HP Works On Software To Slow Computer Worms
Researchers for the Palo Alto, Calif.-based computer giant said Tuesday that the new software wouldn't destroy threats such as the "Blaster" worm, which crippled more than a million computers last summer.
But the software -- tentatively named Virus Throttler -- would blunt the sting of viruses by identifying and alerting technicians to suspicious behavior, HP says. If the patented software suspects that a computer has become infected with a so-called "self-propagating" worm, it severely limits some of the computer's functions.
"Any worm or virus that depends on its ability to spread itself will be hurt by this technology," said HP chief technology officer Tony Redmond.
HP plans to begin selling the software to corporate customers next year, but it hasn't released prices. It has not yet tested it on PCs. Redmond wouldn't speculate on when, if ever, the software would be sold to individuals.
The software is already installed on 50 HP servers, and it has slowed down intentionally introduced viruses -- without slowing down overall performance, HP says.
No one outside HP has tested the software yet.
But Alan Paller, director of research Bethesda, Md.-based SANS Institute, said the overall idea "makes sense."
He agreed with the overall philosophy of HP security engineers: They'll never be able to wipe out viruses so they should focus on minimizing the pain they cause.
"It's an arms race, not a simple war," Paller said. "I've been hearing people talk about the notion of throttling for a long time, and it's a spectacular idea if HP can get it to work."
If Virus Throttler had been installed during the January 2003 "Slammer" worm, Redmond said, it could have prevented millions of dollars in lost productivity and damages.
Slammer spread by sending out thousands of probes per second and saturating Internet data pipelines. Unlike most viruses and worms that preceded it, such as the May 2000 "Love Bug," Slammer spread directly through network connections and did not need e-mail as a carrier.
Virus Throttler would have suppressed the computer's ability to make so many network connections, Redmond said. Instead of allowing 1,000 or more network connections per second, the software would have prohibited computers from connecting to more than 50 networks per minute.
Redmond emphasized that the software can't kill viruses. He likened it to powerful medicine that minimizes the worst symptoms of a cold or flu -- without eradicating the virus causing the illness.
"We've put the virus back into a box, but the network administrator eventually has to go back and shoot the virus and put it out of its misery," Redmond said.
Copyright © 2004 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.