HP shelves virus throttling product

Hewlett-Packard has announced it will not be releasing a security service called Virus Throttler, a cutting-edge technology for...

Hewlett-Packard has announced it will not be releasing a security service called Virus Throttler, a cutting-edge technology for choking off the spread of viruses, citing conflicts with Microsoft's Windows operating system.

The technology does a good job of stopping viruses and worms from spreading, but is not practical for use in mixed networking environments because it requires operating system changes incompatible with Windows, said Tony Redmond, vice-president and chief technology officer of HP.

Virus Throttler slows the spread of virus and worm attacks by limiting the network destinations that a virus-infected computer can attempt to connect to each second.

The service was designed to alleviate the network congestion that often accompanies virus outbreaks, as one or more infected machines flood the network with traffic while searching for other vulnerable hosts. Such denial-of-service attacks often complicate virus outbreak recovery by preventing network administrators from observing network traffic and communicating with hosts on the network.

The technology notices changes in host machine behaviour, which indicates a virus infection. It then chokes off the attack by limiting the frequency of outbound communications from the host machine to "throttle" communications with other hosts on the network.

HP got Virus Throttler to work well in its labs with products using operating systems like HP-UX and Linux. However, the technology required changes to the way those operating systems run that HP could not duplicate on Windows systems, because "we don't own Windows", Redmond said.

Virus Throttler was one of two new security services developed by company researchers that HP debuted at the RSA Security Conference in San Francisco.

The other technology, Active Countermeasures, is a network scanning service that spots vulnerable computers on a network using techniques similar to those employed by worms and viruses.

Last week, HP said it is moving the Active Counter Measures software into beta tests with some European and North American customers and hopes to release the product in 2005. The service allows administrators to find machines even if they are outside of the company's patch management system or "unmapped", or are unknown to administrators.

Network administrators can then "vaccinate" vulnerable machines by pushing out configuration changes or policies that prevent infection.

While both Active Countermeasures and Virus Throttling proved their mettle on HP's internal network of 247,000 hosts, the company may have had a harder time selling the concept to other large companies wanting total protection from worms and viruses, but wary of managing host-based security products, said Tom Ptacek, product manager at Arbor Networks, a network security technology company.

"Worm solutions are an all-or-nothing thing. If your worm defence is going to work and work evidently so your chief executive officer doesn't notice, it can't be piecemeal or incremental," he said.

Paul Roberts writes for IDG News Service

Read more on IT strategy