Microsofts "Honeymonkey" Project

g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."

secret name of the honeymonkeys

[Hank Chinaski]

they call these guys "customers" over in redmond ...

Re:secret name of the honeymonkeys

[GoClick]

I like BBQ Monkey personaly,

but BBQ Microsoft Developer would also do

Re:secret name of the honeymonkeys

[Tackhead]

> they call these guys "customers" over in redmond ...

No, those are developers. Developers. Developers. Developers. Developers. Developers. Developers.

Re:secret name of the honeymonkeys

[DaHat]

I think you forgot another 27 "Developers."

Re:secret name of the honeymonkeys

[Karl Tacheron]

And the sweating.

Re:secret name of the honeymonkeys

[SeventyBang]

They haven't been brainwashed by M$ yet.

They're known as Summer Interns.

Re:secret name of the honeymonkeys

[Anonymous Coward]

sigh...

I like monkeys. The pet store was selling them for five cents a piece. I thought that odd since they were normally a couple thousand each. I decided not to look a gift horse in the mouth. I bought 200. I like monkeys.

I took my 200 monkeys home. I have a big car. I let one drive. His name was Sigmund. He was retarded. In fact, none of them were really bright. They kept punching themselves in their genitals. I laughed. Then they punched my genitals. I stopped laughing.

I herded them into my room. They didn't adapt very well to their new environment. They would screech, hurl themselves off of the couch at high speeds and slam into the wall. Although humorous at first, the spectacle lost its novelty halfway into its third hour.

Two hours later I found out why all the monkeys were so inexpensive: they all died. No apparent reason. They all just sorta' dropped dead. Kinda' like when you buy a goldfish and it dies five hours later. Damn cheap monkeys.

I didn't know what to do. There were 200 dead monkeys lying all over my room, on the bed, in the dresser, hanging from my bookcase. It looked like I had 200 throw rugs.

I tried to flush one down the toilet. It didn't work. It got stuck. Then I had one dead, wet monkey and 199 dead, dry monkeys.

I tried pretending that they were just stuffed animals. That worked for a while, that is until they began to decompose. It started to smell real bad.

I had to pee but there was a dead monkey in the toilet and I didn't want to call the plumber. I was embarrassed.

I tried to slow down the decomposition by freezing them. Unfortunately there was only enough room for two monkeys at a time so I had to change them every 30 seconds. I also had to eat all the food in the freezer so it didn't all go bad.

I tried burning them. Little did I know my bed was flammable. I had to extinguish the fire.

Then I had one dead, wet monkey in my toilet, two dead, frozen monkeys in my freezer, and 197 dead, charred monkeys in a pile on my bed. The odor wasn't improving.

I became agitated at my inability to dispose of my monkeys and to use the bathroom. I severely beat one of my monkeys. I felt better.

I tried throwing them way but the garbage man said that the city wasn't allowed to dispose of charred primates. I told him that I had a wet one. He couldn't take that one either. I didn't bother asking about the frozen ones.

finally arrived at a solution. I gave them out as Christmas gifts. My friends didn't know quite what to say. They pretended that they like them but I could tell they were lying. Ingrates. So I punched them in the genitals.

I like monkeys

Re:secret name of the honeymonkeys

[QMO]

You know yhat song, "99 Dead Baboons"?
I heard it on the Dr. Demento show.

Re:secret name of the honeymonkeys

[mollymoo]

Offtopic? Get a grip mods, it's about monkeys, which is half the topic. If you can't supply your own honey then use your left hand.

Mod parent +5 funny!

Re:secret name of the honeymonkeys

[krakelohm]

No, I think I had heard it was moneymonkey.

Re:secret name of the honeymonkeys

[st1d]

Nope, it's B.G.'s pet name for Steve Ballmer. I thought everybody knew that...

Get ready for a ton of these

[Anonymous Coward]

*GENERIC JOKE ABOUT MONKEYS BEING IN CHARGE OF MS WINDOWS SECURITY*

Just thought I'd head everyone off here...

