Like the antivirus struggle against malicious code writers, good defenses seem to push rogue hackers to even greater hacks. For example, when hackers began using port scanners to look for security holes, defense vendors fought back by writing programs that detected port scanners and blocked them. The detector would look for port probes originating from a common address starting at a certain port number and methodically progressing. In response, hackers developed port probes that changed their origination address and randomly picked ports at random intervals. So no matter what the defense, malicious hackers will always be pushing the envelope and require that our defense plans and mechanisms be constantly updated.

A common dream of security vendors is an autoimmune system for computers. Talked about for decades, a self-healing digital immune system would detect an attack or successful exploit, and then fix the damage without involving the network administrator. Windows 2000 and ME have some of those capabilities now with System File Protection and Windows File Protection. It’s a first step. Defense vendors want to extend those types of abilities to all operating systems and applications, and eventually to the whole network.

As you may imagine, this type of defense would take an unparalleled amount of cooperation between vendors and a whole slew of new APIs. It would take a large amount of computing power to learn to recognize unknown exploits and intruders, and even more ...