What is this?
A new anti-worm prevention technology that was developed by Penn State researchers, that work without updated signatures to seize and stop worms. This technology is called as Proactive Worm Containment (PWC)
Why is this exceptional?
This system is very unique and very sensible. It is way better than the present generation anti-worm prevention technologies that rely seriously on signatures for recognition of wicked software. More or less every new worm will need a new set of signatures, for the antivirus to spot them(The signatures contain descriptions of all the malicious programs, threats, and network attacks known to date and methods for neutralizing them).If a up-to-the-minute worm infects a network or system the security tools in it needs to be updated to its most recent definitions, in the case of a Virus outbreak it will become ineffective as it needs new signatures, most of the time the worm put a stop to the access of the antivirus vendor’s server.
How does this work?
This software will look for abnormality in the rate and diversity of connection requests going out of the hosts. When a host with a high rate is acknowledged, then PWC quarantines that host so that no packets with the worm code can be sent out. This prevents the distribution of the worm.
Is this perfect?
No, 99.99% of technology used in the security industry isn’t either. This one is very practical so it will work more successfully than traditional signature based scanners in fighting new worms.
- PWC can quickly clear any erroneously blocked hosts
- The PWC software can be incorporated effortlessly with existing signature-based worm filtering systems
What are its defects?
A few dozen packets will be missed by PWC before it can quarantine the attack. The Slammer worm, which attacked Microsoft SQL Server, on average, sent out 4,000 infected packets every second. It may miss slow-spreading worms. But existing technologies already can pick those up.