(lameness filter padding lameness filter padding lameness filter padding)

Doesn't surprise me

[coljrigg]

I always assumed Skynet was based off of Windows XP.

Nope

[Mr. Underbridge]

I always assumed Skynet was based off of Windows XP.

It takes a Terminator to defeat Skynet. It takes a script kiddie and a buffer overflow to defeat Windows.

Warning: This Operation Has Side Effects

[Anonymous Coward]

In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.

mmmmmm... honeymonkey

[DaedalusLogic]

Sounds delicious.

But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.

Re:mmmmmm... honeymonkey

[Rorschach1]

Could this [theonion.com] be a related species, perhaps?

Re:mmmmmm... honeymonkey

[Spy der Mann]

mmmmmm... honeymonkey
Sounds delicious.

Oh, and you haven't tasted... Snake Surprise [imdb.com]!

Good idea

[X0563511]

This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.

Re:Good idea

[harrkev]

Sure. It sounds like a good idea -- until these boxes hit some warez and mp3 sites. Next thing you know, the BSA and MPAA are knocking on Microsoft's door. I wonder how many licenses for Windows and Office the BSA will force Microsoft to buy...

Re:Good idea

[aardvarkjoe]

Unless you want that overflow you found to get patched, pick and choose your targets carefully.

Given that most of the heavy-hitting worms and malware use already-patched exploits, I don't think that this is all that much of a concern to the typical script kiddie.

Re:Good idea

[st1d]

This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.

Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.

Re:Good idea

[Skye16]

So script kiddie-ism is the next stage in my evolution?

...

God I'm depressed now.

You have a choice to make young Skywalker

[doublem]

Well, you have a choice to make.

You can go down the path of the Script Kiddie, Fandom, Techno-Fandom, Programmer, Uber-User or Hacker.

Script Kiddie pretty much excludes being any good at the other paths, but the other paths do not necessarily exclude each other.

Script Kiddie: A worthless waste of skin who considers themselves to be "better" in one way or another because they can download and run the utilities the found listed in their copy of "Hacking Exposed" and type in an obscure dialect of L33t 5p33

Re:Good idea

[StewedSquirrel]

When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.

And that, my friend, is why it would be so excellent.

Stewey

Re:Good idea

[Feanturi]

Unless you want that overflow you found to get patched, pick and choose your targets carefully

Nah, you'll still get to have a few months of fun.

"bieng"?

[Cheap Imitation]

It looks like the monkeys aren't only working on Shakespeare...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:New job posting at Microsoft

[Ithika]

Do you have what it takes to hit the (honey)monkey?

Re:New job posting at Microsoft

[nbert]

Porn? C'mon. Everybody knows that there is no better way to get infected than to google for "Office Serialz" - just try it with a box lacking 3 month of updates ^^

Mmmmm

[Pedrito]

Isn't honeymonkey a dish in Africa?

Re:Mmmmm

[ScrewMaster]

Hey! My girlfriend is African and I have to say ... some of the things she cooks resemble that remark.

Re:Mmmmm

[Tumbleweed]

Yeah, only not so much with the 'honey.'

Hmm sounds like a great idea

[Anonymous Coward]

Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.

Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.

Re:Hmm sounds like a great idea

[vistic]

More like queue the typical slashdot groupthink about how there's so much typical slashdot groupthink.

In articles I tend to see just a small fraction of posts showing this supposed typical groupthink... and then a gigantic mass of posts from people who think they're observant and different and insightful for pointing out that it's going on.

Re:Hmm sounds like a great idea

[Anonymous Coward]

I agree!

Re:Hmm sounds like a great idea

[Progman3K]

>Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.

Not at all. Although I was under the impression that this was how they wrote most of their software...

I'm available...

[kid_wonder]

...crawl the seedier side of the web.

I like to call it, "break time"

This group also did "ghostbuster"

[nweaver]

This group has done several impressive projects. Among them is the "Strider Ghostbuster" Rootkit Detector [microsoft.com].

This is part of the general Strider Project [microsoft.com] in Microsoft Research. They do very good work.

