Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Worms Security The Internet Science

Internet Immunization 229

xav_jones writes "Nature.com reports on computer experts from Israel who are proposing a different strategy for combating fast-spreading worms and viruses -- one in which the fix can, theoretically, keep up with or stay ahead of the malicious code. They 'propose a system in which a few honeypot computers lie in wait for viruses. These computers run automated software that first identifies the virus, and then sends out its signature across the Internet. This enables a sentinel program on all the other computers in the network to identify the virus and bar it before it can attack them.' The honeypot computers would reside in a secure, dedicated network. For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'"
This discussion has been archived. No new comments can be posted.

Internet Immunization

Comments Filter:
  • WOW (Score:5, Interesting)

    by rovingeyes ( 575063 ) on Friday December 02, 2005 @05:24PM (#14169674)

    All that to combat worms and viruses? If I am correct, most of the worms and viruses infect because of a vulnerabilitly in the software. So what if these sentinnels of "guardian angels" themselves have some flaws which these viruses exploit. How about spending some money on training developers to practise safe coding. How about educating average joe to not click on the Britney's image and let him know that she is not going to blow him? How about lobbying to pass laws to force software companies to pass a higher standard? Heck even children toys have certain standards that the companies have to adhere to.

    Seems like rational ideas are just an illision now a days. Don quixote suddenly seems more reasonable to me than this guy.

    • Re:WOW (Score:3, Informative)

      by baryon351 ( 626717 )
      > Seems like rational ideas are just an illision now a days

      Seems like good math skills are too. 800,000 computers out of 200 million is WAY more than 0.004% as the summary stated

      Someone is off by a couple orders of magnitude. Much closer to half a percent.
      • Yeah, from the article it's 0.4%. The error was on the part of the poster, not the researcher.
      • Not only that - but to work, these computers are all going to have to communicate their info to each other in real time, and then to the computers depending on them for the signatures.

        So now anyone can DoS the whole internet in under 2 seconds by sending a virus to 1 computer.

        Must be a full moon out there somewhere ...

    • Yes, becuase getting 50 programmers form 20 different companies and organizations to design perfect software that integrates flawlessly with out increasing the budget or time line is soooo simple. We'll just send them off to a week long training seminar! And then they can design interfaces that not only are of a perfect coding standard, but are also designed so that no user could ever create a situation that would put their computer at risk.

      Cha right. And monkies might fly from my ass.

      -Rick
      • by nizo ( 81281 ) *
        Well see all you need to do is write a "good" virus that goes out and infects machines to make them act as honeypots....


        Cha right. And monkies might fly from my ass.

        If they do then lemme tell ya, do I have the website for you [flyingbuttmonkeys.com]!

    • by Sigl ( 691196 )
      All that to combat worms and viruses?

      You're right. That is a lot of work. Please straighten these guys out because there must be something easier than this.

      How about spending some money on training developers to practise safe coding.

      Definitely. Educating the coders has saved us from inefficent apps and poorly documented code. It only makes sense to add secure coding practices to this list of perfection. If only we could have known ahead of time that security might have been a problem.

      How about educati

    • It seems to me that it would be possible for a virus writer to: 1) Identify one of the honeypot machines - there's probably a couple of ways to do that... 2) Target this honeypot machines by sending it an endless array of viruses with different signatures, thereby keeping all the systems using it for security darn busy updating their definitions -- DoS... 3) ... 4) Profit! --
  • A fine idea . . . (Score:5, Insightful)

    by taustin ( 171655 ) on Friday December 02, 2005 @05:24PM (#14169676) Homepage Journal
    Except that no system is prefectly secure.

    And once someone finds a hole in this magic system, it will become the most effective means of distributing viruses ever invented.
    • Re:A fine idea . . . (Score:3, Informative)

      by TubeSteak ( 669689 )
      However, he points out that someone would still need to run the honeypot computers, and it is not clear how to secure the wormholes so that only antiviral agents can use them. "These virus writers are smart guys, and they could find a way to attack the parallel network itself," he cautions.
      Yea, they realize that.
    • by toupsie ( 88295 ) on Friday December 02, 2005 @05:33PM (#14169741) Homepage
      Except that no system is prefectly secure.

      What about the Vic-20 locked in my closet under my old underware with all the keys stuck from 20 year old Coca-Cola? I dare you to break into that!

