After unveiling cutting-edge technology for choking off the spread of viruses in March, Hewlett-Packard Co. is quietly shelving the project, citing conflicts with Microsoft Corp.’s Windows operating system, a company executive said.
The company will not be releasing a security service called Virus Throttler, announced in February. The technology does a good job of stopping viruses and worms from spreading, but is not practical for use in mixed networking environments because it requires operating system changes incompatible with Windows, according to Tony Redmond, vice-president and chief technology officer of HP.
Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second, according to HP.
The service was designed to alleviate the network congestion that often accompanies virus outbreaks, as one or more infected machines flood the network with traffic while searching for other vulnerable hosts. Such denial of service attacks often complicate virus outbreak recovery by preventing network administrators from observing network traffic and communicating with hosts on the network, HP said.
The technology notices changes in host machine behaviour, which indicates a virus infection. It then chokes off the attack by limiting the frequency of outbound communications from the host machine to “throttle” communications with other hosts on the network, Redmond said.
HP got Virus Throttler to work well in its labs with products using operating systems like HP-UX and Linux. However, the technology required changes to the way those operating systems run that HP couldn’t duplicate on Windows systems, because “we don’t own Windows,” Redmond said.
Virus Throttler was one of two new security services developed by company researchers that HP debuted at the RSA Security Conference in San Francisco. The other technology, Active Countermeasures, is a network scanning service that spots vulnerable computers on a network using techniques similar to those employed by worms and viruses.
Recently, HP said it is moving the Active Counter Measures software into beta tests with some European and North American customers and hopes to release the product in 2005.
The service allows administrators to find machines even if they are outside of the company’s patch management system or “unmapped,” or are unknown to administrators, HP said. Network administrators can then “vaccinate” vulnerable machines by pushing out configuration changes or policies that prevent infection, HP said.
But Virus Throttler will stay in the lab for now, while HP looks for a way to use the technology in typical network environments, Redmond said. HP has demonstrated the service to Microsoft and other partner companies and may ultimately use some of what it has developed in future products, Redmond said.
While both Active Countermeasures and Virus Throttling proved their mettle on HP’s internal network of 247,000 hosts, the company may have had a harder time selling the concept to other large companies wanting total protection from worms and viruses, but wary of managing host-based security products, said Tom Ptacek, product manager at Arbor Networks, Inc. of Lexington, Mass., a network security technology company.