but I don't think the editors of "Physical Review Letters" (a physics journal) are really up to speed on the latest in computer security research. Indeed, most of the works they cite are either from physics journals, Nature, or Science.
The citations list at the end of the Nature paper also is missing a large body of relevant work. Check the citations list of the Vigilante paper for details--50 references most of which are missing from the Nature pub. Also, the publications the Nature paper cites are mixed--some are good (like http://www.icsi.berkeley.edu/~nweaver/containment
The analysis is quite math heavy, and makes some unrealistic assumptions (i.e. worms only spread to their neighbors). In the end, they "show" that it is theoretically possible to stop worms with a side-channel network. Vigilante, on the other hand, has an implementation of a vaccination system, and simulation results run against Blaster, Slammer, and Code Red. Now, which is more convincing to you?
Figure out where the honeypots are (i.e. who sends the new virus descriptions first?), then spam them with tons of small variants of various worm and virus code, which they happily amplify and flood the pipes of their whole downline tree. This is supposed to be a good idea?
Secure like a roach motel: Viruses check in, but they don't check out.
In Terminator 3 isn't this how SkyNet became sentient and decided that humans suck and launched it's missles? Hmmm...
the virus war has.
The article in the story doesn't seem to mention existing work in the same area. This approach has already be proposed, evaluated and peer-reviewed in the top networking conference (SIGCOMM'04) [1] and the top Operating System's conference (SOSP'05) [2]. The existing approach was proposed by Microsoft Research and is called Vigilante.
5 824a spx?type=Publication&id=1483
They find that it is possible to quickly detect worms automatically, construct automatic filters for just the worm and not benign traffic, and distribute it quickly to vulnerable hosts in a secure, non-forgeable way.
[1] http://portal.acm.org/citation.cfm?id=1095809.109
[2] http://research.microsoft.com/research/pubs/view.
Remember that while HIV does admittedly mutate, as do many other viruses, but there seem to be key portions that cannot change without essentially breaking the virus' core functionality.
The trick is to find those key portions and use them in your vaccine.
After attending a talk given by Niels Provos, creator of Honeyd, he showed this exact thing 3 months ago. He setup multiple honeyd nets all showing the same possible exploit holes to try and capture spyware and virii and then issue patches if these holes were found on the rest of the system and showed that with the right amount of machines it can be done effectively. These guys seem to just be copying his research verbatim
I think the entire premise this is built on is flawed, It still requires to be infected before the virus/worm can be identified. What someone needs to do is create a program that'll guess at what the next viruses'll do, then protect in advance. Or better yet, make it so that people can't get viruses, surely a computer can detect the rudimentary social engineering used by Malware authors. Maybe a program that can forecast what another program'll do, and then, if it's harmful, prevent the execution thereof. Call it "Walk Without Rythm" because you won't attract a worm.
Shots: A Populist Parable
One would have thought that "the signal" was that these traps started sending rather than just receiving.
What would it take for any large firm to dedicate one of their machines to receive all the dubious crap the company has to handle? A machine that ordinarily never sends.
I know, I know; I will go and read the effing article.
Could you deliberately create a virus that has the same signature as a common program or part of the OS? If so, then you feed that virus to the honeypot, the notification goes out, and the friendly software on all the local computers with the same signature gets disabled by antivirus software.
They need to prove that this can't be done before a system like this is created.
There are a lot of techniques to do automatic identification of viruses, the problem is that they are too expensive for everyday use--your programs run 40x slower or worse. Below is a selection (small and randomly generated) of related work.
Mostly, you need to do extensive monitoring of what your program is doing, and look for out-of-bound writes (e.g. buffer overflows/stack smashing), or do taint analysis (that is, don't execute or make "important" decisions based on data "tainted" from an untrusted source). But this requires performing many anaysis operations for every "real" operation, so it isn't feasible to do everywhere.
Just google the titles for electronic copies.
Kreibich, C., and Crowcroft, J. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets (Nov. 2003).
Kim, H., and Karp, B. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium (Aug. 2004).
Zou, C. C., Gao, L., Gong, W., and Towsley, D. Monitoring and early warning for internet worms. In ACM CCS (Oct. 2003).
Wilander, J., and Kamkar, M. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS (Feb. 2003).
Newsome, J., and Song, D. Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In NDSS (Feb. 2005).
A Scientific American article, pointing to its similarity to the idea of biological immunity mechanisms, put forth an idea like this 4 or 5 years ago [sorry, too lazy to go look it up]. The biological parallel was that the signatures sent out by the honeypots were analagous to antibodies manufactured to help killer cells recognize foreign cells. I think the pitfalls of this idea can also be extrapolated from the biology of autoimmune diseases. The worst thing that could happen would be for a malware coder to figure out a virus whose signature would cause the "forewarned" systems to block legitimate traffic.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Works okay but the interface isn't much to look at.
With an automatic response like that, I wonder if virus writers would learn to craft a virus that caused the sentinal program to generate a signature that removed/damaged important files (or otherwise wreak havoc) on the computers they were supposed to protect. Cause an autoimmune response if you will.
I wonder if any of them are infected with the Sony rootkit?
Everybody should add the address of at least one of the honeypot machines to their addressbook. If the virus emails itself to everyone in your addressbook, the system learns of it that much quicker.
J
Maybe I'm missing something, but doesn't sound like anything that's not already being done. Firstly, antivirus companies I'm sure run honeypot machines to help them "catch" new viruses, and then distribute them via automatic updates to their customers, more or less immediately. Antispyware works the same way, except they also use those user-contributed spyware networks, which serves the same purpose as these proposed honeypots serves (antivirus companies do this too but I don't get the impression it's their primary method of discovering new viruses).
And proposing anything that involves 800,000 dedicated computers is certainly an instant turn-off. For that much work, the idea should do something better than reinvent the wheel.
TELL MICROSOFT TO STOP LEAVING PORTS OPEN. If they were actually IN this war against viruses, instead of making money from them, it'd be a lot easier.
Sheesh. Put on a helmet.
--- For a good time mail uce@ftc.gov
Had these people followed proper research techniques they would have found a number of issues with their project. First, it has been shown in peer-reviewed publications that it is more than easy to detect and avoid so-called Internet telescopes or honeynets. Second, the entire vulnerable population of the Code Red worm, arguably the worm with the largest vulnerable population, was only about .034% of the Internet address space. So they are proposing to have as many machines implement this as there are vulnerable machines - that is a pretty tall order. Third, people have worked on automatic patch generation techniques for worms before. The problem isn't designing a system that outpaces worms and contains them, the problem is making a system that is resilient to false positives, useful even under partial deployment conditions, and can protect more hosts than just those available on the local network.
no, it is correct.
malware authors will immediately set up a network of computers to maintain a list of known honeypots so that they can be avoided while propagating. They could call it "WormGuardian", say.
The higher the technology, the sharper that two-edged sword.
First, you build this giant wall...
So all we need to do is plant the honeypot software via some worm to 800,000 computers and we will be set.
Malicious software is usually spread via email.
The trojan goes through your outlook contacts list and forwards the email to everyon in it. People open it and the chain continues. Contracting such a virus requires a user at a keyboard usually.
A "honeypot" would have to contain.
- MS outlook with Windows XP.
- Multiple email accounts that are posted accross the net and purposfully send and receive a lot of email traffic.
- A person or script/bot that opens every email and tries to open/run every attachment.
- possibly a lot of spy/addware already installed.
- playing a sony BMG CD 24/7 (*duck)
Malicious computer viruses could be stopped in their tracks by immunity software that spreads faster than the virus itself MS fixing its fucking operating system , says a team of computer experts from all over the right thinking world.
It seems to me that it would be possible for a virus writer to: 1) Identify one of the honeypot machines - there's probably a couple of ways to do that... 2) Target this honeypot machines by sending it an endless array of viruses with different signatures, thereby keeping all the systems using it for security darn busy updating their definitions -- DoS... 3) ...
4) Profit!
--
You could have a bunch of volunteers who simply go about their daily business, and have their blood regularly monitored in the same way. It won't give you much of an early-warning capability (by the time a volunteer gets a pathogen, many others will have it too), but it should cover the "different behaviours" issue.
iSKUNK!
The article's proposed idea would just make the entire world a tool for DOS attacks.
