I may be missing a crucial point here, but this sounds like all it is is running a modular malware scanner off of a server, and checking each computer on the network.<p>This seems to fall under a classic problem (well, maybe not classic, but I see it a lot): people see something in nature and assume it will work on a computer. Taking a look at the metaphors used in the article, it looks like these researchers may have fallen into the same trap.<p>Worms in the digital sense are nothing like worms in the natural sense. Digital worms propagate by attacking a computer, taking it over, and then using that computer to launch out its own attacks at as many other computers as it can. The only way it resembles a natural worm, is because both of them leave a clear, followable trail, as long as you know where to look. While the natural worm's trail is in the dirt, the digital worm's trail is through infected computers. They're hard to trace back to their source, but it may be possible.<p>Assuming I understand the concept of security "ants" correctly, it will only work until viruses catch on, at which point it will be even more susceptible to attacks than current generation virus scanning. What so many people fail to understand is that once a computer is infected with malware, you cannot trust anything it tells you. I can't stress that enough, an infected computer can very easily lie to you. So, what it looks like from the article, is (for instance) we have 3000 "ants" running off a server, which each check every computer for a specific symptom of running a virus. If the computer has that symptom, more and more ants are sent to that computer to find and disable it.<p>To give this another metaphor: lets say we have 3000 police officers, who patrol a neighborhood with several homes in it. We know from experience that there are criminals who break into homes, and use it for all sorts of nefarious purposes. In a particular home, someone has broken in and set up a Meth Lab. A police officer comes up, knocks on the door, and one of the criminals comes to the door. The following dialogue ensues:<p>Officer: Hi, I'm checking for illegal assault rifles today. Any chance you guys have any assault riffles in there?
Criminal: No.
Officer: Ok, Have a nice day.<p>The problem of running a virus scan off the network is similar to the problem an officers faces without a warrant. The network scanner cannot directly check the hard drive and processes running on a computer. It has to ask the computer to check those things, and then report back to the scanner, or, alternately ask the computer to make those resources available to it and check them itself. All the malware has to do is make the computer it has infected lie to the scanner, and its free. This is difficult, but possible when the scanner is on the local machine. When its on the network though, it doesn't stand a chance.