    • No better at spreading than any current issues. So lets say they break the honeypots, all that they did was make it so people suddenly don't get a warning coming their way (probably), and maybe when they contact the honeypot server (since they couldn't be contacting us due to sheer volume), then they can send something to us. However, all we need from the honeypot is a signature, and we don't have to execute ANYTHING coming from their transmition to our computers because the point of it is to show us a vi
  • Huh?!? (Score:5, Insightful)

    by Locke2005 ( 849178 ) on Friday December 02, 2005 @05:26PM (#14169683)
    The honeypot computers would reside in a secure, dedicated network Wouldn't that make it just a little difficult for the honeypots to contract a virus? Or is this some new definition of the word "secure" that I'm not familiar with?
    • Re:Huh?!? (Score:3, Informative)

      A honeypot need to get infected and then not spread that infection to other computers. Thus it needs a kind of "roach motel security": malware checks in, but it doesn't check out.
    • Re:Huh?!? (Score:3, Insightful)

      by TheRaven64 ( 641858 )
      Better yet, if you know how to make your honeypots 100% secure against all unknown viruses then could you share this technology with everyone else please? That way we wouldn't need the honeypots at all...
      • Does anyone have an example of a potentially dangerous security flaw that was detected and fixed by a software system with no human interaction? I've never heard of it, although I'll gladly have a slice of humble pie if I'm just ignorant.

        If I'm right, I suspect an antivirus network like this is extremely likely to zombie-fy the honeypots, and then use them to propagate a back door to every system relying on the antivirus network.
      • Better yet, if you know how to make your honeypots 100% secure against all unknown viruses then could you share this technology with everyone else please? That way we wouldn't need the honeypots at all...

        Not necessarily. Physically write-protect your hard-disk after a clean install and I'm fairly positive the vast majority your most of your virus woes will disappear.

        Of course, your computer might not be very good for general computing tasks then, now would it? But said computer could work for the pur

  • by SpectralDesign ( 921309 ) on Friday December 02, 2005 @05:26PM (#14169684)
    ...for the ~1 million honey-pots, their connectivity, and their management?
  • Hrrm. (Score:2, Insightful)

    by Anonymous Coward
    Great.. until of course:

    1) Worm writers figure out a way to avoid them or
    2) Someone decides to use the "honeypots" to attack the network itself by flooding it with slightly different worms, making the signal to noise ratio patently obscene.
  • by thisissilly ( 676875 ) on Friday December 02, 2005 @05:28PM (#14169694)
    So now, instead of getting spam for viagra, I get spam for v1agra, vi4gra, vyagra, viegra, etc.

    Virus writers will just add mutational code to their virius, so each instance of infection will have a unique signature.
  • ...or is this not so different from the way anti-virus packages distribute updated signature lists? The TFA uses a lot of biological metaphors, but if you s/honeypot/anti-virus research lab/ this is pretty much the same thing everybody does already. The bit about creating faster-than-virus "wormholes" is mentioned kind of as an afterthought, when, really, it's the most important (and problematic) aspect of the whole plan.
    • by kebes ( 861706 ) on Friday December 02, 2005 @05:45PM (#14169849) Journal
      I think the reason this is interesting (as an idea anyway) is that it would be automated. Nowadays the anti-virus guys check things out, create patches, and deliver patches... so there is a spread of the immunization. Under this scheme, the signature would be automatically sent out to all computers, so people would become immunized very quickly. The cure would spread as fast as the virus, since everything is automated. But there, as far as I'm concerned is the problem. The article says:

      The real trick is to make sure that the antiviral signature travels faster through the Internet than the virus itself,

      I disagree. Sending signals to all participating computers real fast isn't such a big deal. After all, the virus has to poke around inside an infected computer, looking for data on "who to infect next." This immunization system will have a built-in table of how to efficiently route the cure. So it will be faster (or at least competitive with) the virus spreading speed. (I know, I know... virus-writers will exploit that very routing table...)

      In my estimation, the real challenge is to automate the detection. The honeypot must somehow identify what is a virus and what is not (and do it quickly to be at all effective!). Sometimes this will be easy (the honeypot may have a store of thousands of files that it never touches, and if any one of them becomes modified, it must have been a virus trying to replicate itself, etc.)... other times, it may be darn difficult for a machine to tell it has become infected. After all, the whole point of a virus is that it does something unexpected (exploits a bug that was not known to exist). So determining that a virus is operating is hard.

      I also see false positives being a major concern. If the honeypot starts issuing signatures for legitimate net traffic, then the system becomes worse than useless. Just my opinion. I'm no expert.
      • Oh noes figuring out what is teh virus!

