Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Microsofts "Honeymonkey" Project

Posted by samzenpus on Wed May 18, 2005 06:04 PM
from the how-could-this-go-wrong dept.
Security Microsoft
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
+ -
story

Related Stories

[+] MS Research Automates Search Engine Spam Hunt 68 comments
Barbie Dollar writes "Researchers at Microsoft are working on an ambitious new project to hunt down and neutralize large-scale search engine spammers. The project, called Strider Search Defender, automates the discovery of search spammers through non-content analysis. The project integrates technology from two previous Microsoft Research prototypes (Strider HoneyMonkey and Strider URL Tracer) and promises a new approach to removing junk results from search engine queries."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Microsofts "Honeymonkey" Project 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • secret name of the honeymonkeys (Score:5, Funny)

    by Hank Chinaski (257573) on Wednesday May 18 2005, @06:06PM (#12572028) Homepage
    they call these guys "customers" over in redmond ...

    • Re:secret name of the honeymonkeys (Score:5, Funny)

      by Tackhead (54550) on Wednesday May 18 2005, @06:28PM (#12572260)
      > they call these guys "customers" over in redmond ...

      No, those are developers. Developers. Developers. Developers. Developers. Developers. Developers.

    • Re:secret name of the honeymonkeys (Score:5, Funny)

      by Anonymous Coward on Wednesday May 18 2005, @06:38PM (#12572341)
      sigh...

      I like monkeys. The pet store was selling them for five cents a piece. I thought that odd since they were normally a couple thousand each. I decided not to look a gift horse in the mouth. I bought 200. I like monkeys.

      I took my 200 monkeys home. I have a big car. I let one drive. His name was Sigmund. He was retarded. In fact, none of them were really bright. They kept punching themselves in their genitals. I laughed. Then they punched my genitals. I stopped laughing.

      I herded them into my room. They didn't adapt very well to their new environment. They would screech, hurl themselves off of the couch at high speeds and slam into the wall. Although humorous at first, the spectacle lost its novelty halfway into its third hour.

      Two hours later I found out why all the monkeys were so inexpensive: they all died. No apparent reason. They all just sorta' dropped dead. Kinda' like when you buy a goldfish and it dies five hours later. Damn cheap monkeys.

      I didn't know what to do. There were 200 dead monkeys lying all over my room, on the bed, in the dresser, hanging from my bookcase. It looked like I had 200 throw rugs.

      I tried to flush one down the toilet. It didn't work. It got stuck. Then I had one dead, wet monkey and 199 dead, dry monkeys.

      I tried pretending that they were just stuffed animals. That worked for a while, that is until they began to decompose. It started to smell real bad.

      I had to pee but there was a dead monkey in the toilet and I didn't want to call the plumber. I was embarrassed.

      I tried to slow down the decomposition by freezing them. Unfortunately there was only enough room for two monkeys at a time so I had to change them every 30 seconds. I also had to eat all the food in the freezer so it didn't all go bad.

      I tried burning them. Little did I know my bed was flammable. I had to extinguish the fire.

      Then I had one dead, wet monkey in my toilet, two dead, frozen monkeys in my freezer, and 197 dead, charred monkeys in a pile on my bed. The odor wasn't improving.

      I became agitated at my inability to dispose of my monkeys and to use the bathroom. I severely beat one of my monkeys. I felt better.

      I tried throwing them way but the garbage man said that the city wasn't allowed to dispose of charred primates. I told him that I had a wet one. He couldn't take that one either. I didn't bother asking about the frozen ones.

      finally arrived at a solution. I gave them out as Christmas gifts. My friends didn't know quite what to say. They pretended that they like them but I could tell they were lying. Ingrates. So I punched them in the genitals.

      I like monkeys

  • Get ready for a ton of these (Score:5, Funny)

    by Anonymous Coward on Wednesday May 18 2005, @06:07PM (#12572038)
    *GENERIC JOKE ABOUT MONKEYS BEING IN CHARGE OF MS WINDOWS SECURITY*

    Just thought I'd head everyone off here...

    (lameness filter padding lameness filter padding lameness filter padding)
  • I always assumed Skynet was based off of Windows XP.

    • Nope (Score:5, Funny)

      by Mr. Underbridge (666784) on Wednesday May 18 2005, @07:19PM (#12572656)
      I always assumed Skynet was based off of Windows XP.

      It takes a Terminator to defeat Skynet. It takes a script kiddie and a buffer overflow to defeat Windows.

  • Warning: This Operation Has Side Effects (Score:5, Interesting)

    by Anonymous Coward on Wednesday May 18 2005, @06:08PM (#12572044)
    In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.

  • mmmmmm... honeymonkey (Score:5, Funny)

    by DaedalusLogic (449896) on Wednesday May 18 2005, @06:08PM (#12572045)
    Sounds delicious.