Re:This group also did "ghostbuster"

[josh3736]

From the linked page [microsoft.com]:

• See the Slashdot postings:
• http://it.slashdot.org/it/05/02/18/1920244.shtml?t id=201 [slashdot.org]
• http://it.slashdot.org/it/05/02/23/1353258.shtml?t id=172&tid=218 [slashdot.org]

Do you understand what this means? They're watching us. Tinfoil alone might not protect you from the Evil Minions. There is nowhere safe.

/confused

Download...

[nweaver]

You can't download it yet, but...

Sysinternals has a similar rootkit detector, instead of scanning the registry from safe media, it does it at a very low level as well as high level, thus it is possibly foolable but still pretty good.

You can get a Knoppix CD and do it for Linux: From within the possibly rootkitted system, MD5sum everything on the disk, reset and boot into Knoppix, repeat the MD5 sum process and look for any differences.

I say

[smittyoneeach]

Put these honemonkeys on a network with a bunch of other computers running Firefox/greasemonkey, and let them fight it out.

So your saying...

[denissmith]

A roomful of monkeys wrote Windows XP? OK, I'll buy that.

Exploits on real vs. virtual XP boxen

[G4from128k]

Virtual boxen will catch a wide array of exploits, but may miss some. For example, it sounds like they look for attempts to create executables on disk, so a RAM resident nasty might escape notice. Also, some exploits many only work on "real" machines such as those proposed for exploiting hyperthreading [slashdot.org].

The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.

Re:Exploits on real vs. virtual XP boxen

[temojen]

It's a lot easier to detect changes to RAM on a virtual machine (which can be halted and examined) than on a real machine (which must be rebooted to run a clean system).

So what else is new

[Anonymous Coward]

I thought AOL patented this years ago.

this news is BIG

[muszek]

Pre-Monkey Era:
-- someone exploits a vulnerability
-- 2 weeks later someone discovers it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.

it took 3 years, 6 months and 2 weeks to patch most computers.
Post-Monkey Era:
-- someone exploits a vulnerability
-- 2 days later monkeys report it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.

it took 3 years 6 months and 2 days to patch most computers.

nice PR move though.

Re:this news is BIG

[putaro]

Your English was fine. It was quite clear.

how much thought went into this?

[ChipMonk]

Two simple questions:

1. Are these machines using non-Microsoft IP addresses for their 'net access?

2. If not, how long until the worm authors take that into account?

Re:how much thought went into this?

[Anonymous Coward]

That is actually the main part of the plan -- it was the only way they could think of to protect the Microsoft addresses from being overwhelmed with spyware and viruses and worms and the like.

Maybe a lot of thought

[JoeBuck]

Suppose Microsoft wanted to come up with a way to get the bad guys to avoid attacking Microsoft. Maybe they could spread the word that a significant range of IP space is honeypots and honeymonkeys and lions and tigers and bears, so then all the kiddies go off and attack someone else.

Re:Maybe a lot of thought

[stoney27]

Suppose Microsoft wanted to come up with a way to get the bad guys to avoid attacking Microsoft. Maybe they could spread the word that a significant range of IP space is honeypots and honeymonkeys and lions and tigers and bears, so then all the kiddies go off and attack someone else.

You are giving someone too much credit, but I am not sure which one.

-S

Honeymonkey Blacklist

[kjfitz]

Seems like the simple counter measure is a "blacklist" of the honeymonkey servers. Granted the IP addresses of these PCs should be secure but A LOT of info leaks / is stolen / is hacked / is accidentally exposed.

Disappointing story

[aslate]

I thought this article was going to say "So they've hired an entire team of moneys to get them to write the next Windows". Infact it's just a load of machines doing nothing. I prefered my idea, much more chance of shit-fights between the moneys.

It's a coverup

[bman08]

Somebody at MS got caught surfing porn/warez and cooked up this 'honeymonkey' nonsense to cover his dirty buttocks.

What? How dare you?

[east coast]

From the blurb: Sounds like a decent idea from the Redmond crew to me.

