Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • The problem with this approach seems to be one of having a central, trusted authority looking at your computer use trends. For credit cards this is your credit card company examining your credit transactions for strange usage trends. This is ok since, in the end, all your transactions have to go through the credit card company anyway. They're the obvious authority to be keeping an eye on your money. They're the one's lending you the money. They already have your transaction data. They have clear incen
    • I don't think the data comprising a valid behavior baseline needs to be rolled up to a central internet presence to be useful. I happily use MyNetWatchman on my gateway, an perl IDS which
      does just that, but I don't have real privacy problems sending Windows virus attack data to someone who might help do something about it. My desktop behavior is different.

      Lets look at the home user's desktop system. Emily checks email, sends a few a day, sometimes with photos, and surfs a bit. Emily does not run apps that scan for nearby IP addresses at a rate of hundreds of connections per second. Nor does she run outbound SMTP services, send lots of Windows Messaging messages, host FTP servers or run P2P apps. All these behaviors could be historically distinguished from normal ones without comparing them to a central source. No AI or big brother needed.

      One way to think of it is greylisting at the OS behavior level. This type of system will work differently for the lone user than it will in a huge company LAN (Okena's market), where rolling behavior up and doing metrics on aggregate behavior is no worse from a big brother perspective than what they're already doing for IDS and virus and spam fighting.

      As far as the legacy problem -- yep, that's a problem I don't know the answer to. I suspect liability issues or simple cost issues prevent ISPs from detecting and unplugging infected computers. But the cost of dealing with that problem is fixed, the cost of inaction continues to grow.