Shir notes that viruses typically propagate by sending themselves to addresses harvested from Outlook or other similar e-mail programs. He counters this strategy by seeding networks with "honeypot" computers, designed to draw out any active viruses. Each of these computers has a normal-looking e-mail address, but as soon as a virus activates its e-mail system, the computer records the virus's characteristics. It then sends other networked machines a description of the virus's code so that the other computers can block the virus, much as antibodies learn to stop real viruses.
This approach has a leg up on programs like Norton AntiVirus, which require each computer to download a list of virus descriptions compiled by the company that sells the software. "Current antivirus schemes are focused on cleaning the specific computer on which they were installed," Shir says. "Our goal is to immunize the entire network." He says the strategy requires only a modest investment. Simulations show that placing one honeypot among every 250 computers in a network produces such a quick reaction that no virus can infect more than 1 percent of them. Shir hopes to release a commercial version of the software within the next few years.
No comments:
Post a Comment