Using this biological analogy, Cenzic, a US-based company, wants to inject computer networks with randomly generated malicious code in order to build the necessary defenses before the next Nimda-like worm strikes.
Sound crazy? Maybe. But then again, maybe not. The idea behind immunizing computer networks to viral threats--known as fault injection--has been around for years. Before releasing software to the public, software vendors often use their products incorrectly to see if they will crash.
So, when Cenzic President and CEO Alan Henricks wondered how to improve network security technology in a way that hadn't been done before, he looked to fault injection. "Think of our product as quality assurance testing for security," said Henricks.
Cenzic's product is called Hailstorm. Yes, that is the same name that Microsoft uses for one of its initiatives, but it's just a coincidence. "We own the trademark on the name Hailstorm," said Henricks. "We've asked Microsoft not to use it," said Greg Hoglund, Cenzic's chief technical officer. "But Microsoft says it's an internal code name, and one used by the media. It's not a name on a shipping product, like Xbox."
Cenzic's Hailstorm essentially creates new code vulnerabilities on custom corporate networks. Regardless of which software you use or how you've configured it, it tries to emulate hacker attacks before they happen, so you can prepare your systems (and hopefully prevent damage) ahead of time.
How does Hailstorm ensure this cross-platform compatibility? By using its own generic rule base for a variety of common vulnerabilities. For example, Hailstorm employs generalised rules for buffer overruns--a widespread problem for many software products.
For a buffer overrun test, Hailstorm might force special characters into a nine-digit zip code field. If successful, the resulting buffer overrun could allow a malicious user to take control of the system, or crash it.
However, unlike other security products, Hailstorm doesn't offer solutions. Instead, it only reveals vulnerabilities. It's up to the customer's system administrators to learn from Cenzic's vulnerability reports and either contact their software vendor for a patch, or find other ways of mitigating the damage on the live system.
But this got me wondering. Couldn't all of Cenzic's reports create a rich database of potential vulnerabilities, one that could be mined by hackers? Fortunately, Hailstorm doesn't report back to a central reporting agency.
"Cenzic is not interested in sending out its own alerts," said Henricks. "We will inform vendors whenever we find something in our testing," added Hoglund. "But companies won't release their information." Also, most vulnerabilities found by Hailstorm are specific to custom software running on a particular network, so they wouldn't be applicable to other companies or individuals.
Clearly, Cenzic Hailstorm is not for home users, and is marketed toward financial services that run 24/7 and need to stay abreast of all potential dangers. Yet the idea is so logical that I could see a modified version of this technology trickling down onto desktops in a few years. If anything, it sounds like we're on our way to proactively fighting malicious code attacks.
Do you think immunising your computer to future viral attacks makes sense? Would you want to try it on your desktop? TalkBack below.
Good idea. A bit like getting a sniffle to prevent TB. Instead of actually doing any damage, this thing could just show itself when a flaw is found. If enough random "mutations" are tried in the right ways then this should stay ahead of the hackers. My only doubts lie in this industry's seeming inability to solve a problem once and for all, especially if there is profit to be made by doing it half-arsed. Call me cynical. :-)