        It it runs from e-mail or pokes it's head in through a port and edits code on my machine to start itself IT'S A VIRUS

        If you are worried it might catch spyware then you are too right wing (You can make money from it and it's not illegal!) to live, proceed accordingly.
      • I'd bundle few critical Windows DLLs with my virus. I'd love to see automatic immunization patch created for that!

  • by PIPBoy3000 ( 619296 ) on Friday December 02, 2005 @05:29PM (#14169701)
    I always wondered if the future of human defense against viruses was similar. Use "honeypots" with human-like susceptibility (genetically modified pigs or something). Once their immune systems start figuring out what virus is attacking, take a part of the virus DNA and post the code for the world to see.

    Individuals at home would have their DNA sequencers crank out a batch and they'd then inoculate themselves, prepping their immune system for the real virus.

    This is all future stuff, of course. It could also be prone to problems, such as someone hacking into the system and posting a DNA sequence that does bad things to people. Shucks, the autism/vaccine scares already show people's fear of such things. Might make for a good story, though.
  • What's new? (Score:4, Interesting)

    by Kelson ( 129150 ) * on Friday December 02, 2005 @05:29PM (#14169705) Homepage Journal
    I maintain mail servers with some honeypot addresses. Incoming mail is not only used to train our own filters, but reported to other services like Razor [sourceforge.net]. The whole thing about getting the signatures to travel faster than the worm is easy if you already know where you're sending the data (the worm either has to do scans or pick destinations at random).

    Is the novelty

    1. Using this technique for viruses?
    2. Using a dedicated honeynet?
    • Is the novelty 1. Using this technique for viruses? 2. Using a dedicated honeynet?

      How about someone thinking that dedicating 800,000 computers to guarding Bill Gates' crappy OS is a good use of resources? Give me a break, you could run Google 2 with that kind of processing power.

  • 1+1=11 (Score:5, Insightful)

    by glaswegian ( 803339 ) on Friday December 02, 2005 @05:30PM (#14169712)
    For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'

    I make it 0.4% ...

    • Re:1+1=11 (Score:4, Funny)

      by Beardo the Bearded ( 321478 ) on Friday December 02, 2005 @05:33PM (#14169745)
      It's definitely 0.4%. You are correct and the math in the article is incorrect.

      You get a gold star.
      • From the article:

        There are roughly 200 million computers in the United States; just 800,000 of them acting as honeypots would restrict a viral outbreak to 2,000 machines.

        "And as the network grows, the same proportion of honeypots, around 0.4%, gives you even better protection," says Shir. He and his team present their proposal in this month's edition of Nature Physics.

        The summary is wrong, the article is correct...

  • i got it! (Score:3, Insightful)

    by ajdowntown ( 91738 ) on Friday December 02, 2005 @05:30PM (#14169713) Homepage
    Ok, I think i figured it out!

    If I find out a way to infect the singal the honeypots are sending out, then I can infect even more people, because the people relying on the honeypot machines won't be running anti-virus programs themselves.

    Hmm, that would be fun!
    • SandBox anyone? Run your "honeypot" as a virtual PC session?
      Vmware perhaps? Honeypotting with VMware - basics [seifried.org]

      Summary

      VMware is an invaluable tool for investigators wishing to deploy honeypots for research purposed, or as early warning devices. But like most complex tools it can end up creating a lot of unneeded work, or even maiming your foot if you are not careful. Fortunately VMware is relatively straightforward to use, and there are a number of simple techniques that will make life much easier when per

  • by Anonymous Coward on Friday December 02, 2005 @05:30PM (#14169714)
    ...it would be like if the internet had peanut allergies and malicious code kissed it after eating Reeses Cups.
  • I'm pretty sure (Score:4, Interesting)

    by TubeSteak ( 669689 ) on Friday December 02, 2005 @05:30PM (#14169716) Journal
    I'm pretty sure that ALL the major anti-virus vendors already have honeypots sitting around. That's in addition to the virii nabbed by heuristics on desktop computers & submitted to the anti-virus companies.

    However, I'm willing to give these guys a fair shake. No matter what anyone has to say about their politics, the Israelis definitely know how to do high-tech.

