Patching Strategies to Stop Worms - Interesting Article

Discussion in 'Security Software' started by jwgoerlich, Sep 14, 2007.

  1. jwgoerlich

    jwgoerlich Guest

    Interesting take on patching strategies ...

    "Chayes' research suggests that a worm may mutate so quickly that
    contact tracing can't contain the infection. Therefore, she says,
    administrators should first patch the most highly connected systems,
    without regard to their proximity to other infected computers."

    "Chayes distributed patches to the nodes with the largest numbers of
    connections, regardless of whether the nodes connecting to them were
    themselves infected. That method brought the infestation under control
    with far fewer patches than the initial strategy had required."

    "For many kinds of networks, no other strategy could do significantly
    better, she showed."

    Squashing Worms: Mutating computer worms evade treatment
    jwgoerlich, Sep 14, 2007
  2. Mathematically speaking that makes sense for mathematical
    networks (graphs). For IP type networks I am not so sure, as
    the use of multihomed devices joining otherwise disconnected
    is not all that significant compared to the number of potential
    "nodes" connected to each interface.

    Roger Abell [MVP], Sep 14, 2007
