Windows worm hits headlines but scientists zero-in on zero-day attacks
Although all the news this week is about the Windows worm which has already affected at least 9 million computers, new armoury is being developed in the war against zero-day attacks. Zero day attacks exploit the window of opportunity between security threats being discovered and patches being made available to counter attacks. Researchers at Intel and the University of California, Davis have devised a new way to counter such attacks that involves logging suspicious activity in individual computers and matching against other connected systems.
The second part of the system will be of most interest to enterprises since it is an algorithm that assesses the cost of shutting down a computer system against that of letting malware run loose on the network, according to www.vnunet.com. The software can either be configured to take automatic action or refer a decision to an IT manager.
Senthil Cheetancheri, one of the University researchers, reckons this is key to the system’s usefulness. “The question is whether I should shut down the network and risk losing business for a couple of hours for what could be a false alarm, or keep it running and risk getting infected,” he says. “One suspicious activity in a network of 100 computers can’t tell you much but when you see half a dozen activities and counting, you know something’s happening.”
The algorithm is also able to assess the importance of individual machines. Since the cost of taking down a server is much greater than a seldom-used computer, the system would shut down the latter system first.
Although at an experimental stage, the team is now moving forward and trying to make sure that the system runs without hogging bandwidth and interfering with other applications. The outlook is promising and could lead to one fewer headache for enterprise IT managers.