Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Immunization

Posted by Zonk on from the nature-saves-us-from-leet-haxxors dept.

xav_jones writes "Nature.com reports on computer experts from Israel who are proposing a different strategy for combating fast-spreading worms and viruses -- one in which the fix can, theoretically, keep up with or stay ahead of the malicious code. They 'propose a system in which a few honeypot computers lie in wait for viruses. These computers run automated software that first identifies the virus, and then sends out its signature across the Internet. This enables a sentinel program on all the other computers in the network to identify the virus and bar it before it can attack them.' The honeypot computers would reside in a secure, dedicated network. For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'"

14 of 229 comments (clear)

  1. WOW by rovingeyes · · Score: 4, Interesting

    All that to combat worms and viruses? If I am correct, most of the worms and viruses infect because of a vulnerabilitly in the software. So what if these sentinnels of "guardian angels" themselves have some flaws which these viruses exploit. How about spending some money on training developers to practise safe coding. How about educating average joe to not click on the Britney's image and let him know that she is not going to blow him? How about lobbying to pass laws to force software companies to pass a higher standard? Heck even children toys have certain standards that the companies have to adhere to.

    Seems like rational ideas are just an illision now a days. Don quixote suddenly seems more reasonable to me than this guy.

    1. Re:WOW by Anonymous Coward · · Score: 5, Informative

      You're a teacher? It's not 0.004%, it's 0.004. 0.004% is actually 0.00004. Come back when you've had a little Excel training maybe.

  2. A fine idea . . . by taustin · · Score: 5, Insightful

    Except that no system is prefectly secure.

    And once someone finds a hole in this magic system, it will become the most effective means of distributing viruses ever invented.

    1. Re:A fine idea . . . by toupsie · · Score: 4, Funny
      Except that no system is prefectly secure.

      What about the Vic-20 locked in my closet under my old underware with all the keys stuck from 20 year old Coca-Cola? I dare you to break into that!

      --
      Strange women lying in ponds distributing swords is no basis for a system of government.
    2. Re:A fine idea . . . by AuMatar · · Score: 4, Funny

      I already did. You are one twisted pervert. I copied your collection.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    3. Re:A fine idea . . . by dalerb · · Score: 4, Funny

      Ah, you know someone is a techie when they misspell "underwear" as "underware".

  3. Huh?!? by Locke2005 · · Score: 4, Insightful

    The honeypot computers would reside in a secure, dedicated network Wouldn't that make it just a little difficult for the honeypots to contract a virus? Or is this some new definition of the word "secure" that I'm not familiar with?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:Huh?!? by Krach42 · · Score: 4, Insightful

      I'm actually more worried that, if this secure and seperate network is easily identifiable, that one could avoid it simply by saying for example: "Don't attempt to infect any machines in the network 128.123.x.x"

      --

      I am unamerican, and proud of it!
  4. Didn't we try this with Spam? by thisissilly · · Score: 4, Insightful

    So now, instead of getting spam for viagra, I get spam for v1agra, vi4gra, vyagra, viegra, etc.

    Virus writers will just add mutational code to their virius, so each instance of infection will have a unique signature.

  5. Why not do this with the human body? by PIPBoy3000 · · Score: 4, Interesting

    I always wondered if the future of human defense against viruses was similar. Use "honeypots" with human-like susceptibility (genetically modified pigs or something). Once their immune systems start figuring out what virus is attacking, take a part of the virus DNA and post the code for the world to see.

    Individuals at home would have their DNA sequencers crank out a batch and they'd then inoculate themselves, prepping their immune system for the real virus.

    This is all future stuff, of course. It could also be prone to problems, such as someone hacking into the system and posting a DNA sequence that does bad things to people. Shucks, the autism/vaccine scares already show people's fear of such things. Might make for a good story, though.

  6. 1+1=11 by glaswegian · · Score: 5, Insightful
    For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'

    I make it 0.4% ...

  7. Load Of Dung by Spinlock_1977 · · Score: 5, Insightful

    I like the magic part where this incredibly advanced piece of software figures out that the machine has been infected. It's so smart, in fact, it can figure out what viral signature can uniquely identify it.

    Ya know, if ya had some code that could reliably identify virii without signatures, wouldn't we all be running *that* on all our desktops?

    --
    - The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
  8. honeypot on secure network? by Eric+Smith · · Score: 4, Insightful
    The honeypot computers would reside in a secure, dedicated network.
    Doesn't that defeat the purpose? Don't they need to be on an insecure network to collect samples of the malware?
  9. Not a load of dung, just expensive by Sangui5 · · Score: 4, Informative

    There are a lot of techniques to do automatic identification of viruses, the problem is that they are too expensive for everyday use--your programs run 40x slower or worse. Below is a selection (small and randomly generated) of related work.

    Mostly, you need to do extensive monitoring of what your program is doing, and look for out-of-bound writes (e.g. buffer overflows/stack smashing), or do taint analysis (that is, don't execute or make "important" decisions based on data "tainted" from an untrusted source). But this requires performing many anaysis operations for every "real" operation, so it isn't feasible to do everywhere.

    Just google the titles for electronic copies.

    Kreibich, C., and Crowcroft, J. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets (Nov. 2003).

    Kim, H., and Karp, B. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium (Aug. 2004).

    Zou, C. C., Gao, L., Gong, W., and Towsley, D. Monitoring and early warning for internet worms. In ACM CCS (Oct. 2003).

    Wilander, J., and Kamkar, M. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS (Feb. 2003).

    Newsome, J., and Song, D. Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In NDSS (Feb. 2005).