    From TFA:
    "All the ingredients are already there, or could be worked out in a short time," Vespigiani says. He says that some company intranets already run programs that automatically detect the arrival of a new virus, and the architecture of the Internet is sufficiently well understood to position the honeypot computers strategically.
    ...
    "Shir does not have any plans to commercialize the idea. He hopes that people will realize the scheme in an open-source project, freely available to all computer users who want to get involved. But even if a company takes the idea and makes it happen, we'd all have a better defence against viruses," he says."
  • Can this also keep me from receiving the same link to flash cartoons a hundred times from my friends?
  • Load Of Dung (Score:5, Insightful)

    by Spinlock_1977 ( 777598 ) <{moc.oohay} {ta} {7791_kcolnipS}> on Friday December 02, 2005 @05:33PM (#14169746) Journal
    I like the magic part where this incredibly advanced piece of software figures out that the machine has been infected. It's so smart, in fact, it can figure out what viral signature can uniquely identify it.

    Ya know, if ya had some code that could reliably identify virii without signatures, wouldn't we all be running *that* on all our desktops?
    • by Sangui5 ( 12317 ) on Friday December 02, 2005 @06:12PM (#14170050)
      There are a lot of techniques to do automatic identification of viruses, the problem is that they are too expensive for everyday use--your programs run 40x slower or worse. Below is a selection (small and randomly generated) of related work.

      Mostly, you need to do extensive monitoring of what your program is doing, and look for out-of-bound writes (e.g. buffer overflows/stack smashing), or do taint analysis (that is, don't execute or make "important" decisions based on data "tainted" from an untrusted source). But this requires performing many anaysis operations for every "real" operation, so it isn't feasible to do everywhere.

      Just google the titles for electronic copies.

      Kreibich, C., and Crowcroft, J. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets (Nov. 2003).

      Kim, H., and Karp, B. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium (Aug. 2004).

      Zou, C. C., Gao, L., Gong, W., and Towsley, D. Monitoring and early warning for internet worms. In ACM CCS (Oct. 2003).

      Wilander, J., and Kamkar, M. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS (Feb. 2003).

      Newsome, J., and Song, D. Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In NDSS (Feb. 2005).
      • i'd rather not be analyzing anyone's taint
  • by Hershmire ( 41460 ) on Friday December 02, 2005 @05:36PM (#14169770) Homepage
    You want to a create a network of machines that are vulnerable to viruses/worms/other baddies, provide a full index of these computers and their addresses on a huge number of central servers, and then you want to deliberately expose those central servers to malacious code?

    Is that what I'm reading? If that's so, then count me out. I can't take care of my own, thankyouverymuch.
  • OR... (Score:3, Insightful)

    by Anti-Trend ( 857000 ) on Friday December 02, 2005 @05:39PM (#14169791) Homepage Journal
    ...we could just not use operating systems which have abysmal security. You know, the one that attracts malware in the same way a magnet attracts iron ore. Yeah, you're right, that's crazy talk.
  • Already In Place (Score:3, Informative)

    by Anonymous Coward on Friday December 02, 2005 @05:41PM (#14169804)
    Symantec, at least, already has a network like this in place and it has been in place for several years. I believe other companies do as well.
  • by Doc Ruby ( 173196 ) on Friday December 02, 2005 @05:42PM (#14169817) Homepage Journal
    Why do they need dedicated honeypots? Why not just include software in SMTP servers that lets them notify each other when they identify a virus locally? An SMTP operator could subscribe to several dozen peers, in a network of trust. When their own threshold of peers reporting the same virus is reached, they've got a hit.

    Maybe this is a good application for the Usenet tech, to flood the trust networks with info rapidly, reliably, and without a centralized authority that itself can be attacked or otherwise compromised. Most of this tech already exists. We don't need 800K new servers that do nothing else, when we've got even more that also serve mail. Maybe the researchers are setting up a spinoff security network. But their research actually points to a better system than relying on them for more than the starting point.
  • by postbigbang ( 761081 ) on Friday December 02, 2005 @05:42PM (#14169823)
    There are already appliance makers that do this very thing: identify malware and viruses, and signal the others, usually in the guise of spam control appliances.

    Webs of early notifiers is also not a new idea; look at the honeypot networks that are on the web, the honeypot project, and so on.

    The containment cited is theoretical, subject to the ability to correctly identify behavior, and doesn't prevent users from clicking on URLs that have malware, or filter signatures that have fast breakout behavior.

    And so, the merit of the Nature article is in question. It's just a PR release in disguise.
  • You have a bad case of Windows XP security.

    take two OSS tablets (not applicable in France) and call me in the morning

  • by jgaynor ( 205453 ) <jon@gaAUDENynor.org minus poet> on Friday December 02, 2005 @05:49PM (#14169876) Homepage
    This is a fine idea, and one that could be done at little cost save for the 'global honeypot network' part. Why not use info from an existing distributed log source like Dshield [dshield.org]?