    But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.

  • Good idea (Score:5, Interesting)

    by X0563511 (793323) * <draeath.member@fsf@org> on Wednesday May 18 2005, @06:08PM (#12572052) Homepage Journal
    This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.

    • Re:Good idea (Score:5, Funny)

      by harrkev (623093) <kfmsd@nospaM.harrelsonfamily.org> on Wednesday May 18 2005, @06:16PM (#12572150) Homepage
      Sure. It sounds like a good idea -- until these boxes hit some warez and mp3 sites. Next thing you know, the BSA and MPAA are knocking on Microsoft's door. I wonder how many licenses for Windows and Office the BSA will force Microsoft to buy...

    • Re:Good idea (Score:5, Insightful)

      by st1d (218383) on Wednesday May 18 2005, @07:02PM (#12572494) Homepage
      This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.


      Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.

      • Re:Good idea (Score:5, Funny)

        by Skye16 (685048) on Wednesday May 18 2005, @08:11PM (#12573094)
        So script kiddie-ism is the next stage in my evolution?

        ...

        God I'm depressed now.
            • Well, you have a choice to make.

              You can go down the path of the Script Kiddie, Fandom, Techno-Fandom, Programmer, Uber-User or Hacker.

              Script Kiddie pretty much excludes being any good at the other paths, but the other paths do not necessarily exclude each other.

              Script Kiddie: A worthless waste of skin who considers themselves to be "better" in one way or another because they can download and run the utilities the found listed in their copy of "Hacking Exposed" and type in an obscure dialect of L33t 5p33

  • "bieng"? (Score:5, Funny)

    by Cheap Imitation (575717) on Wednesday May 18 2005, @06:08PM (#12572054)
    It looks like the monkeys aren't only working on Shakespeare...

  • New job posting at Microsoft (Score:5, Funny)

    by Absolut187 (816431) on Wednesday May 18 2005, @06:09PM (#12572061) Homepage
    These boxes are setup to crawl the seedier side of the web

    Help Wanted:
    Can you surf for porn at least 8 hours a day?
    Self-motivated, goal-oriented individual needed full-time.
    Pay commensurate with experience.

  • Isn't honeymonkey a dish in Africa?

  • Hmm sounds like a great idea (Score:2, Insightful)

    by Anonymous Coward
    Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.

    Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.

    • Re:Hmm sounds like a great idea (Score:4, Insightful)

      by vistic (556838) <(corbyz) (at) (gmail.com)> on Wednesday May 18 2005, @07:29PM (#12572752)
      More like queue the typical slashdot groupthink about how there's so much typical slashdot groupthink.

      In articles I tend to see just a small fraction of posts showing this supposed typical groupthink... and then a gigantic mass of posts from people who think they're observant and different and insightful for pointing out that it's going on.

  • I'm available... (Score:5, Funny)

    by kid_wonder (21480) <public@@@kscottklein...com> on Wednesday May 18 2005, @06:11PM (#12572084) Homepage
    ...crawl the seedier side of the web.

    I like to call it, "break time"

  • This group also did "ghostbuster" (Score:5, Informative)

    by nweaver (113078) on Wednesday May 18 2005, @06:12PM (#12572109) Homepage
    This group has done several impressive projects. Among them is the "Strider Ghostbuster" Rootkit Detector [microsoft.com].

    This is part of the general Strider Project [microsoft.com] in Microsoft Research. They do very good work.

  • I say (Score:5, Funny)

    by smitty_one_each (243267) * on Wednesday May 18 2005, @06:17PM (#12572157) Homepage Journal
    Put these honemonkeys on a network with a bunch of other computers running Firefox/greasemonkey, and let them fight it out.

  • So your saying... (Score:4, Funny)

    by denissmith (31123) on Wednesday May 18 2005, @06:19PM (#12572180)
    A roomful of monkeys wrote Windows XP? OK, I'll buy that.

  • Exploits on real vs. virtual XP boxen (Score:3, Interesting)

    by G4from128k (686170) on Wednesday May 18 2005, @06:20PM (#12572190)
    Virtual boxen will catch a wide array of exploits, but may miss some. For example, it sounds like they look for attempts to create executables on disk, so a RAM resident nasty might escape notice. Also, some exploits many only work on "real" machines such as those proposed for exploiting hyperthreading [slashdot.org].

    The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.

  • this news is BIG (Score:5, Funny)

    by muszek (882567) on Wednesday May 18 2005, @06:25PM (#12572227) Homepage
    Pre-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 weeks later someone discovers it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years, 6 months and 2 weeks to patch most computers.
    Post-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 days later monkeys report it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years 6 months and 2 days to patch most computers.

    nice PR move though.

