Microsofts "Honeymonkey" Project - Slashdot

Slashdot is powered by your submissions, so send in your scoop

×

Microsofts "Honeymonkey" Project 320

Posted by samzenpus on Wednesday May 18, 2005 @07:04PM from the how-could-this-go-wrong dept.

g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."

This discussion has been archived. No new comments can be posted.

Microsofts "Honeymonkey" Project

Search 320 Comments Log In/Create an Account

Comments Filter:

Warning: This Operation Has Side Effects (Score:5, Interesting)

by Anonymous Coward writes: on Wednesday May 18, 2005 @07:08PM (#12572044)

In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.

Share
twitter facebook
Good idea (Score:5, Interesting)

by X0563511 ( 793323 ) * writes: on Wednesday May 18, 2005 @07:08PM (#12572052) Homepage Journal

This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.

Share
twitter facebook
Re:Did the sun rise from the West? (Score:3, Interesting)

by EpsCylonB ( 307640 ) writes: <eps AT epscylonb DOT com> on Wednesday May 18, 2005 @07:20PM (#12572189) Homepage

A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.

No its not, from a company that has a 50 billion dollar warchest and can afford to hire the best and brightest, you should expect only good ideas.

Parent Share
twitter facebook
Exploits on real vs. virtual XP boxen (Score:3, Interesting)

by G4from128k ( 686170 ) writes: on Wednesday May 18, 2005 @07:20PM (#12572190)

Virtual boxen will catch a wide array of exploits, but may miss some. For example, it sounds like they look for attempts to create executables on disk, so a RAM resident nasty might escape notice. Also, some exploits many only work on "real" machines such as those proposed for exploiting hyperthreading [slashdot.org].

The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.

Share
twitter facebook
They are Building Security Rep (Score:1, Interesting)

by mpapet ( 761907 ) writes: on Wednesday May 18, 2005 @07:26PM (#12572239) Homepage

This the kind of BS that they will use to claim "PronHorn is more secure!!!" The reality of this would go something like:

1. Set up weak boxes
2. Send them to questionable sites.
3. Watch them get infected.
4. Figure out how they got infected.
5. Report how they got infected.

Then
A. Do nothing, there's "no budget" to fix the problems. (very likely)
B. Modify the code -just- enough to get rid of the worst offenders. (least likely)
C. Charge the end-user a subscription to "protect" them from threats found in their research with another enterprise software package. (my choice as most likely)

In the end Microsoft says, "We've committed billions to increased security in pronhorn. It's more usable and real secure and "just works." Apply more anti-competitive practices liberally and maintain monopoly.

What bugs me the most is it will sound like it's true and kill Linux adoption. But the security patches will just keep coming.

Share
twitter facebook
Seedier Side of Web... (Score:1, Interesting)

by Anonymous Coward writes: on Wednesday May 18, 2005 @07:29PM (#12572273)

I wonder how Microsoft defines the "seedier" side of the web, and how the sites the various computers visit are regulated.

It would be interesting to run the same test, but equipping half of the machines with an alternative browser.

"if ($body_maintext[$n] =~ /ActiveX|Microsoft\sVM/) {
$seedy_side_of_web=1;
}
"

Share
twitter facebook
Maybe a lot of thought (Score:2, Interesting)

by JoeBuck ( 7947 ) writes: on Wednesday May 18, 2005 @07:39PM (#12572345) Homepage

Suppose Microsoft wanted to come up with a way to get the bad guys to avoid attacking Microsoft. Maybe they could spread the word that a significant range of IP space is honeypots and honeymonkeys and lions and tigers and bears, so then all the kiddies go off and attack someone else.

Parent Share
twitter facebook
Re:Innovation from Redmond? (Score:3, Interesting)

by Umbral Blot ( 737704 ) writes: on Wednesday May 18, 2005 @07:55PM (#12572448) Homepage

wait, so them stoping people from illegally pirating their product is a bad thing??

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

All seems condemned in the long run to approximate a state akin to Gaussian noise. -- James Martin