  • Wow... (Score:3, Interesting)

    by Spy der Mann ( 805235 ) <spydermann.slash ... com minus distro> on Friday December 02, 2005 @05:54PM (#14169919) Homepage Journal
    it just amazed me. This is nothing but a replication of the natural immune system... where the honeypots are the lymphatic ganglions, and the signatures are the antibodies.

    I'd like to see how this results... whatever the outcome, it's an interesting experiment.
  • Anyone care to imagine what 800,000 computers in the Internet equivalent of anaphylactic shock would look like?
  • Not really... (Score:2, Insightful)

    by n0dalus ( 807994 )
    I'm sure this system would work if the honeypots were evenly distributed among IP blocks but they simply can't be (huge chunks of the IPv4 address space are already taken). A worm might infect hundreds of thousands of computers before ever hitting one of the honeypots. Even if the honeypot gets it and sends it to an AV company, and they issue an immediate update, it takes hours for everyone to get updated. History's most damaging worms were able to infect millions of computers within this kind of timeframe.
    • I partially agree. It's entirely possible the virus infects lots and lots of computers before hitting a honeypot. However, part of the idea here is that once a honeypot gets infected, the signature is quickly spread all over the place. Under this system, not just the AV companies find out about it, but it spreads directly to all servers and even end-users quickly. So, for instance, some servers/routers/ISPs could, once they receive a new signature, simply block traffic with said signature. For instance, if
  • by Sangui5 ( 12317 ) on Friday December 02, 2005 @05:59PM (#14169962)
    I didn't know that Nature was such a high end CS publication. At SOSP this year Vigilante (http://research.microsoft.com/~manuelc/MS/Vigilan teSOSP.pdf [microsoft.com]) was presented--a much more complete paper in a more salient venue.

    The citations list at the end of the Nature paper also is missing a large body of relevant work. Check the citations list of the Vigilante paper for details--50 references most of which are missing from the Nature pub. Also, the publications the Nature paper cites are mixed--some are good (like http://www.icsi.berkeley.edu/~nweaver/containment/ [berkeley.edu]), but I don't think the editors of "Physical Review Letters" (a physics journal) are really up to speed on the latest in computer security research. Indeed, most of the works they cite are either from physics journals, Nature, or Science.

    The analysis is quite math heavy, and makes some unrealistic assumptions (i.e. worms only spread to their neighbors). In the end, they "show" that it is theoretically possible to stop worms with a side-channel network. Vigilante, on the other hand, has an implementation of a vaccination system, and simulation results run against Blaster, Slammer, and Code Red. Now, which is more convincing to you?

  • Figure out where the honeypots are (i.e. who sends the new virus descriptions first?), then spam them with tons of small variants of various worm and virus code, which they happily amplify and flood the pipes of their whole downline tree. This is supposed to be a good idea?
  • by Eric Smith ( 4379 ) * on Friday December 02, 2005 @06:00PM (#14169971) Homepage Journal
    The honeypot computers would reside in a secure, dedicated network.
    Doesn't that defeat the purpose? Don't they need to be on an insecure network to collect samples of the malware?
    • I think (and hope) they mean secured so that the honeypot computers will not spread the infection. The researchers probably do not want to stick 800,000 zombies onto the Internet. How they would achieve this one-wayness is beyond me, but that's what I think they mean.
      • I suppose that could be as simple as putting them behind a firewall that allows all incoming connections, but disallows all outgoing connections.

        That's just about the opposite of what I normally think of as a "secure network".

        That also makes their infection detection simpler; if the computer attempts to make any outbound connections, it's infected. But malware that has a long incubation period wouldn't be detected promptly, so other methods must be used as well.

  • In Terminator 3 isn't this how SkyNet became sentient and decided that humans suck and launched it's missles? Hmmm...
  • Vigilante (Score:3, Informative)

    by saikatguha266 ( 688325 ) on Friday December 02, 2005 @06:02PM (#14169984) Homepage
    The article in the story doesn't seem to mention existing work in the same area. This approach has already be proposed, evaluated and peer-reviewed in the top networking conference (SIGCOMM'04) [1] and the top Operating System's conference (SOSP'05) [2]. The existing approach was proposed by Microsoft Research and is called Vigilante.

