Forgot your password?
typodupeerror
Security Microsoft

Microsofts "Honeymonkey" Project 320

Posted by samzenpus
from the how-could-this-go-wrong dept.
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
This discussion has been archived. No new comments can be posted.

Microsofts "Honeymonkey" Project

Comments Filter:
  • by Hank Chinaski (257573) on Wednesday May 18, 2005 @07:06PM (#12572028) Homepage
    they call these guys "customers" over in redmond ...
    • I like BBQ Monkey personaly,

      but BBQ Microsoft Developer would also do
    • by Tackhead (54550) on Wednesday May 18, 2005 @07:28PM (#12572260)
      > they call these guys "customers" over in redmond ...

      No, those are developers. Developers. Developers. Developers. Developers. Developers. Developers.

    • by Anonymous Coward on Wednesday May 18, 2005 @07:38PM (#12572341)
      sigh...

      I like monkeys. The pet store was selling them for five cents a piece. I thought that odd since they were normally a couple thousand each. I decided not to look a gift horse in the mouth. I bought 200. I like monkeys.

      I took my 200 monkeys home. I have a big car. I let one drive. His name was Sigmund. He was retarded. In fact, none of them were really bright. They kept punching themselves in their genitals. I laughed. Then they punched my genitals. I stopped laughing.

      I herded them into my room. They didn't adapt very well to their new environment. They would screech, hurl themselves off of the couch at high speeds and slam into the wall. Although humorous at first, the spectacle lost its novelty halfway into its third hour.

      Two hours later I found out why all the monkeys were so inexpensive: they all died. No apparent reason. They all just sorta' dropped dead. Kinda' like when you buy a goldfish and it dies five hours later. Damn cheap monkeys.

      I didn't know what to do. There were 200 dead monkeys lying all over my room, on the bed, in the dresser, hanging from my bookcase. It looked like I had 200 throw rugs.

      I tried to flush one down the toilet. It didn't work. It got stuck. Then I had one dead, wet monkey and 199 dead, dry monkeys.

      I tried pretending that they were just stuffed animals. That worked for a while, that is until they began to decompose. It started to smell real bad.

      I had to pee but there was a dead monkey in the toilet and I didn't want to call the plumber. I was embarrassed.

      I tried to slow down the decomposition by freezing them. Unfortunately there was only enough room for two monkeys at a time so I had to change them every 30 seconds. I also had to eat all the food in the freezer so it didn't all go bad.

      I tried burning them. Little did I know my bed was flammable. I had to extinguish the fire.

      Then I had one dead, wet monkey in my toilet, two dead, frozen monkeys in my freezer, and 197 dead, charred monkeys in a pile on my bed. The odor wasn't improving.

      I became agitated at my inability to dispose of my monkeys and to use the bathroom. I severely beat one of my monkeys. I felt better.

      I tried throwing them way but the garbage man said that the city wasn't allowed to dispose of charred primates. I told him that I had a wet one. He couldn't take that one either. I didn't bother asking about the frozen ones.

      finally arrived at a solution. I gave them out as Christmas gifts. My friends didn't know quite what to say. They pretended that they like them but I could tell they were lying. Ingrates. So I punched them in the genitals.

      I like monkeys

  • by Anonymous Coward on Wednesday May 18, 2005 @07:07PM (#12572038)
    *GENERIC JOKE ABOUT MONKEYS BEING IN CHARGE OF MS WINDOWS SECURITY*

    Just thought I'd head everyone off here...

    (lameness filter padding lameness filter padding lameness filter padding)
  • I always assumed Skynet was based off of Windows XP.
  • by Anonymous Coward on Wednesday May 18, 2005 @07:08PM (#12572044)
    In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.
  • by DaedalusLogic (449896) on Wednesday May 18, 2005 @07:08PM (#12572045)
    Sounds delicious.

    But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.
  • Good idea (Score:5, Interesting)

    by X0563511 (793323) * on Wednesday May 18, 2005 @07:08PM (#12572052) Homepage Journal
    This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.
    • by harrkev (623093) <kfmsd@@@harrelsonfamily...org> on Wednesday May 18, 2005 @07:16PM (#12572150) Homepage
      Sure. It sounds like a good idea -- until these boxes hit some warez and mp3 sites. Next thing you know, the BSA and MPAA are knocking on Microsoft's door. I wonder how many licenses for Windows and Office the BSA will force Microsoft to buy...
    • Unless you want that overflow you found to get patched, pick and choose your targets carefully.
      Given that most of the heavy-hitting worms and malware use already-patched exploits, I don't think that this is all that much of a concern to the typical script kiddie.
    • Re:Good idea (Score:5, Insightful)

      by st1d (218383) on Wednesday May 18, 2005 @08:02PM (#12572494) Homepage
      This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.


      Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.
      • by Skye16 (685048) on Wednesday May 18, 2005 @09:11PM (#12573094)
        So script kiddie-ism is the next stage in my evolution?

        ...

        God I'm depressed now.
      • When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.

        And that, my friend, is why it would be so excellent.

        Stewey

    • Unless you want that overflow you found to get patched, pick and choose your targets carefully

      Nah, you'll still get to have a few months of fun.
  • "bieng"? (Score:5, Funny)

    by Cheap Imitation (575717) on Wednesday May 18, 2005 @07:08PM (#12572054)
    It looks like the monkeys aren't only working on Shakespeare...
  • by Absolut187 (816431) on Wednesday May 18, 2005 @07:09PM (#12572061) Homepage
    These boxes are setup to crawl the seedier side of the web

    Help Wanted:
    Can you surf for porn at least 8 hours a day?
    Self-motivated, goal-oriented individual needed full-time.
    Pay commensurate with experience.

  • by Pedrito (94783)
    Isn't honeymonkey a dish in Africa?
  • by Anonymous Coward
    Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.

    Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.
  • by kid_wonder (21480) <public@NosPAm.kscottklein.com> on Wednesday May 18, 2005 @07:11PM (#12572084) Homepage
    ...crawl the seedier side of the web.

    I like to call it, "break time"

  • by nweaver (113078) on Wednesday May 18, 2005 @07:12PM (#12572109) Homepage
    This group has done several impressive projects. Among them is the "Strider Ghostbuster" Rootkit Detector [microsoft.com].

    This is part of the general Strider Project [microsoft.com] in Microsoft Research. They do very good work.
  • I say (Score:5, Funny)

    by smitty_one_each (243267) * on Wednesday May 18, 2005 @07:17PM (#12572157) Homepage Journal
    Put these honemonkeys on a network with a bunch of other computers running Firefox/greasemonkey, and let them fight it out.
  • by denissmith (31123) on Wednesday May 18, 2005 @07:19PM (#12572180)
    A roomful of monkeys wrote Windows XP? OK, I'll buy that.
  • by G4from128k (686170) on Wednesday May 18, 2005 @07:20PM (#12572190)
    Virtual boxen will catch a wide array of exploits, but may miss some. For example, it sounds like they look for attempts to create executables on disk, so a RAM resident nasty might escape notice. Also, some exploits many only work on "real" machines such as those proposed for exploiting hyperthreading [slashdot.org].

    The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.
  • by Anonymous Coward
    I thought AOL patented this years ago.
  • by muszek (882567) on Wednesday May 18, 2005 @07:25PM (#12572227) Homepage
    Pre-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 weeks later someone discovers it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years, 6 months and 2 weeks to patch most computers.
    Post-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 days later monkeys report it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years 6 months and 2 days to patch most computers.

    nice PR move though.
  • by ChipMonk (711367) on Wednesday May 18, 2005 @07:27PM (#12572242) Journal
    Two simple questions:

    1. Are these machines using non-Microsoft IP addresses for their 'net access?

    2. If not, how long until the worm authors take that into account?
    • by Anonymous Coward
      That is actually the main part of the plan -- it was the only way they could think of to protect the Microsoft addresses from being overwhelmed with spyware and viruses and worms and the like.
    • by JoeBuck (7947)
      Suppose Microsoft wanted to come up with a way to get the bad guys to avoid attacking Microsoft. Maybe they could spread the word that a significant range of IP space is honeypots and honeymonkeys and lions and tigers and bears, so then all the kiddies go off and attack someone else.
      • Suppose Microsoft wanted to come up with a way to get the bad guys to avoid attacking Microsoft. Maybe they could spread the word that a significant range of IP space is honeypots and honeymonkeys and lions and tigers and bears, so then all the kiddies go off and attack someone else.

        You are giving someone too much credit, but I am not sure which one.

