Linked by Thom Holwerda on Wed 10th Aug 2005 18:51 UTC, submitted by Not_Today
Privacy, Security, Encryption Microsoft unveiled details of its Strider HoneyMonkey research, a project that sniffs out sites hosting malicious code, and hands the information to other parts of the company for patching or legal action. The technical report (pdf) outlines the concept of cruising the Web with multiple automated Windows XP clients - some unpatched, some partially patched, some patched completely - to hunt for Web sites that exploit browser vulnerabilities.
Order by: Score:
Cool
by Anonymous on Wed 10th Aug 2005 19:19 UTC
Anonymous
Member since:
---

Very cool idea. How about also fixing known vulnerabilities (see secunia.com)?

Reply Score: 0

RE: Cool
by Anonymous on Wed 10th Aug 2005 19:43 UTC in reply to "Cool"
Anonymous Member since:
---

Well first of all secunia doesn't tell new vunerabilities in system like HoneyMonkey is planned to do. Secondly some of Secunia's warnings are pure shit. I think they too much for publicity and that's why they keep list of stuff that aren't really security problems.

Reply Score: 0

v RE: Cool
by Anonymous on Wed 10th Aug 2005 19:52 UTC
RE[2]: Cool
by Bryan on Wed 10th Aug 2005 21:43 UTC in reply to "RE: Cool"
Bryan Member since:
2005-07-11

Please keep your zealotry in your parents basement where it belongs. The article is discussing a legitimate academic report (which is even linked in the synopsis above). This project presents an interesting approach to finding malicious sites on the Internet. Rather than wait to hear of wide-spread infection, HoneyMonkey takes an active approach and seeks out the sites that are thought to be installing malware. This allows them to (a) confirm the threat and (b) get a "sample" machine which can be catalogued and analyzed for creating a fix. Furthermore, as the article pointed out, having these machines browse the net also prove that patching has a quantifiable effect on mitigating infection, which Microsoft can use as an indication of progress as well as a way to demonstrate to businesses the value of installing patches ASAP upon release. To say this is a stunt or a crutch for poor quality coding is naive.

Reply Score: 5

v RE: CoOl
by Anonymous on Wed 10th Aug 2005 20:00 UTC
v bugs bugs bugs bugs
by Anonymous on Wed 10th Aug 2005 20:05 UTC
v typical ms politics
by Anonymous on Wed 10th Aug 2005 20:50 UTC
RE: typical ms politics
by Night on Wed 10th Aug 2005 23:33 UTC in reply to "typical ms politics"
Night Member since:
2005-07-07

There's plenty of blame to spread around. People who are maliciously exploiting systems deserve the majority.

Reply Score: 1

RE[2]: typical ms politics
by Anonymous on Thu 11th Aug 2005 05:34 UTC in reply to "RE: typical ms politics"
Anonymous Member since:
---

you don't seem to get it...

hand a steak to a wild tiger and you're going to get your hand bitten off.

malicious code is to blame for being in existence yes, but MS has done little to secure their flagship products because they can't. instead, they blame others to draw attention away from their horrible developers and business tactics.

if you do something wrong, stand up and admit it, then do whatever you need to fix it.

basic character 101.

it's what you do with you life and how it affects others that you will be measured.

Reply Score: 0

RE[3]: typical ms politics
by Anonymous on Thu 11th Aug 2005 17:39 UTC in reply to "RE[2]: typical ms politics"
Anonymous Member since:
---

How about you take Basic Reading 101 and read up on what has been happening over the last 4 years.

Reply Score: 0

RE[4]: typical ms politics
by Anonymous on Fri 12th Aug 2005 02:12 UTC in reply to "RE[3]: typical ms politics"
Anonymous Member since:
---

"How about you take Basic Reading 101 and read up on what has been happening over the last 4 years."

go ahead...

explain the last 4 years.