Sir, you should be taken to the public square and put in the stocks where you will be beaten by peasants for 32 days! How dare you compliment Microsoft on Slashdot? Do you not know that it's considered heresy?

Better Late than Never

[Ridgelift]

FTA: "Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week.

With all the hoopla a couple years ago about how Microsoft is serious about security, I had ASSUMED they were doing this! The Honeynet project is coming up on 6 years, s

What shall we do with the drunken customer...

[syousef]

...earl-eye in the mornin'? ...put him in bed with the OS from Redmond ...she's so ugly she looks like a honeymonkey...

A Little OT

[bad_fx]

But since the OP mentioned Shakespeare and monkeys, don't forget to visit the

Monkey Shakespeare Simulator! [tninet.se] :)

Infintie Monkeys

[tyman]

"given enough time a room full of monkeys could type out Shakespeare"

I believe the quote is "If you placed an infinite number of monkeys on an infinite number of typewriters, one of them would eventually produce the collected works of Shakespeare." rather than the grammatical nightmare stated above.

The Infinite Monkey Theorem [wikipedia.org]

Have hackers do it.

[rice_burners_suck]

Maybe what Microsoft truly needs to do is hire a bunch of hackers, crackers, phreakers, h4x0rz, skript k1dd13z, and whatever other scum they can find, and pay them minimum wage to sit there and hack/crack Windows, finding vulnerabilities. "What?" you say, "only minimum wage?!" Well, that's not the whole story. Each time someone finds a way to screw up Windows, they will get paid $50. Therefore, most novice skript k1dd13z in junior high should be able to earn a $250,000 salary a year when working 10 hours a

Comment removed

[account_deleted]

Comment removed based on user account deletion

An (im)modest proposal

[Markus Registrada]

I wrote about something sort of similar:

A Modest Proposal, or not [advogato.org]

The upshot is that (1) the rootkits will close the holes they use, (2) the vulnerable machines will be tucked behind firewalls, infected via the web and e-mail, and (3) the bad guys can send bad e-mail to victims, but the honeymonkeys can't.

New source of zombies; Microsoft

[Progman3K]

Great idea, Microsoft. This one won't blow up in your face... Not!

Dedicate a few thousand machine to getting infected, and give them access to the net...

I wonder how long until people start noticing that the zombies trying to compromise their systems are located in Microsoft's network.

Microsoft just made the net even more unsafe.

Let the lawsuits commence.

Re:New source of zombies; Microsoft

[Legion303]

"I wonder how long until people start noticing that the zombies trying to compromise their systems are located in Microsoft's network."

Because, of course, not one person at MS has ever heard of egress filtering, right?

I'm Gunna Be A Monkey

[lanner]

Why is it that I have that Ren & Stimpy song playing it my head?

For Those in the Corporate IT World

[eander315]

I don't have to squint too hard before this honeymonkey project, "...which is little more than a network of virtual Windows XP boxes in various patch states", starts looking like the network I work on every day. Remove the word "virtual", call it the usermonkey project, and you're most of the way there.

Its 'i' before 'e'

[crovira]

"not bieng reported, and are bieng actively"

Sorry to nit-pick but...

You mean...

[Bun]

...they don't do something like this already? How does their security team do research, anyway?

MS - the security company (?)

[l3v1]

Will the day come sometime in the future, when MS will be a security company ? Maybe. The strange thing is, they are looking for ways (like the av and antispy sw acquisitions) to defend a basically unsecure os, and not for ways to make the os itself more secure. My foremost problem with this is, that I don't feel optimistic enough to trust in security questions a company with almost none security-related success stories in their past. But, no doubt, there are many of such optimistic people out there. In the meantime, all their honeys can crawl my home debian for free, given they most certainly will not be able to crawl my work windows boxes.

Re:Did the sun rise from the West?

[KiloByte]

Did the sun rise from the West?
Sort of.

A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.

Re:Did the sun rise from the West?

[EpsCylonB]

A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.

