Skip the navigation

HP shelves virus-throttling product

An executive cited conflicts with the Windows operating system for the decision

By Paul Roberts
August 24, 2004 12:00 PM ET

IDG News Service - Six months after unveiling cutting-edge technology designed to choke off the spread of viruses, Hewlett-Packard Co. is quietly shelving the project, citing conflicts with Microsoft Corp.'s Windows operating system, a company executive said.
The company won't be releasing a security service called Virus Throttler, which was announced in February. The technology does a good job of stopping viruses and worms from spreading, but it isn't practical for use in mixed networking environments because it requires operating system changes incompatible with Windows, according to Tony Redmond, vice president and chief technology officer at HP.
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP. The service was designed to alleviate the network congestion that often accompanies virus outbreaks, when one or more infected machines flood the network with traffic while searching for other vulnerable hosts. Such denial-of-service attacks often complicate recovery from virus outbreaks by preventing network administrators from observing network traffic and communicating with hosts on the network, HP said.
The technology notices changes in host-machine behavior, which indicates a virus infection. It then chokes off the attack by limiting the frequency of outbound communications from the host machine to "throttle" communications with other hosts on the network, Redmond said.
HP got Virus Throttler to work well in its labs with products using operating systems such as HP-UX and Linux. However, the technology required changes to the way those operating systems run that HP couldn't duplicate on Windows systems because "we don't own Windows," Redmond said.
Virus Throttler was one of two new security services developed by company researchers that HP debuted at the RSA Security Conference in San Francisco. The other technology, Active Countermeasures, is a network-scanning service that spots vulnerable computers on a network using techniques similar to those employed by worms and viruses.
Last week, HP said it's moving the Active Countermeasures software into beta tests with some European and North American customers and hopes to release the product in 2005. The service allows administrators to find machines even if they are outside of the company's patch management system or "unmapped" or are unknown to administrators, the company said. Network administrators can then "vaccinate" vulnerable machines by pushing out configuration changes or policies that prevent infection, HP said.
But Virus Throttler will stay in the lab while HP looks for a way to use the technology in typical network environments, Redmond said. HP has demonstrated the service to Microsoft and other partner companies and may

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies