Microsoft unveiled details of its Strider HoneyMonkey research, a project that sniffs out sites hosting malicious code, and hands the information to other parts of the company for patching or legal action. The technical report (pdf) outlines the concept of cruising the Web with multiple automated Windows XP clients - some unpatched, some partially patched, some patched completely - to hunt for Web sites that exploit browser vulnerabilities.
Post a Comment
Member since:
---
Member since:---
Member since:2005-07-11
Please keep your zealotry in your parents basement where it belongs. The article is discussing a legitimate academic report (which is even linked in the synopsis above). This project presents an interesting approach to finding malicious sites on the Internet. Rather than wait to hear of wide-spread infection, HoneyMonkey takes an active approach and seeks out the sites that are thought to be installing malware. This allows them to (a) confirm the threat and (b) get a "sample" machine which can be catalogued and analyzed for creating a fix. Furthermore, as the article pointed out, having these machines browse the net also prove that patching has a quantifiable effect on mitigating infection, which Microsoft can use as an indication of progress as well as a way to demonstrate to businesses the value of installing patches ASAP upon release. To say this is a stunt or a crutch for poor quality coding is naive.
Member since:2005-07-07
Member since:---
you don't seem to get it...
hand a steak to a wild tiger and you're going to get your hand bitten off.
malicious code is to blame for being in existence yes, but MS has done little to secure their flagship products because they can't. instead, they blame others to draw attention away from their horrible developers and business tactics.
if you do something wrong, stand up and admit it, then do whatever you need to fix it.
basic character 101.
it's what you do with you life and how it affects others that you will be measured.
Member since:---
Member since:---
Member since:2005-07-06
Let's see, complete code review of Windows gives us Windows 2003 and IIS6, which was/is such a giant leap from 2000.
.NET API
XPSP2
Microsoft actually spending time on getting Vista right.
Most everything that still has problems, security wise, hasn't had a re-release since the focus shift!
Member since:
---
Member since:2005-07-06
Member since:---
Yes, they pay as little as possible to the people in India who they outsource to.
Besides, fixing the problems after they occur is no real solution. If they took a more proactive approach to security from the ground up, there wouldn't be so many holes to patch in the first place.
Member since:2005-08-10
Kind of off-topic, but I was one of the many people who were foolishly lead to believe that much if not all of the core apps etc. in Longhorn were going to be re-written using managed code.
Of course, that's not turned out to be the case, but thankfully a large portion on the new code in Vista is managed.
Any of the vulnerabilities I see related to anything .NET have been in code that .NET merely wraps around instead of replacing. I guess it was too much to hope for that WinFX would have had no reliance what-so-ever on the aging Win32 code, but like all things, it's evolutionary, and we won't see a completely managed (and much more safely coded) version of Windows for a few revisions yet.
Regardless, they are still slowly making progress in the security arena, but like most software, not so quickly as we require.
Member since:2005-07-06
Member since:
---
M$ should be happy to find malicious site triggering new attack in their browser or code: it is a way to force code to improve faster. The joe six pack wont encounter 99% of common vulnerabilities by doing so.
But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.
add to this that I am convinced that they wont patched all securities problems...too much money involved and loss of possible image.
a proud user of suse since 2 years...
www.waltercedric.com
Member since:2005-07-07
But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.
Just like the others who are spamming through open proxies and SMTP relays or running the latest phishing scam?
A lack of reporting and responsible action allows the problems to continue in perpetuity, whether it's a worm infected user or malicious websites.
Member since:2005-07-07
But shutting down a hacker with legal action is a nonsense, since there is for sure 10 others which are doing the same at the same time.
So what? Whether others are doing the same thing at the same time has no bearing on whether that particular hacker is doing it. Would you also say that the police shouldn't ticket someone for running a stop sign in a residential neighborhood just because others do it too?
Member since:
---
Member since:
2005-07-06
Is there somewhat of a double standard among the linux community..... yeah
Is there somewhat of a double standard among the Windows community..... yeah
However, I beg to differ on this one..... if a linux distro did this they would be b!@#$ slapped to the other side of the moon for this idiocy, especially since the vast majoirty of malitious sites don't even apply to Linux.
in fact.... I'de be the first in line to smack em.
Member since:
2005-07-06
Member since:
---
Member since:
---
Member since:
2005-07-12
Member since:2005-07-26
Despite your attempt to generate an emotional response by the confrontational tone of your first sentence, your post does ask a valid question.
However, what makes you think that coders aren't looking for bugs/exploits? The same method that Microsoft is using isn't practical for a Linux system, as these types of web/browser exploits aren't really there. The biggest problem would be the typical buffer overrun types of coding errors that allow code execution, or rootkits. These things are best worked on by looking at the code (no one outside of Microsoft's programmers can work with Microsoft's code) and finding errors the old-fashioned way. And, being 100% open, the source can be looked at the various hobbyists around the globe.
This is one example where "doing the same" as Microsoft would be pointless and less efficient than regular debugging. And, this method seems to be working, as it is being shown that the defects are being reduced, even as the code base grows.
http://www.internetnews.com/dev-news/article.php/3524911
Member since:
2005-07-08
I'd love to work somewhere with a bloated IT workforce rather than be understaffed, and chasing fires caused by the latest XP exploit. I imagine I cold actually get some *work* done if the IT workforce was bloated! Sign me up for bloated IT workforce, stat!
WTF does outsourcing have to do with industry "bloat?" Outsourcing is despicable, short-sighted, and irresponsible, but it doesn't make things bloated.
Member since:
2005-07-09
There is no shortage of infected windows machines. Millions of idiots find malicious web sites every day. Their reach far out stretches their grasp on this one, the problem is not that people are using the exploits, the problem is people are using their POS leaky browser. A publicity stunt to make people feel like they are pro active is not real impressive, sorry. A bulletproof browser and secure os, now that would be impressive.
Member since:
---
