IBM is planning to launch a new worm-detection solution today that takes the "honeypot" (define) technique of fighting worms to a new level, internetnews.com has learned.
The project, code-named "Billy Goat," assigns a server a large number of unused and unadvertised addresses, according to a document seen by internetnews.com.
Most traditional virus-fighting tools depend on signature-based technology. The problem now, according to Amrit Williams, research director for information security at Gartner, is that threats are becoming more difficult to detect.
"Traditional signature-based anti-viruses don't protect anyone anymore," Williams told internetnews.com.
The purpose of honeypot-type solutions is to lure new forms of malware so they can be identified and then disabled.
"A honeypot doesn't protect anything," said Williams. "It's like having a safe that's easily cracked and putting fake jewels to see how someone might crack the safe."
The feature responds to requests sent to unused IP addresses, presenting what looks like a network full of machines and services to the worm or virus. By feigning a whole network environment and recording connection attempts, however, the Billy Goat tricks worms into revealing their identities.
No comments:
Post a Comment