Can we really keep out worms?
An interesting piece from Information Security Magazine takes a look at a range of “antiworm” products which promise to contain worms by weeding out bad traffic. Among them: Mirage Networks, ForeScout, Check Point Software Technologies, Silicon Defense and IBM.
They use different approaches, from looking for unfulfilled Address Resolution Protocol requests, to anomaly detection, while others automatically isolate compromised hosts, the article says. Others redirect worm traffic to a quarantined area to buy time to isolate the worm and keep systems available. Others try to limit the spread of a virush by ‘throttling it’, i.e. limit the number of Internet connections an infected computer can have.
Interesting article, but in the end we don’t know exactly what the next worm will do, so aren’t we back at square one, of always being wise after the event, like all anti-virus software? Or am I missing something?