Reply Score: 0

RE[5]: typical ms politics
by CPUGuy on Fri 12th Aug 2005 05:18 UTC in reply to "RE[4]: typical ms politics"
CPUGuy Member since:
2005-07-06

Let's see, complete code review of Windows gives us Windows 2003 and IIS6, which was/is such a giant leap from 2000.
.NET API
XPSP2
Microsoft actually spending time on getting Vista right.
Most everything that still has problems, security wise, hasn't had a re-release since the focus shift!

Reply Score: 1

Bass Ackwards Security Approach
by Anonymous on Wed 10th Aug 2005 20:52 UTC
Anonymous
Member since:
---

Uhhh... so instead of fixing browser vulnerabilities, they try to get rid of sites that pose a threat to their browser?

Well, I guess it's cheaper to pay a few people to do that instead of paying several people to actually fix the code.

Reply Score: 0

RE: Bass Ackwards Security Approach
by CPUGuy on Wed 10th Aug 2005 20:59 UTC in reply to "Bass Ackwards Security Approach"
CPUGuy Member since:
2005-07-06

Except they also pay people to fix the problems in the browser....

I hate to be rude, but don't be a jackass.

Reply Score: 1

Anonymous Member since:
---

Yes, they pay as little as possible to the people in India who they outsource to.

Besides, fixing the problems after they occur is no real solution. If they took a more proactive approach to security from the ground up, there wouldn't be so many holes to patch in the first place.

Reply Score: 0

Lazarus Member since:
2005-08-10

Kind of off-topic, but I was one of the many people who were foolishly lead to believe that much if not all of the core apps etc. in Longhorn were going to be re-written using managed code.

Of course, that's not turned out to be the case, but thankfully a large portion on the new code in Vista is managed.

Any of the vulnerabilities I see related to anything .NET have been in code that .NET merely wraps around instead of replacing. I guess it was too much to hope for that WinFX would have had no reliance what-so-ever on the aging Win32 code, but like all things, it's evolutionary, and we won't see a completely managed (and much more safely coded) version of Windows for a few revisions yet.

Regardless, they are still slowly making progress in the security arena, but like most software, not so quickly as we require.

Reply Score: 1

RE: Bass Ackwards Security Approach
by BrianH on Wed 10th Aug 2005 21:13 UTC in reply to "Bass Ackwards Security Approach"
BrianH Member since:
2005-07-06

And how do you expect them to find out what the browser vulnerabilities that they should be fixing are? They do it by determining what the malicious sites are doing.

If MS knew ahead of time what the problems were, they would have fixed them already.

Reply Score: 1

v Um...
by zombie process on Wed 10th Aug 2005 21:05 UTC
v RE: Um...
by Anonymous on Thu 11th Aug 2005 01:03 UTC in reply to "Um..."
legal actions?
by Anonymous on Wed 10th Aug 2005 21:16 UTC
Anonymous
Member since:
---

M$ should be happy to find malicious site triggering new attack in their browser or code: it is a way to force code to improve faster. The joe six pack wont encounter 99% of common vulnerabilities by doing so.

But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.

add to this that I am convinced that they wont patched all securities problems...too much money involved and loss of possible image.

a proud user of suse since 2 years...
www.waltercedric.com

Reply Score: 0

RE: legal actions?
by Night on Wed 10th Aug 2005 23:39 UTC in reply to "legal actions?"
Night Member since:
2005-07-07

But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.

Just like the others who are spamming through open proxies and SMTP relays or running the latest phishing scam?

A lack of reporting and responsible action allows the problems to continue in perpetuity, whether it's a worm infected user or malicious websites.

Reply Score: 1

RE: legal actions?
by bkavanaugh on Thu 11th Aug 2005 17:57 UTC in reply to "legal actions?"
bkavanaugh Member since:
2005-07-07

But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.

So what? Whether others are doing the same thing at the same time has no bearing on whether that particular hacker is doing it. Would you also say that the police shouldn't ticket someone for running a stop sign in a residential neighborhood just because others do it too?

