Microsofts "Honeymonkey" Project 320
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
Re:Did the sun rise from the West? (Score:3, Insightful)
Sort of.
A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.
Hmm sounds like a great idea (Score:2, Insightful)
Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.
Sounds stupid (Score:1, Insightful)
Why are they in various patch states? If you are looking for unknown exploits, the latest patchlevel will be just as useful, and you won't spend your time with millions of false alarms when known exploits get a hold of them.
how much thought went into this? (Score:5, Insightful)
1. Are these machines using non-Microsoft IP addresses for their 'net access?
2. If not, how long until the worm authors take that into account?
Re:Did the sun rise from the West? (Score:3, Insightful)
Re:Sounds stupid (Score:5, Insightful)
Re:Sounds stupid (Score:3, Insightful)
Re:why various patch states? (Score:3, Insightful)
Maybe because they're trying to simulate the real world?
Re:Good idea (Score:5, Insightful)
Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.
Re:Hmm sounds like a great idea (Score:4, Insightful)
In articles I tend to see just a small fraction of posts showing this supposed typical groupthink... and then a gigantic mass of posts from people who think they're observant and different and insightful for pointing out that it's going on.
Re:why various patch states? (Score:2, Insightful)
A side effect of this may be a smaller, more targetted software defense update which could be applied to *all* versions of XP would help more people.
Normal Windows update for pre sp2 computer = ~200mb
Targetted Surgical update = ~10mb.
Both will prevent the trojans and viruses, but one is easier to apply than the other.
Re:A good idea (Score:5, Insightful)
""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."
Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.
B.
Infintie Monkeys (Score:2, Insightful)
I believe the quote is "If you placed an infinite number of monkeys on an infinite number of typewriters, one of them would eventually produce the collected works of Shakespeare." rather than the grammatical nightmare stated above.
The Infinite Monkey Theorem [wikipedia.org]
For Those in the Corporate IT World (Score:3, Insightful)
You mean... (Score:3, Insightful)
MS - the security company (?) (Score:3, Insightful)
Re:Did the sun rise from the West? (Score:3, Insightful)
Doing a good thign doesn't address the reasoning behind why they are doing. It isn't like my statment was implying microsoft was being a good citizen on purpose or anytjhing. They are just doing somethign that i as well as other percive as a good thing. This doens't make us fanbois or microsoft representatives either.
As for linux being the reason they decided to do this, thats pure speculation. Microsoft does know what to do about linux and if you don't think they do then look into the idiotic pattens they ar e applying for. Guess who they will be used against when the time is right. (not apple or any other company that can muster enough money to throw them out.) Your right that linux can't be bought but your wrong about bankrupting it. All they have to do is manipulate the licensing of the software to include a chunk of change for them. If "linux" doesn't pay they can effectivly stop linux from being viably sold to any market or cause the price to be inflated to enourmous level and stop it's adoption outside indevidual hobyist. Microsoft would be in position to control this with a few more pattens on what everyone has come to expect as the norm for computing.
I'm not saying microsoft should or will do anythign like this but it wouldn't surprise me when they do. To think linux is out of the scope of microsofts claws is naive and exactly what will cause it to fall. With a few more pattens, it would be possible to stop linux from even being able to compete on the same grounds it is now. When surveys are saying vender lockin is one of the bigest reasons people are going with open source products, it is only reasonable for microsoft to lockin open source products and maintina thier revenue stream.
Again the moral of the story is what made microsoft take these actions (honey monkeys) wich apear to be honey pots with a little extra. It could be fear of linux, or maybe fear of apple who has a better percieved security tract record as well as a better desktop. It could also be some ploy to fend off litigation were they didn't take steps to secure a product they are selling as secure. It may be that in order to sell to certain organizations, they have to do this or it just may be that they are trying to clean thier reputation up a little. It is all just a guess.