, The Associated Press 2004-11-30
Engineers at Hewlett-Packard Co. are working on "virus throttling" software that could slow the spread of viruses and worms, possibly limiting the destruction that hackers inflict on millions of computers each year.
Researchers for the Palo Alto, Calif.-based computer giant said Tuesday the new software wouldn't destroy threats such as the "Blaster" Internet worm, which crippled more than a million computers last summer.But the software -- tentatively named Virus Throttler -- would blunt the sting of viruses by identifying and alerting technicians of suspicious behavior. If the patented software suspects a computer has become infected with a so-called "self-propagating" worm, it severely limits some of the computer's functions.
"The oxygen that a virus breathes is its ability to propagate, and by taking away the ability to propagate, we throttle the virus," HP chief technology officer Tony Redmond said. "Any worm or virus that depends on its ability to spread itself will be hurt by this technology."
The software is already installed on 50 HP servers, and it has slowed down intentionally introduced viruses -- without slowing down overall performance. HP plans to begin selling the software to corporate customers next year, but it hasn't released prices.
HP has not yet tested the software on PCs. Redmond wouldn't speculate on when, if ever, the software would be sold to individuals.
No one outside HP has tested the software yet. But Alan Paller, director of research at Bethesda, Md.-based SANS Institute, said the overall idea "makes sense."
He agreed with the overall philosophy of HP security engineers: They'll never be able to wipe out viruses, so they should focus on minimizing the pain viruses cause.
"It's an arms race, not a simple war," Paller said. "I've been hearing people talk about the notion of throttling for a long time, and it's a spectacular idea if HP can get it to work."
If Virus Throttler had been installed during the January 2003 "Slammer" worm, Redmond said, it could have prevented millions of dollars in lost productivity and damages.
Slammer spread by sending out thousands of probes per second and saturating Internet data pipelines. Unlike most viruses and worms that preceded it, such as the May 2000 "Love Bug," Slammer spread directly through network connections and did not need e-mail as a carrier.
Virus Throttler would have suppressed the computer's ability to make so many network connections, Redmond said. Instead of allowing 1,000 or more network connections per second, the software would have prohibited computers from connecting to more than 50 networks per minute.
Redmond emphasized that the software can't kill viruses. He likened it to powerful medicine that minimizes the worst symptoms of a cold or flu -- without eradicating the virus causing the illness.
"We've put the virus back into a box, but the network administrator eventually has to go back and shoot the virus and put it out of its misery," Redmond said.