Imagine the havoc that would result if someone told this system that the normal "/bin/bash" or "explorer.exe" was a virus... or even worse -- ntfs.sys
Forget about worries that "the internet will go down". This would be far more destructive than any virus. (airports, banking, stock market, would all be affected)
Side note: A while back, there was an attempt to inject malicious code into the linux kernel's repository... How do we know that M$'s Windows Update website has never been hacked? Yikes... Centralized management of automatic updates/virus defs is always a security problem...
Why cant they just integrate that idea into antivirus software and not have to setup and maintain 800k machines?
Worms scan for vulnerable hosts. Simply detect this scanning behavior.
In your network setup a huge private flat class A. Randomly distribute all your hosts in this address space.
Now, in your router, route all the addresses that aren't valid to a single honeypot computer. This honeypot should analyze all packets coming to it in order to figure out if the traffic is good or not. You could also packet sniff all packets through something like snort as well.
A regular computer will occassionally attempt to connect to the honeypot, a worm infected one will constantly be trying to connect to the honeypot, because it doesn't know your network layout.
If you recognize that one of the machines is acting bizzarely, then you can turn off it's network access at the port on the switch.
You can still do network discovery by seeing who is connected to the ports on your switches and then scanning their ip addresses.
You should also set up routing rules to NOT allow testing computers to connect to production servers, it helps if production and development are on seperate private networks.
Good times.
I don't know about the whole automatically identifying viruses bit, but the communications layer needed for something like this would seem to have already been done, and in a more general form that is needed for this too.
Hackers working on theoretical virus to defeat theoretical 'honey pot' virus stoper.
Giving IE users a taste of their own medicine since 2005 - http://pods.-is-a-geek.net/
Does anyone have an example of a potentially dangerous security flaw that was detected and fixed by a software system with no human interaction? I've never heard of it, although I'll gladly have a slice of humble pie if I'm just ignorant.
If I'm right, I suspect an antivirus network like this is extremely likely to zombie-fy the honeypots, and then use them to propagate a back door to every system relying on the antivirus network.
I pity the foo that isn't metasyntactic
Everyone knows mathematicians can't do arithmetic! Heck, they're even worse at it than physicists, like me! :-p
SIGSEGV caught, terminating
wait... not that kind of sig.
How about someone thinking that dedicating 800,000 computers to guarding Bill Gates' crappy OS is a good use of resources? Give me a break, you could run Google 2 with that kind of processing power.
Friends don't help friends install M$ junk.
Isnt this something that is already going on? Antivirus vendors spread their bait emails and insecure servers around to contract stuff and then react to it.
I think they could be more productive if they just use the current IE flaw and incorperate it into a web survey asking if the user is over 40. Infect that, whitelist all current software on the machine unless it's known bad and report on new executables. Bam, you're done with your honeypot. Those old codgers will click anything! They catch it first and then their zombie sentinel reports home with it's newest malware.
If you start from the premise that the honeynet's code will perform perfectly; ie that it cannot be owned by the virus and that it can therefore be trusted to work as advertised, fine.
But the problem is that in reality, the honeynet is composed of software too, so even if you think it is better than nothing, you might change your mind when virus writers discover exploits in the honeynets.
Hoping the honeynet computers won't break containment at that point is wishful thinking at best.
I don't know the meaning of the word 'don't' - J
But in this case they aren't serving as "honeypots" (nonfunctional things meant to simulate the vulnerabilities of the functional thing so as to protect from specific attackers) but rather people being tested for pathogens, to identify for patheogens.
It's a totally different thing because it's not a sacrificial lamb. What you're describing here is just a sort of a survey of existing pathogens in the community, and immunizing against them. In fact this is basically what is done today when we immunize masses of people: you take people who get sick, check what they're sick with, and give healthy people a vaccine against it.
There's actually published work on this (to Nature's credit, this is fairly recent work). This system called Vigilante [1] (incidentally from Microsoft Research) does it all: automatice detection of worm, automatic distribution of signatures, automatic generation of "filters" and protection mechanisms. In the paper, the author's don't use honeypots, but there's nothing in the system that precludes their use.
a spx?type=Publication&id=1483
[1] http://research.microsoft.com/research/pubs/view.
Published in this years ACM Symposium on Operating Systems Principles (SOSP)
Web/Blog/Gallery: http://floatingsun.net
What if rather than a possible virus, the data is...
