(Mis)Uses of Technology

by Mike Masnick

Wed, Nov 12th 2003 9:31am





Stopping Computer Viruses Before They Reach You

from the is-this-that-big-of-a-deal? dept

Roland Piquepaille writes "The Washington University in St. Louis (WUSL) announced that one of its computer science teams has developed a new technology to stop computer viruses and worms before they reach your system. John Lockwood and his team didn't use software. Instead, they created an open platform that augments a network with reprogrammable hardware, called the Field-programmable Port Extender (FPX). "The FPX can scan each and every byte of every data packet transmitted through a network at a rate of 2.4 billion bits per second. In other words, the FPX could scan every word in the entire works of Shakespeare in about 1/60th of a second," said Lockwood. Real products based on the technology should appear soon. More excerpts and references are contained in my blog which also includes a photograph of an FPX module." I'm a little confused as to what the big deal is about this. It's basically doing two things: put antivirus protection at the network level instead of the end client, which isn't a new idea at all and using an FPGA hardware solution instead of software (which they seem to be saying is faster). Am I missing something, or is this not that big of a deal?

5 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    Need more details

    identicon
    Doubter, Nov 12th, 2003 @ 11:08am

    What size memory does this thing have? It may be able to scan all of shakespeare in 1/60 seconds, but that shakespeare is only coming 1 IP packet at a time. Does it not need to cache file data coming through to detect signatures?

    I'd also be curious as to the number of concurrent file transfers it can maintain state info for.

    reply to this | link to this | view in thread ]

  2.  

    One problem:

    identicon
    Anonymous Coward, Nov 13th, 2003 @ 7:03am

    zero day worms

    How the hell are your going to scan traffic if you don't know what to fscking look for.

    All it takes is one worm that isn't stupid about how it discovers adjacent hosts (how about using netbios/another "native" microsoft protocol instead ICMP?) and uses a polymorphic intrusion process (no need to fill that buffer up with the same thing over and over again).

    ...15 minutes later, while the admin is still typing content into their nifty filter, you're entire network is wormed.

    This sounds like a really weak technology that only fixes the current state of the art problems.

    reply to this | link to this | view in thread ]

  3.  

    I'm a little curious...

    identicon
    Anonymous Coward, Nov 13th, 2003 @ 7:05am

    ...how is the different from MPLS tagging and filtering?

    reply to this | link to this | view in thread ]

  4.  

    ...and it's implemented in hardware.

    identicon
    Anonymous Coward, Nov 13th, 2003 @ 7:07am

    yeah, like this will ever see widespread deployment/the light of day...

    reply to this | link to this | view in thread ]

  5.  

    Re: I'm a little curious...

    identicon
    Learning, Nov 13th, 2003 @ 8:38am

    What's MPLS tagging and filtering? You got a summary or a link you can post?

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This