Slashdot Mirror
Researchers Tout New Network Worm Weapon
coondoggie writes "Can Internet worms be thwarted within minutes of their infection? Researchers at Ohio State University believe they can. The key, researchers found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans — a sign that it has been infected — administrators should take it off line and check it for viruses. In a nutshell, the researchers developed a model that calculated the probability that a virus would spread, depending on the maximum number of scans allowed before a machine was taken off line.'The difficulty was figuring out how many scans were too many,' researchers said."
...it has been posted on the front page of Slashdot, every future worm author will code their stuff to spread more slowly, so that the increase in scan rate is negligible. Hooray for self-obsoleting discoveries!
(Don't get me wrong, I'm a huge proponent of publicly posting computer security information. But this seems pretty easy to circumvent when considered, no?)
They were looking at 10,000 scans, which would be about how much I would expect my constantly-on bittorrent to do over the course of a week or more. I don't think it'll be a problem at that threshold.
At lower thresholds (which they'll surely need since worms and viruses will just start scanning more slowly), they can start analyzing patterns and individual packets. This won't solve the problem overnight, but it will eliminate virtually all worms and viruses in the wild right now and make future worms and viruses propagate much more slowly.
I've been a network specialist/admin for a few companies including banks and a univeristy, and my personal idea/solution is a quasi-vlan system where each workstation is unable to talk directly to other workstations within the same LAN/Campus. Think about it, allow workstations to talk to servers and necessary resources but not directly to each other.
There is no need anymore. People need to connect to the Internet and file servers, etc. Rarely if ever is it actually necessary or preferable to have people connect to each other. The servers *should* be the best updated and protected systems and much easier to trust than Joe Sixpacks PC.
You stop worms from impacting you locally, and at worst your Internet pipe gets congested by a big outbreak which can be easier traced and combated when you aren't also fighting a spreading fire.
http://teasphere.wordpress.com - A little spot of tea
Erm, actually, OSX has been found to be vulnerable to TONS of things, why else the 30 and 40 patch packs released all at once :)
Remote vulnerabilities such as this: http://www.securityfocus.com/bid/29514 would say well, maybe MacOSX IS vulnerable to such types of malware (they only need to cause buffer overflows or exploit remote code vulnerabilities and you can get nailed just like any other OS that is coded by humans).
The question is: Are Macs with their puny marketshare, worth the bother of hacking?
Answer: Some people/groups are starting to show interest in this, yes. But on the whole, no, they aren't worth the bother. Mainly this interest has grown since Apple swapped over to x86 architecture. I find that interesting.
I think the bigger thing to sit and think about is this: No software written, and no hardware designed by humans will ever be perfect. There will always be a weakness somewhere in the system. Deal with it the best you can, like everyone else, and stop spouting stupid nonsense about an invulnerable OS.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.