anchor link to jump to start of content

The Seattle Times Company NWclassifieds NWsource Business and Technology Home delivery Contact us Search archives
Your account  Today's news index  Weather  Traffic  Movies  Restaurants  Today's events

Monday, February 23, 2004 - Page updated at 12:00 A.M.

Weekly interest and loan rates | Northwest stock contest 2004

Technology scorecard | Consumer affairs | Home values

HP points new weapons against virus, worm attacks

By Kim Peterson
Seattle Times technology reporter

E-mail E-mail this article
Print Print this article
Print Search archive
Saying it was inspired by the way the human body fights off disease, Hewlett-Packard plans to announce today that it has developed two new methods to help combat computer worms and viruses.

Researchers at HP Labs developed the new services, called Active Countermeasures and Virus Throttler, and tested them on the company's vast computer network over the past year. The services will likely be included by year's end in the security packages HP offers big businesses, executives said.

The services will provide some relief for corporate computer systems in an environment that is "on the brink of a crisis," said Joe Pato, a researcher with HP Labs in Palo Alto, Calif.

"We as an industry are trying to become more adaptive, more responsive and create faster business processes," he said. "But at the same time, we have increasing attacks on the lifeblood of communications, the Internet."

The company's announcement is timed to the kickoff of RSA, the annual computer and network-security conference that runs this week in San Francisco.

About 10,000 people are expected to attend the show, which will focus, in part, on the computer worms and viruses that are attacking networks with increasing frequency.

Pato describes HP's Active Countermeasures service as "fighting fire with fire." The service mimics a computer worm's ability to take advantage of vulnerabilities on certain machines, and aims to get to those machines first.

The key to the service is setting aside some computers on a network and giving them the task of scanning a portion of the network.

At the same time, the service closely tracks reports of new system vulnerabilities on hacker bulletin boards and from more institutional sources such as the CERT Coordination Center at Carnegie Mellon University.

The information is quickly sent to the scanning computers, which search out the same weaknesses on a network and alert administrators to potential problems.

"It provides a mechanism for just discovering which machines are vulnerable," Pato said.
Fighting a virus

HP said its second service, Virus Throttler, was built around the idea that worms and viruses explode onto the scene much too quickly for people to recognize and stop them.

When a person browses the Web, for example, the computer makes new connections to the Internet with every new Web site. A handful of new connections might be made every few seconds.

But a virus that consumes a machine fires off new connections at a much faster rate as it replicates itself over and over. The Virus Throttler service slows down those connections when it senses they're happening too quickly.

Those connections are put into a backlog to wait while computer administrators sort it all out, Pato said.

"When you have fast-moving worms, that backlog hits a threshold really quickly," he said. "We're able to say, 'This is not normal behavior.' "

HP has beefed up its security research over the past few years in response to the growing outbreak of computer attacks, said Tony Redmond, HP's chief technical officer of services.

The company has also changed its attitude. In the past, each division would focus on its own security work, but over the past year the effort has become much broader.

"The company is working as a collective whole," Redmond said. "It's across all of the company and it's baked into everything that we do."

HP is set to demonstrate its new approach as one of 250 companies exhibiting on the show floor at RSA. Companies ranging from Microsoft to VeriSign will also have booths and plan security announcements this week.

The RSA show, now in its 13th year, started off as a gathering of about 50 people, mainly cryptographers who develop the mathematical equations that run behind electronic-security systems.

The show is steeped in security geekiness. Its theme this year is ancient China, which pays homage to the Chinese Remainder Theorem — a calculation developed in the late third century by the scholar Sun Zi to count and conceal large numbers.

RSA is named after three professors from the Massachusetts Institute of Technology — Ron Rivest, Adi Shamir and Len Adelman — who developed what is known as the RSA cipher. That algorithm was the foundation for all electronic security, said Sandra Toms LaPedis, general manager at RSA Conferences, which organizes the annual show in San Francisco.

"RSA is the gathering place for the security industry," she said.

Highlights include keynote speeches by Microsoft Chairman Bill Gates and television journalist Cokie Roberts. Government representatives, including managers from the federal Department of Homeland Security, are expected to attend, as are researchers, professors and information-technology workers.

Area companies

Several Puget Sound-area companies are expected to tout their new products.

Seattle-based F5 Networks will be there for the first time. The company, which has 325 employees in Seattle, made a name for itself developing software that manages Internet traffic. It began offering more security products last July after it spent $25 million acquiring the assets of uRoam, a security company.

uRoam's technology centered on creating safe ways for employees to remotely access applications on a company's network from any Internet browser.

"It's a very hot area in the security space today," said Jeff Pancottine, a senior vice president at F5.

Seattle-based WatchGuard is showing off its Firebox X for small and medium-sized companies.

The product is designed to be a package that combines an Internet firewall with intrusion prevention, spam blocking, Web filtering and antivirus protection.

The technology industry has undergone a major shift in thinking over the past couple of years, said Mark Stevens, chief strategy officer at WatchGuard. Previously, companies knew they needed a firewall and antivirus system, but that didn't stop worms and viruses from attacking, he said.

"We're seeing a big shift to what is needed to keep them from getting in," he said.

Kim Peterson: 206-464-2360 or

Copyright © 2004 The Seattle Times Company

More business & technology headlines


Today Archive

Advanced search

advertising home
Home delivery | Contact us | Search archive | Site map | Low-graphic
NWclassifieds | NWsource | Advertising info | The Seattle Times Company


Back to topBack to top