Can we really keep out worms?
An interesting piece from Information Security Magazine takes a look at a range of “antiworm” products which promise to contain worms by weeding out bad traffic. Among them: Mirage Networks, ForeScout, Check Point Software Technologies, Silicon Defense and IBM.
They use different approaches, from looking for unfulfilled Address Resolution Protocol requests, to anomaly detection, while others automatically isolate compromised hosts, the article says. Others redirect worm traffic to a quarantined area to buy time to isolate the worm and keep systems available. Others try to limit the spread of a virush by ‘throttling it’, i.e. limit the number of Internet connections an infected computer can have.
Interesting article, but in the end we don’t know exactly what the next worm will do, so aren’t we back at square one, of always being wise after the event, like all anti-virus software? Or am I missing something?
My favourite firewall, Zone Alarm, is being bought by another firewall maker, Check Point Software Technologies [CNet News.com].
It looks to me as if there’s quite significant consolidation within the security software industry, not just from the point of view of big guys buying the smaller guys, but of companies trying to create products that offer an all-round ‘security solution’. Symantec have long peddled this type of idea, but their 2004 embodiments have increased the coverage to include cutting out spam, spyware and even pop-ups. With Check Point focusing on server-side software it makes sense that they grab Zone Labs, whose strength is software for desktops and notebooks.
Expect to see software companies trying to push more integrated software that offers this kind of overall solution to corporates and to ISPs. While it obviously makes sense for companies to farm out these kind of problems — viruses, spam, any kind of disrupting influence on their networks — to single companies. Internet Service Providers will doubtless see a market to sell something similar to the individual user, keeping such rubbish out of their inbox and away from other subscribers.
My only worry is that such ‘packaged solutions’ may not offer the best individual component: Just because a company makes all the products you need, doesn’t mean they’re all great. I use Norton Antivirus but stick with Zone Alarm because it tells me more about what’s going on.