Stopping Computer Viruses Before They Reach You
from the is-this-that-big-of-a-deal? dept
Roland Piquepaille writes “The Washington University in St. Louis (WUSL) announced that one of its computer science teams has developed a new technology to stop computer viruses and worms before they reach your system. John Lockwood and his team didn’t use software. Instead, they created an open platform that augments a network with reprogrammable hardware, called the Field-programmable Port Extender (FPX). “The FPX can scan each and every byte of every data packet transmitted through a network at a rate of 2.4 billion bits per second. In other words, the FPX could scan every word in the entire works of Shakespeare in about 1/60th of a second,” said Lockwood. Real products based on the technology should appear soon. More excerpts and references are contained in my blog which also includes a photograph of an FPX module.” I’m a little confused as to what the big deal is about this. It’s basically doing two things: put antivirus protection at the network level instead of the end client, which isn’t a new idea at all and using an FPGA hardware solution instead of software (which they seem to be saying is faster). Am I missing something, or is this not that big of a deal?
Comments on “Stopping Computer Viruses Before They Reach You”
Need more details
What size memory does this thing have? It may be able to scan all of shakespeare in 1/60 seconds, but that shakespeare is only coming 1 IP packet at a time. Does it not need to cache file data coming through to detect signatures?
I’d also be curious as to the number of concurrent file transfers it can maintain state info for.
One problem:
zero day worms
How the hell are your going to scan traffic if you don’t know what to fscking look for.
All it takes is one worm that isn’t stupid about how it discovers adjacent hosts (how about using netbios/another “native” microsoft protocol instead ICMP?) and uses a polymorphic intrusion process (no need to fill that buffer up with the same thing over and over again).
…15 minutes later, while the admin is still typing content into their nifty filter, you’re entire network is wormed.
This sounds like a really weak technology that only fixes the current state of the art problems.
I'm a little curious...
…how is the different from MPLS tagging and filtering?
Re: I'm a little curious...
What’s MPLS tagging and filtering? You got a summary or a link you can post?
...and it's implemented in hardware.
yeah, like this will ever see widespread deployment/the light of day…