HP Newsroom > News releases
HP "Throttles" Viruses from the Network to the Desktop with New Security Software and Promising ResearchPALO ALTO, Calif., Feb. 11, 2005
HP today announced the availability of new software designed to quickly control the spread of viruses across corporate networks and reduce the damage they cause during an attack.
HP also announced that HP Labs, the company's central research facility, has begun collaborating with two prominent partners to test new damage-containment security software aimed at simply and effectively preventing certain viruses from corrupting entire systems.
The increasingly malicious nature of today's worms and viruses, and the rapid rate at which they spread across networks, makes it difficult for IT administrators to react quickly enough to limit the damage that an attack may cause to corporate systems. HP Virus Throttle software addresses this problem by helping businesses detect, contain and slow the rate at which an attack spreads inside the core of the IT infrastructure.
Originally developed in HP Labs, the software is now available for HP ProLiant servers in a special pack and for ProCurve Networking by HP 5300 switches.
In addition, the HP Security Containment suite, which helps applications compromised by an attack deter unauthorized access to other applications or files, is now available for the HP-UX 11i v2 operating system.
All these technologies, which are part of HP's efforts to continually improve the level of built-in security across its product portfolio, will be demonstrated at booth 622 at the RSA Conference 2005, Feb. 14-18 in San Francisco.
"If IT systems were 'intelligent' enough to automatically detect and shut down attacks before they spread, administrators would spend less time and money trying to catch up," said Tony Redmond, vice president and chief technology officer, HP Security Office and HP Services. "At HP, we're focusing our security research and development and working with our industry partners to come up with new solutions to make IT infrastructures more intelligent and help our customers address their biggest IT security challenges."
HP security technologies enable the Adaptive Enterprise strategy, designed to help customers synchronize business and IT to capitalize on change. With these solutions, HP is trying to help keep businesses up and going in the face of IT security threats and compliance and identity management challenges, so businesses can spend less time on IT maintenance and more time on innovation.
Virus Throttle Software - A new approach to virus protection
HP Virus Throttle software takes a non-traditional approach to virus protection. Traditional virus scanning products - which often rely on existing virus signatures provided by third parties - can be ineffective at protecting against new viruses, which can spread in a matter of seconds.
In contrast, Virus Throttle detects abnormal, virus-like behavior and slows down the number of different connections an infected machine can make until an administrator can determine if the problem is viral in nature and take further action.
Virus Throttle monitors network connection requests and detects abnormal activity of the type typically exhibited by a worm or virus that is attempting to propagate itself within a network. The faster a virus tries to spread itself, the faster Virus Throttle reacts - and it reacts automatically, typically in milliseconds, without waiting for human attention.
Virus Throttle is designed to run without interference to normal system or networking operation and only affects the viral process while all normal traffic continues unimpeded. Once a worm or virus is detected, Virus Throttle inhibits it from making network connections and thus chokes off its ability to propagate. Virus Throttle flags the presence of the worm or virus to the system administrator, who can then take the appropriate action to remove it from the system.
Virus Throttle software is now available on industry-standard HP ProLiant servers and the HP BladeSystem architecture via an enhanced ProLiant Essentials Intelligent Networking Pack. The pack provides an extra layer of protection against virus attacks when an attack is not detected by a firewall or anti-virus software. With an estimated U.S. street price of $149,(1) the ProLiant Essentials Intelligent Networking Pack also includes advanced teaming features for improved network performance and availability. More information is available at http://www.hp.com/servers/proliantessentials/inp.
ProCurve Networking by HP has enhanced its flagship 5300 switches with Virus Throttle software. The ProCurve solution detects virus-like activity as traffic is routed through a network switch. The infected system is throttled back to a point where the virus is slowed substantially. At the same time, the network administrator is notified of the attack and can use ProCurve Manager Plus to completely shut down the affected switch port.
The ProCurve Switch 5300 is typically deployed at the edge of the network where users and devices connect to the network. The solution further extends the security framework of the ProCurve Adaptive EDGE Architecture. The Virus Throttle solution is offered as a free software download for customers who currently own or purchase the ProCurve Switch 5300xl and ProCurve Manager Plus. More information is available at http://www.procurve.com.
Security Containment for HP-UX 11i v2
HP Security Containment for HP-UX 11i v2 is a suite of security technologies designed to improve customer value while lowering the cost of IT infrastructures. HP has incorporated these enhanced security features into the mainstream HP-UX 11i v2 operating environment to help businesses combat the increasingly complex threats of attackers. With Security Containment, customers are assured that compromised applications will not be allowed unauthorized access to other applications or files on a system.
When Security Containment is combined with HP's virtualization continuum and workload management systems to form Secure Resource Partitions, customers can realize significant improvements in total cost of ownership by ensuring that unplanned downtime from security invasions is virtually eliminated.
Secure Resource Partitions provide a mechanism for stacking multiple applications within a single operating system image while ensuring security between dedicated resources for each application. More information is available at http://www.hp.com/go/securitycontainment.
New research from HP Labs
Today, typical applications have the same automatic access and privileges to other applications and parts of the computer system as does the user. This means that any one application that becomes infected can spread a virus throughout a system and damage unrelated programs and information. Even commonly used programs such as solitaire games could infect a computer system.
Experimental HP Labs software now in development addresses this problem by providing an easy-to-use mechanism for Windows® XP users. HP scientists are working to configure applications so they automatically launch in a restricted environment and have only the permissions they need to perform their primary purposes. In other words, the applications are given the least authority they need to operate and are prohibited from accessing files they don't need. However, this limit does not affect the applications' usability.
Early research has shown that the HP software simply and effectively limits the damage an infected application can do, preventing certain viruses from corrupting entire systems. HP Labs is conducting trials of the new software as part of the Critical Infrastructure Protection Project within the School of Public Policy at George Mason University and with the U.S. Navy's Fleet Numerical Meteorology and Oceanography Center.
"George Mason University is very pleased to be actively involved in this research effort as this software has the potential to drastically reduce the damage from viruses and spyware," said Alan G. Merten, president, George Mason University.
"At Fleet Numerical, we are evaluating HP's software for possible integration into a local project which is designed to provide a solution for zero-day malicious computer attacks. The software is being run locally on several PCs as a test bed," said Lieutenant Dean Moran, Exploratory Projects Division, Future Readiness Branch, Fleet Numerical Meteorology and Oceanography Center.
HP is a technology solutions provider to consumers, businesses and institutions globally. The company's offerings span IT infrastructure, global services, business and home computing, and imaging and printing. For the four fiscal quarters ended Oct. 31, 2004, HP revenue totaled $79.9 billion. More information about HP (NYSE, Nasdaq: HPQ) is available at http://www.hp.com.
(1) Actual prices may vary.
Windows is a U.S. registered trademark of Microsoft Corporation.
This news release contains forward-looking statements that involve risks and uncertainties, as well as assumptions that, if they ever materialize or prove incorrect, could cause the results of HP and its consolidated subsidiaries to differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including the expected development, performance or rankings of products or services; statements of expectation or belief; and any statement of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the development, performance and market acceptance of products and services and other risks that are described from time to time in HP's Securities and Exchange Commission reports, including but not limited to HP's Annual Report on Form 10-K for the fiscal year ended Oct. 31, 2004. HP assumes no obligation and does not intend to update these forward-looking statements.