Page All:
Page 1
The way the software works is when it detects a process that is trying to access many different port at once (normal virus type activity), it slows the process down until it cuts it off. This gives the admin much more time to control a virus attack. This technique should work for new viruses as well.
The way the software works is when it detects a process that is trying to access many different port at once (normal virus type activity), it slows the process down until it cuts it off. This gives the admin much more time to control a virus attack. This technique should work for new viruses as well.
Quote
The program can distinguish between regular server process behavior and viruses to detect an attack. "A rogue process such as a worm or virus tends to be making the same type of connection at a much more frequent pace," Redmond said. "If a process probes a particular socket on 1,000 systems a minute, what can you conclude? It's probably not a user or (a legitimate) server process."