Reply Score: 1

RE: Bryan
by Anonymous on Wed 10th Aug 2005 22:19 UTC
Anonymous
Member since:
---

To say this is a stunt or a crutch for poor quality coding is naive.
---------

Dont worry. If a major Linux distro did the same thing it would heralded as a great and ingenious idea. Gotta remember the double standards.

Reply Score: 2

RE: RE: Bryan
by re_re on Wed 10th Aug 2005 22:45 UTC
re_re
Member since:
2005-07-06

Is there somewhat of a double standard among the linux community..... yeah

Is there somewhat of a double standard among the Windows community..... yeah

However, I beg to differ on this one..... if a linux distro did this they would be b!@#$ slapped to the other side of the moon for this idiocy, especially since the vast majoirty of malitious sites don't even apply to Linux.

in fact.... I'de be the first in line to smack em.

Reply Score: 1

any excuse to spy on others
by pravda on Wed 10th Aug 2005 23:02 UTC
pravda
Member since:
2005-07-06

This scheme is just a sham to give Microsoft some appearance of legitimacy as their spy on your Windows machine.

These fuckers never stop.

Reply Score: 0

Monkeys Gotta Work Too
by Anonymous on Thu 11th Aug 2005 00:56 UTC
Anonymous
Member since:
---

"Microsoft unveiled details of its Strider HoneyMonkey research"

So instead of opening the source so everyone can point out bugs, they're rewarding monkeys with honey for playing the game Strider for hundreds of hours?

Reply Score: 0

Good idea
by chris_dk on Thu 11th Aug 2005 07:19 UTC
chris_dk
Member since:
2005-07-12

This is a very good idea, whether you Linux zealots like it or not.

Linux distros should do the same.

Reply Score: 1

v RE: Good idea
by raver31 on Thu 11th Aug 2005 08:42 UTC in reply to "Good idea"
RE: Good idea
by markjensen on Thu 11th Aug 2005 13:50 UTC in reply to "Good idea"
markjensen Member since:
2005-07-26

Despite your attempt to generate an emotional response by the confrontational tone of your first sentence, your post does ask a valid question.

However, what makes you think that coders aren't looking for bugs/exploits? The same method that Microsoft is using isn't practical for a Linux system, as these types of web/browser exploits aren't really there. The biggest problem would be the typical buffer overrun types of coding errors that allow code execution, or rootkits. These things are best worked on by looking at the code (no one outside of Microsoft's programmers can work with Microsoft's code) and finding errors the old-fashioned way. And, being 100% open, the source can be looked at the various hobbyists around the globe.

This is one example where "doing the same" as Microsoft would be pointless and less efficient than regular debugging. And, this method seems to be working, as it is being shown that the defects are being reduced, even as the code base grows.
http://www.internetnews.com/dev-news/article.php/3524911

Reply Score: 1

RE: re:re:re Um...
by zombie process on Thu 11th Aug 2005 13:01 UTC
zombie process
Member since:
2005-07-08

I'd love to work somewhere with a bloated IT workforce rather than be understaffed, and chasing fires caused by the latest XP exploit. I imagine I cold actually get some *work* done if the IT workforce was bloated! Sign me up for bloated IT workforce, stat!

WTF does outsourcing have to do with industry "bloat?" Outsourcing is despicable, short-sighted, and irresponsible, but it doesn't make things bloated.

Reply Score: 1

What idea?
by Sphinx on Thu 11th Aug 2005 16:15 UTC
Sphinx
Member since:
2005-07-09

There is no shortage of infected windows machines. Millions of idiots find malicious web sites every day. Their reach far out stretches their grasp on this one, the problem is not that people are using the exploits, the problem is people are using their POS leaky browser. A publicity stunt to make people feel like they are pro active is not real impressive, sorry. A bulletproof browser and secure os, now that would be impressive.

Reply Score: 1

wot political system
by Anonymous on Thu 11th Aug 2005 17:02 UTC
Anonymous
Member since:
---

what political system
what company??

tied the browser so deeply into the os?

Reply Score: 0