suicidegirls.com/interviews/

Virus Spread Techniques To Combat Viruses

As yet a worm brings trouble to MSN and Hotmail, it turns out that by employing some of the same techniques used by virus writers could increase response time, and in essence, "immunise" the internet.

Most conventional anti-virus programs use "signatures" to identify and block viruses. But experts must first analyse a virus before sending out the fix. This means that rapidly spreading viruses can cause widespread damage before being stopped.

Some researchers have developed artificial "immune systems" that automatically analyse a virus meaning a fix can be sent out more rapidly. In practise, however, computer viruses still tend to spread too quickly.

Now Eran Shir, and colleagues at Tel-Aviv University in Israeli, [...] propose developing a network of "honeypot" computers, distributed across the internet and dedicated to the task of combating viruses. To a virus, these machines would seem like ordinary vulnerable computers. But the honeypots would attract a virus, analyse it automatically, and then distribute a countermeasure.

But the honeypots would be linked to one another via a dedicated and secure network. This way, once one has captured a virus, all the others will quickly know about the infection immediately. Each honeypot then acts as a hub of healing code which is disseminated to computers connected to it. The countermeasure then spreads out across the broader network.

It only exists currently as a mathematical model: nothing yet has even gone beyond the prototype stage. Simple simulations show that as the size of the network increases from 50,000 to 200 million machines, the infection rate decreases from 5% to 0.001%, with 0.4% of the network acting as these honey pots.

So for the moment, we're still suck with using antivirus software and firewalls and the like. If you've ever wondered what it's like to work for one of these firms, like Symantec, they sound like they have pretty cool places to work in. Like a nuclear bunker.

In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center. The Winchester team analyzes some 1.5 billion lines of code per day, said Jeff Ogden, Symantec's director of managed security services for Europe, the Middle East and Africa. "We spend our lives gathering and analyzing information and intelligence," he said. "This is an enormous amount of information, and we're trying to pull it into a coherent state."

Access to the bunker is closed--even other Symantec personnel cannot enter the building without prior clearance. Any visits must be announced at least 24 hours in advance. Symantec customers must sign nondisclosure agreements before visiting. The bunker runs round the clock, staffed by a minimum of four and a maximum of 15 analysts.

Even the atmosphere inside is highly managed. It is pressurized to 1.5 pounds per square inch greater than outside air pressure, so air is constantly being forced out--handy if someone decides to drop an atomic bomb in the vicinity. In the event of a nuclear attack, the air can be filtered through charcoal, and there are still safeguards in place against a gas attack.

You can see some photos of it here. It certainly looks better than most open plan cube farms.

web address: http://suicidegirls.com/news/geek/13209/Virus-Spread-Techniques-To-Combat-Viruses/