No its not, from a company that has a 50 billion dollar warchest and can afford to hire the best and brightest, you should expect only good ideas.

Re:Did the sun rise from the West?

[winkydink]

Yeah, and everybody should hold hands around a campfire and sing Kum-bay-yah too, but the real world tends to be a little different.

Re:Did the sun rise from the West?

[sumdumass]

Well it is ironic that a company like microsoft who charges for thier product and maintains a warchest places an somewhat inferior product out for sale.

Inferior doesn't exactly mean that windows isn't as good as the alternatives but the coding behind it might not be. At least with free (as in beer) products, this type of initiative has been around and used to make open source software more robust and secure then it once was.

Expecting a company like microsoft with it's large war chest to do somethign like

Re:Did the sun rise from the West?

[sumdumass]

microsoft deciding to do somethign "good" is just an percieved impression. Setting up a system of honey pots is a good thing. Using it to find security flaws and then fix them is a "good" thing. If MS is trying to do somethign that happens to be "good" they are doing a "good" thing.

Doing a good thign doesn't address the reasoning behind why they are doing. It isn't like my statment was implying microsoft was being a good citizen on purpose or anytjhing. They are just doing somethign that i as well as othe

Re:Did the sun rise from the West?

[SparafucileMan]

o stfu. don't hate.

Re:Did the sun rise from the West?

[l3v1]

you should expect only good ideas.

Well, that _is_ some quite an optimistic viewpoint. Be that about MS or else.

Re:Did the sun rise from the West?

[gatzke]

Yeah, like Microsoft Bob. Total flop, supposedly worst product ever.

Clippy. Same lines as Bob, computer is smarter than you. Not the best feature.

Windows 3.1 was not the best in the world, or the entire Win ME series.

I do like office to some extent. LaTeX slides just look like crap, and Word is sufficient for one page letters.

Re:Did the sun rise from the West?

[ScrewMaster]

Okay, so they're using virtual PCs but this is just an extension of someone else's idea ... which for all Microsoft's billions is all they ever manage to get to market. Bill Gates claims that "technological miracles cross my desk every week" but he doesn't actually market any of them. Still ... I won't be surprised if this results in Microsoft being issued a patent on the concept of a honeypot, though, virtual or otherwise.

Re:Did the sun rise from the West?

[ScrewMaster]

Oh, I agree ... but wouldn't you think that the financial and technological resources of a Microsoft would run to more than Windows XP and Microsoft Office, with or without Bob? Even IBM, as evil a corporate entity as it has been in the past, has been responsible for some truly remarkable advances. AT&T and Bell Laboratories achieved some great things and they were just the phone company.

In terms of technical achievement, Microsoft is little more than a third-rate software company that made its pile

Re:Hmm.

[lcnxw]

No, it is the start of Microsoft Newspeak. Longhorn will no longer say "Memory Page Fault" but instead "memfault." "Blue Screen" (bluescree) will lose its negative meaning and come to be a blessing from m.s. (Microsoft). Words like honeymonkey will eventually take on meanings like Ingsoc or doublethink, and there will be no more crashes, because it is no longer possible to concieve a crash.

"he is a doubleplusgood honeyeymonkeyer."

"Bluescree! Praise m.s.!"

"MSCalc: 2+2=5!"

Re:Hmm.

[Heliologue]

Computers are supposed to crash. Computers have always crashed.

The First Crash

[nmb3000]

Here's the first crash [gdargaud.net]

I think they were computing pi.

New Ballmer's mantra

[50m31sl4sh.]

I guess Ballmer should now be singing:

Monkey, monkey, monkey, monkey
Virus! Virus!
Monkey, monkey, monkey, monkey
Argh! It's a spam!

Re:Hmm.

[Alsee]

One minor correction to your post...
The last line is actually Intel's Intellectual Property.

-

Re:Sounds stupid

[LurkerXXX]

Maybe some of their non-critical patches actually fix an unknown exploitable hole. They might want to change the status of those fixes from optional to critical.