        -S
  • by kjfitz (256432) on Wednesday May 18, 2005 @07:31PM (#12572292) Homepage
    Seems like the simple counter measure is a "blacklist" of the honeymonkey servers. Granted the IP addresses of these PCs should be secure but A LOT of info leaks / is stolen / is hacked / is accidentally exposed.
  • by aslate (675607) <planetexpress AT gmail DOT com> on Wednesday May 18, 2005 @07:35PM (#12572326) Homepage
    I thought this article was going to say "So they've hired an entire team of moneys to get them to write the next Windows". Infact it's just a load of machines doing nothing. I prefered my idea, much more chance of shit-fights between the moneys.
  • by bman08 (239376) on Wednesday May 18, 2005 @07:48PM (#12572399)
    Somebody at MS got caught surfing porn/warez and cooked up this 'honeymonkey' nonsense to cover his dirty buttocks.
  • From the blurb: Sounds like a decent idea from the Redmond crew to me.

    Sir, you should be taken to the public square and put in the stocks where you will be beaten by peasants for 32 days! How dare you compliment Microsoft on Slashdot? Do you not know that it's considered heresy?
  • FTA: "Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week.

    With all the hoopla a couple years ago about how Microsoft is serious about security, I had ASSUMED they were doing this! The Honeynet project is coming up on 6 years, s
  • ...earl-eye in the mornin'? ...put him in bed with the OS from Redmond ...she's so ugly she looks like a honeymonkey...
  • But since the OP mentioned Shakespeare and monkeys, don't forget to visit the

    Monkey Shakespeare Simulator! [tninet.se] :)
  • Infintie Monkeys (Score:2, Insightful)

    by tyman (831421)
    "given enough time a room full of monkeys could type out Shakespeare"

    I believe the quote is "If you placed an infinite number of monkeys on an infinite number of typewriters, one of them would eventually produce the collected works of Shakespeare." rather than the grammatical nightmare stated above.

    The Infinite Monkey Theorem [wikipedia.org]
  • Maybe what Microsoft truly needs to do is hire a bunch of hackers, crackers, phreakers, h4x0rz, skript k1dd13z, and whatever other scum they can find, and pay them minimum wage to sit there and hack/crack Windows, finding vulnerabilities. "What?" you say, "only minimum wage?!" Well, that's not the whole story. Each time someone finds a way to screw up Windows, they will get paid $50. Therefore, most novice skript k1dd13z in junior high should be able to earn a $250,000 salary a year when working 10 hours a
  • by austad (22163) on Wednesday May 18, 2005 @09:45PM (#12573363) Homepage
    Sounds to me like they copied this guy's idea:

    http://www.malwareblog.com [malwareblog.com]

    He's been doing this exact same thing for almost the past year. The site just went up a couple months ago, but he's been sending his findings to AV companies and some mailing lists for much longer. There's a lot of undiscovered stuff floating around out there.
    • I wrote about something sort of similar:

      A Modest Proposal, or not [advogato.org]

      The upshot is that (1) the rootkits will close the holes they use, (2) the vulnerable machines will be tucked behind firewalls, infected via the web and e-mail, and (3) the bad guys can send bad e-mail to victims, but the honeymonkeys can't.

  • Great idea, Microsoft. This one won't blow up in your face... Not!

    Dedicate a few thousand machine to getting infected, and give them access to the net...

    I wonder how long until people start noticing that the zombies trying to compromise their systems are located in Microsoft's network.

    Microsoft just made the net even more unsafe.

    Let the lawsuits commence.
    • "I wonder how long until people start noticing that the zombies trying to compromise their systems are located in Microsoft's network."

      Because, of course, not one person at MS has ever heard of egress filtering, right?
  • Why is it that I have that Ren & Stimpy song playing it my head?
  • by eander315 (448340) * on Wednesday May 18, 2005 @10:34PM (#12573665)
    I don't have to squint too hard before this honeymonkey project, "...which is little more than a network of virtual Windows XP boxes in various patch states", starts looking like the network I work on every day. Remove the word "virtual", call it the usermonkey project, and you're most of the way there.
  • "not bieng reported, and are bieng actively"

    Sorry to nit-pick but...

  • You mean... (Score:3, Insightful)

    by Bun (34387) on Thursday May 19, 2005 @12:10AM (#12574323)
    ...they don't do something like this already? How does their security team do research, anyway?
  • by l3v1 (787564) on Thursday May 19, 2005 @01:19AM (#12574718)
    Will the day come sometime in the future, when MS will be a security company ? Maybe. The strange thing is, they are looking for ways (like the av and antispy sw acquisitions) to defend a basically unsecure os, and not for ways to make the os itself more secure. My foremost problem with this is, that I don't feel optimistic enough to trust in security questions a company with almost none security-related success stories in their past. But, no doubt, there are many of such optimistic people out there. In the meantime, all their honeys can crawl my home debian for free, given they most certainly will not be able to crawl my work windows boxes.

The first version always gets thrown away.

Working...