    They find that it is possible to quickly detect worms automatically, construct automatic filters for just the worm and not benign traffic, and distribute it quickly to vulnerable hosts in a secure, non-forgeable way.

    [1] http://portal.acm.org/citation.cfm?id=1095809.1095 824 [acm.org]
    [2] http://research.microsoft.com/research/pubs/view.a spx?type=Publication&id=1483 [microsoft.com]
    • Yep, the story article is of rather low quality. As I state in my earlier post [slashdot.org], they neglect quite a bit of good CS work, and instead cite such CS heavyweights [psu.edu] as "Physical Review E".

      Except for Yuval Shavitt [google.com] the authors barely even register in DBLP (a database of CS bibliographies). Not [google.com] big [google.com] players [google.com] in the CS community, and obviously not fully aware of the existing work.
    • The existing approach was proposed by Microsoft Research and is called Vigilante. They find that it is possible to quickly detect worms automatically, construct automatic filters for just the worm and not benign traffic, and distribute it quickly to vulnerable hosts in a secure, non-forgeable way.

      Can anybody explain to me why they haven't put this into action ? They would be hailed as saviours of the (electonic) planet. Are there still a 'few kinks' to be ironed out or are we into tinfoil-hat-area ?

  • nothing new (Score:2, Informative)

    by ezelkow1 ( 693205 )
    After attending a talk given by Niels Provos, creator of Honeyd, he showed this exact thing 3 months ago. He setup multiple honeyd nets all showing the same possible exploit holes to try and capture spyware and virii and then issue patches if these holes were found on the rest of the system and showed that with the right amount of machines it can be done effectively. These guys seem to just be copying his research verbatim
  • A Scientific American article, pointing to its similarity to the idea of biological immunity mechanisms, put forth an idea like this 4 or 5 years ago [sorry, too lazy to go look it up]. The biological parallel was that the signatures sent out by the honeypots were analagous to antibodies manufactured to help killer cells recognize foreign cells. I think the pitfalls of this idea can also be extrapolated from the biology of autoimmune diseases. The worst thing that could happen would be for a malware code
  • Autoimmunity (Score:2, Insightful)

    by janneH ( 720747 )
    With an automatic response like that, I wonder if virus writers would learn to craft a virus that caused the sentinal program to generate a signature that removed/damaged important files (or otherwise wreak havoc) on the computers they were supposed to protect. Cause an autoimmune response if you will.
  • Maybe I'm missing something, but doesn't sound like anything that's not already being done. Firstly, antivirus companies I'm sure run honeypot machines to help them "catch" new viruses, and then distribute them via automatic updates to their customers, more or less immediately. Antispyware works the same way, except they also use those user-contributed spyware networks, which serves the same purpose as these proposed honeypots serves (antivirus companies do this too but I don't get the impression it's their
  • malware authors will immediately set up a network of computers to maintain a list of known honeypots so that they can be avoided while propagating. They could call it "WormGuardian", say.
  • computer experts from Israel who are proposing a different strategy for combating fast-spreading worms and viruses

    First, you build this giant wall...

  • Malicious computer viruses could be stopped in their tracks by immunity software that spreads faster than the virus itself MS fixing its fucking operating system , says a team of computer experts from all over the right thinking world.
  • Hackers working on theoretical virus to defeat theoretical 'honey pot' virus stoper.
  • If you start from the premise that the honeynet's code will perform perfectly; ie that it cannot be owned by the virus and that it can therefore be trusted to work as advertised, fine.

    But the problem is that in reality, the honeynet is composed of software too, so even if you think it is better than nothing, you might change your mind when virus writers discover exploits in the honeynets.

    Hoping the honeynet computers won't break containment at that point is wishful thinking at best.
  • That idea is very, very old.

    Nature seems to want to publish stuff in computer science, but it is becoming increasing clear that they simply have no clue what they are doing. Apparently, they select papers that take some idea from computer science, add some biological or physics jargon, and otherwise fit their format, and publish it.

    It seems more and more like Nature is turning into the New Scientist, only Nature isn't as entertaining.
  • I'm not a programmer, so I apologize for my ignorance and stupidity in advance, but couldn't antivirus software effectively turn normal users' PCs into the honeypots they're talking about in pretty much the same way? From my admittedly naive point of view, it seems like the only thing missing is the ability for AV software on uers' machines to send outbound alerts.

    If my machine is running Norton AV, and I get something, couldn't my machine just automatically alert a central Symantec server or something lik

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...