I'm sure the RIAA, MPAA and various governments will love it. Instant gratification rather than forcing ISPs to cough up log data, espionage, etc.
That idea is very, very old.
Nature seems to want to publish stuff in computer science, but it is becoming increasing clear that they simply have no clue what they are doing. Apparently, they select papers that take some idea from computer science, add some biological or physics jargon, and otherwise fit their format, and publish it.
It seems more and more like Nature is turning into the New Scientist, only Nature isn't as entertaining.
Hey buddy.
Detecting Sony's pile'o'dung is a true positive match in my books.
Good premise, bad example.
I doubt this idea would work, something would give it away to the virus in the end.
Trying to become famous by taking photos. Visit my homepage please.
These honey port machines, a.k.a venus fly trap, become sentient and hold the entire human race to ransom...Doomsday monguering it may be, but I would not like to be on the receiving end of a narked virus honey pot...
When all is said and done, nothing changes...
If my machine is running Norton AV, and I get something, couldn't my machine just automatically alert a central Symantec server or something like that, and then everyone else connected to NAV would get an alert? I know NAV checks for updates on regular intervals - maybe if that interval was every few minutes instead of every few hours or day or whatever, you could just put the honeypot role right onto end users? Plus, there are a lot more than 800,000 end users of AV software.
Sorry if this is really dumb.
A-Bomb
puton_tinfoil_hat: What would then happen if the controller of these honeypots was to let a large software corporation inject the honeypots with information that a competitor's software is malicious? It would disable that software on every machine on the internet. Hows that for Mi..er...underhanded business practices?
putoff_tinfoil_hat:
Which proves him right, that the article summary which says .004%, not .004, is wrong. They probably meant .004 (.04%), but that is not what they wrote. I wouldn't want you doing MY taxes in such mistyped Excel spreadsheets. I'd rather get a penalty of .004% instead of .004 due to misreading my statements. Come back when you put your glasses on maybe. 8)
I8-D
Just send microsoft windows(R)(tm) to one of the honeypots, and the defense network will immediately make the entire internet more secure.
I'm still trying to figure out what people mean by 'social skills' here.
You could subvert such a system by using it to induce and Digital Autoimmune Disease where legitimate software is seen as a virus. e.g. A big company, such as a record company, hears about some small developer's product that threatens their profits so they get a hold of this new product and use it's signature to inoculate one of the honey pot systems.
Viruses on networks infect their victims by sending messages to (or back and forth with) their victims. You don't have to run the victim program to receive or detect the virus - you just have to accept and send the right messages, and then you need to distinguish between messages that are viruses and other kinds of messages (e.g. spam), and for a honeypot network you also need to communicate with your friends on a network that doesn't get flooded out by the virus, so a backdoor network can be helpful. For a honeypot network, you normally won't have any legitimate traffic on the Internet side, so all the packets you receive are either viruses or other malicious traffic, so your risks of false positives are somewhat reduced.
Most network viruses work in one of three ways
The backdoor network doesn't *need* to be a private network separate from the Internet, though that's potentially useful. At least in the US, most major ISPs are working on traffic prioritization, so you could get by with running your backdoor network as IPSEC tunnels with a higher priority (plus putting a few gateways in the major networks, since most of them don't have business plans for exchanging diffserv with each other.) Also, many ISPs run T1 ports on Cisco equipment that does Weighted Fair Queueing by default, so your IPSEC tunnels may get adequate treatment just because they're not TCP, and some ISPs are willing to give explicit prioritization to easily-identified traffic types on a custom basis even if it's not a standard service.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The DNA of the virus is not the important part. The important part recognised by the immune system is the protein shell around the DNA (or RNA) known as the capsid, which is recognised as foreign by the immune system. In order to immunize people to a particular virus we need an antigen that bears a close (or exact) resemblance to the protein structure of the capsid of the pathogen in question so that antibodies may recognise the foreign structure swiftly in future, preferably disposing of them before they infect cells.
The genetic materials inside the capsid do not have any effect until a cell is infected. Pumping viral DNA into your bloodstream will do nothing. It will be assimilated and you will still be susceptible to the pathogen 0from which it was copied.
If future technologies could synthesise a viral capsid with no genetic code inside, then we might be on the right track. We would still get the common cold, though.