Network inoculation: antivirus shield would outrace cyber infections.

immu·ni·zation (-n itself against the virus.

If the new method proves practical, it could give rise to network-based mechanisms-perhaps covering the entire Internet--for containing viruses, says codeveloper Eran Eran (ĭr`ăn), in the Bible, grandson of Ephraim. Shir of Tel Aviv University in Ramat Aviv. Those mechanisms might replace today's ponderous practice of keeping equipment safe by regularly downloading antivirus software.

"This is a great and very innovative proposal that has the potential to change our computer-virus-fighting strategies" comments network specialist Albert-Laszlo Barabaisi of Harvard University and the University of Notre Dame in Indiana.

In the new scheme, proposed in the December Nature Physics, network designers would scatter "honeypots A server that is set up to trick an intruder. Located either outside or inside the firewall, it is designed to let crackers think they are in a production machine. The applications running in the honeypot are set up similar to a normal server except that the data being processed is phony.

The honeypot is used to detect intruder's techniques as well as determine what may be vulnerable in the configuration of servers that are performing valid work." throughout a network. These are computers secretly armed with software that can trap and identify new viruses, then rapidly generate and broadcast the means to lock out the intruders. The protective message would fan out among the computers on links that only the antiviral mechanism could use.

According to simulations by the Israeli team, severely limiting the virus' spread in a network would require relatively few honeypots. For instance, in a simulated 200,000-computer network with one honeypot for every 250 computers, the virus would infect less than 1 percent of the computers, Shir says. Moreover, he notes, the larger the model network, the smaller the proportion of computers that the virus could overrun.

The idea of self-immunizing networks isn't new, says physicist Jeffrey O. Kephart of IBM T.J. Watson Research Center in Yorktown Heights, N.Y. Starting in the 1990s, he and his colleagues have developed self-protective network architectures and software. Those fully automatic setups capture and analyze a virus and generate an antidote to it within minutes.

What's most innovative about the honeypot scheme, Kephart says, is the shadow network that would transmit the immunizing messages. Those extra links could be as simple as a set of special e-mail addresses. They would enable the epidemic of immunization messages to take place "behind enemy lines," Shir says, and thereby gain the upper hand.

"I really think this paper is highly valuable," says Alessandro Vespignani of Indiana University in Bloomington. By introducing the idea of manipulating the network topology to improve antiviral response, "it's opening a different way of thinking," he says.

Could hackers commandeer the shadow network? Shir says that protective technologies already available, such as encryption methods widely used for financial transactions on the Web, make that unlikely.

Still, says Dietrich Stauffer of the University of Cologne in Germany, "past experience shows ... that new defenses can be broken by new weapons. I expect [the new technique] to help, but not to solve, the problem of viruses."