  • how much thought went into this? (Score:5, Insightful)

    by ChipMonk (711367) on Wednesday May 18 2005, @06:27PM (#12572242)
    Two simple questions:

    1. Are these machines using non-Microsoft IP addresses for their 'net access?

    2. If not, how long until the worm authors take that into account?

  • Honeymonkey Blacklist (Score:4, Informative)

    by kjfitz (256432) on Wednesday May 18 2005, @06:31PM (#12572292) Homepage
    Seems like the simple counter measure is a "blacklist" of the honeymonkey servers. Granted the IP addresses of these PCs should be secure but A LOT of info leaks / is stolen / is hacked / is accidentally exposed.

  • Disappointing story (Score:5, Funny)

    by aslate (675607) <planetexpress&gmail,com> on Wednesday May 18 2005, @06:35PM (#12572326) Homepage
    I thought this article was going to say "So they've hired an entire team of moneys to get them to write the next Windows". Infact it's just a load of machines doing nothing. I prefered my idea, much more chance of shit-fights between the moneys.

  • It's a coverup (Score:5, Funny)

    by bman08 (239376) on Wednesday May 18 2005, @06:48PM (#12572399)
    Somebody at MS got caught surfing porn/warez and cooked up this 'honeymonkey' nonsense to cover his dirty buttocks.

  • sounds to me like they copied this guy (Score:3, Informative)

    by austad (22163) on Wednesday May 18 2005, @08:45PM (#12573363) Homepage
    Sounds to me like they copied this guy's idea:

    http://www.malwareblog.com [malwareblog.com]

    He's been doing this exact same thing for almost the past year. The site just went up a couple months ago, but he's been sending his findings to AV companies and some mailing lists for much longer. There's a lot of undiscovered stuff floating around out there.
  • I don't have to squint too hard before this honeymonkey project, "...which is little more than a network of virtual Windows XP boxes in various patch states", starts looking like the network I work on every day. Remove the word "virtual", call it the usermonkey project, and you're most of the way there.

  • You mean... (Score:3, Insightful)

    by Bun (34387) on Wednesday May 18 2005, @11:10PM (#12574323)
    ...they don't do something like this already? How does their security team do research, anyway?

  • MS - the security company (?) (Score:3, Insightful)

    by l3v1 (787564) on Thursday May 19 2005, @12:19AM (#12574718)
    Will the day come sometime in the future, when MS will be a security company ? Maybe. The strange thing is, they are looking for ways (like the av and antispy sw acquisitions) to defend a basically unsecure os, and not for ways to make the os itself more secure. My foremost problem with this is, that I don't feel optimistic enough to trust in security questions a company with almost none security-related success stories in their past. But, no doubt, there are many of such optimistic people out there. In the meantime, all their honeys can crawl my home debian for free, given they most certainly will not be able to crawl my work windows boxes.

    • Did the sun rise from the West?
      Sort of.

      A good idea from the MS guys is a really rare thing.
      And as such, it is certainly worth the praise.
      • A good idea from the MS guys is a really rare thing.
        And as such, it is certainly worth the praise.

        No its not, from a company that has a 50 billion dollar warchest and can afford to hire the best and brightest, you should expect only good ideas.
        • Yeah, and everybody should hold hands around a campfire and sing Kum-bay-yah too, but the real world tends to be a little different.
              • microsoft deciding to do somethign "good" is just an percieved impression. Setting up a system of honey pots is a good thing. Using it to find security flaws and then fix them is a "good" thing. If MS is trying to do somethign that happens to be "good" they are doing a "good" thing.

                Doing a good thign doesn't address the reasoning behind why they are doing. It isn't like my statment was implying microsoft was being a good citizen on purpose or anytjhing. They are just doing somethign that i as well as othe

    • Re:Sounds stupid (Score:5, Insightful)

      by LurkerXXX (667952) on Wednesday May 18 2005, @06:31PM (#12572288)
      Maybe some of their non-critical patches actually fix an unknown exploitable hole. They might want to change the status of those fixes from optional to critical.
    • Newer patch states may conceal still-present older bugs. I.E. the SP2 firewall may stop someone from exploiting a long-unnoticed remote vulnerability... until the attacker comes across a machine with the firewall turned off.
    • why aren't they just focusing on the most up-to-date patched versions of their various products? Anyone running an unpatched windows box is insane...

      Maybe because they're trying to simulate the real world?

    • Re:A good idea (Score:5, Insightful)

      by penix1 (722987) on Wednesday May 18 2005, @07:48PM (#12572911) Homepage
      From TFA...

      ""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."

      Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.

      B.
    • There's a reason your jobs are getting shipped to India!

      Dude, you're 5 years out of date. India is saturated. My job just went to Beijing in China.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.