An Immune System For The Internet?
from the until-it-gets-infected,-of-course dept
We've talked about the problems with many anti-virus solutions today that rely on a fingerprint of the virus that then gets sent out to client applications on a regular basis. It's a reactive approach that is often too late -- especially as new viruses are created and spread faster than ever. Another approach to fighting viruses is behavioral, where the anti-virus software tries to recognize actions commonly associated with viruses, and block them off. This has problems also, in that plenty of legitimate products may also take similar actions, and the new scam will be tricking people into "accepting" malicious software by having it piggyback on something legitimate. However, if the behavioral products are on the network, some can be decent at spotting threats -- but still they face the problem of distributing the protective code out to other machines fast enough. The infections move just as fast, if not faster, and they have a head start. So, some researchers have tried to attack the second part of that problem, and devised a system of honeypots that could be outfitted with the behavioral software. The trick, though, is that those honeypots would also be connected to each other "via a dedicated and secure network." Think of the dedicated network as a shortcut to all the important hubs. Thus, once one honeypot machine discovers a virus and cures it, it can widely distribute the cure very quickly. The researchers mathematically show that it would beat the virus to most machines -- and it gets even better as the network gets larger. Of course, even ignoring the questions about just how well this behavioral software can recognize a virus and create the "cure" code, it seems the bigger issue is how can you really keep that separate dedicated network secure? Wouldn't that be the immediate target of the determined hacker? They'd all want to figure out how to hijack that network to spread their viruses even faster.