HP puts speed bumps on viruses

By Steve Malone

Posted on 1 Dec 2004 at 10:03

Developers working in HP's research labs think they have come up with a way to slow down the spread of viruses, by detecting the speed at which they spread.

Tony Redmond, HP's CTO, speaking at a security briefing said, 'Any worm of virus that depends on its ability to spread itself will be hurt by this technology.'

Explaining how the system, tentatively named Virus Throttler, detects a virus type attack, Redmond said, 'A rogue process such as a worm or virus tends to be making the same type of connection at a much more frequent pace. If a process probes a particular socket on 1,000 systems a minute, what can you conclude? It's probably not a user or server process.' Once the software detects the pattern of a likely attack, it will restrict the processor time allocated and eventually halt it altogether.

The company points out that in January 2003 the SQL Server Slammer worm hit 79,000 servers in just over half a hour when it appeared last year. If Virus Throttler had been in place the worm would have spread far more slowly and possibly saved tens of millions of dollars world wide from lost business and emergency repair work.

HP says that it has been testing the system on 50 of its own servers with intentionally introduced viruses. The viruses were all detected and slowed down, the company says, without affecting legitimate performance.

The software is expected to be offered to customers of HP ProLiant server and ProCurve network switching equipment next year although no prices have been announced. HP would not say whether the system would be available to PCs which are by far the most likely target for virus attack.