Linked by Thom Holwerda on Wed 10th Aug 2005 18:51 UTC, submitted by Not_Today
Privacy, Security, Encryption Microsoft unveiled details of its Strider HoneyMonkey research, a project that sniffs out sites hosting malicious code, and hands the information to other parts of the company for patching or legal action. The technical report (pdf) outlines the concept of cruising the Web with multiple automated Windows XP clients - some unpatched, some partially patched, some patched completely - to hunt for Web sites that exploit browser vulnerabilities.
Thread beginning with comment 16652
To read all comments associated with this story, please click here.
Bass Ackwards Security Approach
by on Wed 10th Aug 2005 20:52 UTC

Member since:

Uhhh... so instead of fixing browser vulnerabilities, they try to get rid of sites that pose a threat to their browser?

Well, I guess it's cheaper to pay a few people to do that instead of paying several people to actually fix the code.

Reply Score: 0

CPUGuy Member since:

Except they also pay people to fix the problems in the browser....

I hate to be rude, but don't be a jackass.

Reply Parent Score: 1

Member since:

Yes, they pay as little as possible to the people in India who they outsource to.

Besides, fixing the problems after they occur is no real solution. If they took a more proactive approach to security from the ground up, there wouldn't be so many holes to patch in the first place.

Reply Parent Score: 0

BrianH Member since:

And how do you expect them to find out what the browser vulnerabilities that they should be fixing are? They do it by determining what the malicious sites are doing.

If MS knew ahead of time what the problems were, they would have fixed them already.

Reply Parent Score: 1