Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.


Automagically isolating Internet worms

  • Comments 2
  • Likes

A paper from Microsoft Research (MSR), first published last summer, is getting new interest after MSR's internal TechFest last week.  The idea is that hosts would analyze traffic hitting them and automatically broadcast alerts.  While false negatives can mean that many hosts will not detect the worm, doing this across a large group of machines means that some hosts will detect it and start broadcasting the self-certifying alerts.  Of course there are a ton of issues with this approach but the authors have done a good job of going through the threats and countermeasures.  It's a really interesting idea and I hope that they continue with the research.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment