Startup aims at destroying botnets

By Justin Mann on February 4, 2008, 8:05 PM
Botnets are a huge problem for the Internet as a whole. With millions of infected machines prepared to attack sites at any given moment, it is both difficult to find and bring down the leaders of these botnets. Perhaps one of the most challenging problems in doing so is that most of the computers infected have owners who are blissfully unaware their machines are being used in such a manner.

A new startup called Nemean Networks wants to attack the problem head on with a device that aims to help curb the botnet problem by preventing machines from getting infected in the first place. A fine goal, perhaps, but most security suites have that goal in mind anyway. The selling point that Nemean offers is automated generation of signatures, doing away with the tried and true practice of creating malware signatures manually. Their appliance creates signatures on the fly, and according to them is nearly immune to generate false positives something nobody likes.

The product is aimed at administrators, people in control of larger networks, and is intended to warn them while still leaving it to them to stop it. The technology sounds interesting, and does ring one very true note. Manual detection of malware is an aging beast, and a more fluid process seems to be the only hope for a problem that just keeps getting bigger.

User Comments: 2

Got something to say? Post a comment
phantasm66 said:
That's absolutely fascinating.But the chances of everyone in the world buying one of these devices and using it with their machines is almost nil.People don't even bother patching their machines - that's why there's botnets and worms and all that sort of stuff in the first place. The chances of them moving from this behavior to suddenly using a device like this... come on now, how well do you know users? Users are not technicians, developers, or security consultants, you know. They are lazy and ignorant and in the dark about the big issues like botnets. Ask someone on the street what the hell a botnet is and you'll get a puzzled look.Additionally, botnets generate A LOT of revenue due to their use as spam distribution systems. I don't think for one minute the very clever people who engineer and administer these things are about to let that stop, and will find a way to hack these devices so that the botware still operates.
phantasm66 said:
[quote]The product is aimed at administrators, people in control of larger networks, and is intended to warn them while still leaving it to them to stop it.[/quote]Most bots are on folks machines who have them at home. They've got some unpatched Windows box connected directly to the net with no NAT router. They don't have network savvy administrators there to detect whether botware is installed or not. And in any case these things use rootkit technology anyway.The idea is a nice notion - but not very well thought out on a practical level I think.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.