Re:Sounds stupid

[temojen]

Newer patch states may conceal still-present older bugs. I.E. the SP2 firewall may stop someone from exploiting a long-unnoticed remote vulnerability... until the attacker comes across a machine with the firewall turned off.

Re:Sounds stupid

[Crash Culligan]

In addition the the reasons cited by other replies to your question, bear in mind that sometimes when you patch one thing you break something else. If it can happen on something as simple as a website, it can happen on something as complex as an operating system.

This way, they should be able to catch exploits that open up because of poorly designed patches. If a later patch-level machine comes down with something and an earlier version doesn't, they'll know it happened, and that's a first step to making s

Think about the possibilities.

[khasim]

You could find an exploit that was fixed by a patch you already issued that wasn't applied ...

and then you could issue a new patch to fix that exploit.

I'm sure people who didn't apply the first patch would be happy to apply the second patch. Really. I'm sure they'd be happy to.

Re:why various patch states?

[CaymanIslandCarpedie]

I found that a bit strange as well. If there is already a patch for it, why study it? I realized though this could actually be useful info. If they realize there is a certain exploit (though already patched) which is getting taken advantage of a lot, they could beat some admins/users on the head. "Hey you REALLY want to apply this patch", there are a number of admins/users who don't stay up to date with patches (not too smart), but its true. This info could help to "convince" these people to patch the

Re:why various patch states?

[YrWrstNtmr]

why aren't they just focusing on the most up-to-date patched versions of their various products? Anyone running an unpatched windows box is insane...

Maybe because they're trying to simulate the real world?

Re:why various patch states?

[LiquidCoooled]

Because MS knows their product is NEVER going to be 100% upto date patched and ready.

A side effect of this may be a smaller, more targetted software defense update which could be applied to *all* versions of XP would help more people.

Normal Windows update for pre sp2 computer = ~200mb

Targetted Surgical update = ~10mb.

Both will prevent the trojans and viruses, but one is easier to apply than the other.

Re:why various patch states?

[DerekLyons]

Why various patch states? It would seem like a futile thing to try to study older versions of your product - why aren't they just focusing on the most up-to-date patched versions of their various products?

Because in the real world not every user is patched up-to-date.

Wouldn't those be targetted?

[khasim]

If you're uber-elite, would you target just any machine with your non-publicly-released exploitation?

If it was me, I'd save the big guns for specific sites.

I'd use the common ones to crack the random boxes and use those boxes to map/probe my specific targets.

Once you start hitting everybody, someone will notice and start digging. Then you'll lose your secret toy.

Re:A good idea

[penix1]

From TFA...

""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."

Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.

B.

Re:Innovation from Redmond?

[Umbral Blot]

wait, so them stoping people from illegally pirating their product is a bad thing??

Re:Innovation from Redmond?

[Baricom]

Yes.

Blocking people from doing security patches means more infected computers on the Internet, and better odds that one will find a paying customer to infect.

I think software activation is unethical also, but I'll save that debate for another day.

Re:Seedier Side of Web...

[netsharc]

And I wonder if the test program clicks "Yes" when asked "Do you trust this web site to install software on your computer?", the way IE users do.

Sigh, people are dumb, even when the dialog box says "this may be dangerous!", people keep clicking on "Yes" or "Open attachment". Maybe a new OS/browser should have a quiz when you install/use it for the first time.. when the user is dumb, make it real hard to do something stupid, and when the user is a pro, make it real easy. Maybe the lusers should be put in a

Re: It has to be said

[plenTpak]

[1] Even though Microsoft will not be able to find every single vulnerability, this will help them find and fix common vulnerabilities that appear. Since they'll know where the problem came from, they'll also be able to test any solutions they come up with. And there always is a "window of opportunity", but this will help Microsoft shorten it.

[2] According to the description, the network is set up to crawl websites looking for vulnerabilities. If one of the websites infects the crawler, then they will have

Re:U LINUX FAGS

[turgid]

There's a reason your jobs are getting shipped to India!

Dude, you're 5 years out of date. India is saturated. My job just went to Beijing in China.