Linked by Thom Holwerda on Wed 10th Aug 2005 18:51 UTC, submitted by Not_Today
Privacy, Security, Encryption Microsoft unveiled details of its Strider HoneyMonkey research, a project that sniffs out sites hosting malicious code, and hands the information to other parts of the company for patching or legal action. The technical report (pdf) outlines the concept of cruising the Web with multiple automated Windows XP clients - some unpatched, some partially patched, some patched completely - to hunt for Web sites that exploit browser vulnerabilities.
Thread beginning with comment 16655
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Bass Ackwards Security Approach
by CPUGuy on Wed 10th Aug 2005 20:59 UTC in reply to "Bass Ackwards Security Approach"
CPUGuy
Member since:
2005-07-06

Except they also pay people to fix the problems in the browser....

I hate to be rude, but don't be a jackass.

Reply Parent Score: 1

Member since:

Yes, they pay as little as possible to the people in India who they outsource to.

Besides, fixing the problems after they occur is no real solution. If they took a more proactive approach to security from the ground up, there wouldn't be so many holes to patch in the first place.

Reply Parent Score: 0

Lazarus Member since:
2005-08-10

Kind of off-topic, but I was one of the many people who were foolishly lead to believe that much if not all of the core apps etc. in Longhorn were going to be re-written using managed code.

Of course, that's not turned out to be the case, but thankfully a large portion on the new code in Vista is managed.

Any of the vulnerabilities I see related to anything .NET have been in code that .NET merely wraps around instead of replacing. I guess it was too much to hope for that WinFX would have had no reliance what-so-ever on the aging Win32 code, but like all things, it's evolutionary, and we won't see a completely managed (and much more safely coded) version of Windows for a few revisions yet.

Regardless, they are still slowly making progress in the security arena, but like most software, not so quickly as we require.

Reply Parent Score: 1