Forgot your password?
typodupeerror
Microsoft Security

Microsoft Readying Massive Real Time Threat Intelligence Feed 89

Posted by samzenpus
from the dangers-of-the-day dept.
chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."
This discussion has been archived. No new comments can be posted.

Microsoft Readying Massive Real Time Threat Intelligence Feed

Comments Filter:
  • Bad idea (Score:3, Interesting)

    by Anonymous Coward on Wednesday January 11, 2012 @05:37PM (#38667984)

    sounds like a violation of the users' privacy

    just because my computer is part of a botnet doesn't mean I have agreed to have my IP and other info sent to government agencies, especially foreign governments

    • Re:Bad idea (Score:5, Informative)

      by Bananatree3 (872975) on Wednesday January 11, 2012 @05:39PM (#38668012)
      Son - you've got other problems if you're on a bot net.
    • by Anonymous Coward
      Yeah, and if your car is stolen and used for a bank robbery, that doesn't mean you've agreed to have your plate and description of your car distributed to Government agencies!
      • I think you nearly got the car analogy right.
        If someone steals your car for a bank robbery, is [americas most wanted/other tv or news show] allowed to say the police are looking for a car with a licence plate xyz1234. I would hope so.
        you don't own your ip address, like you don't own your license plate number
        • by g0bshiTe (596213)
          For the average citizen it's much harder to get my personal info from my license plate number than from my IP address.

          You can not continue to probing my house from knowing my plate number, but you can probe my home network with my IP.
          • You don't know whos home you're probing with an IP address. You also don't know if the ISP as allocated the IP to another address since it was published. In most cases its not your IP. A few dollars will get any citizen your full name and registered address from a license plate number.
    • by John3 (85454)

      I do not think it means what you think it means.

  • Found a direct link (Score:5, Informative)

    by symbolset (646467) * on Wednesday January 11, 2012 @05:37PM (#38667986) Journal
    Internet Storm Center [sans.org]. Apparently it has been up for quite a while. What bright lights of wonder Microsoft hides under their bushel! I wonder what else there is.
    • by Larryish (1215510)

      "Microsoft Readying Massive Real Time Threat Intelligence Feed"

      Meh.

      In reality MS just sends the .gov a map of Internet-connected Windows installs.

      Thin end of the wedge, and all that.

  • by nurb432 (527695) on Wednesday January 11, 2012 @05:38PM (#38667998) Homepage Journal

    And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

    • And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

      Joe McCarthy has been dead for over 50 years. I think you're safe owning the Communist Manifesto. Searches in your browser history for al-Qaeda might be a different matter.

  • ...the full-disclosure list:

    http://seclists.org/fulldisclosure/ [seclists.org]
  • by Anonymous Coward

    IBM would turn it into a product.

    Google would integrate this in Chrome and their DNS.

    MS gives it away and wonders why their stockholders are not happy...

  • good idea? (Score:5, Interesting)

    by viperidaenz (2515578) on Wednesday January 11, 2012 @06:28PM (#38668454)
    Just wait till those running the botnets use this real time information as a tool to avoid detection/capture.

    wouldn't it be advantageous if they can tell what botnet behaviours are picked up by the detection tools in real time?

  • Skynet is growing

  • [Insert tired "but Windows is the biggest virus there is!" post here.]
  • by Georules (655379) on Wednesday January 11, 2012 @06:51PM (#38668666)
    MS proved they can take down botnets largely comprised of systems they wrote the software for? Good work.
  • It would probably be better if the focused their energy on closing security holes and doing their best to stop their consumer operating systems from being the low hanging fruit for botnet makers. I have heard than an ounce of prevention is better than a massive security project to remove the ass of a tick or something to that effect.
  • by giorgist (1208992) on Wednesday January 11, 2012 @07:28PM (#38668946)
    1. Some "criminal" bot net grabs my private data.
    2. Microsoft infiltrates bot net.
    3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
    4. Government has my data legally ?

    Does this not sound like the police getting criminals to do their dirty work ?
    What would be the intensive to bring down the bot ?
    How do I know who set up the original bot ?
    Should I trust Microsoft ?
    Should I trust the government ?
    • You'd rather trust the bot net operator?

      Yes, I understand (and agree with) your reservations and concerns about what the government would do with such data, but it's really not like the alternative is demonstratively better. Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too. What's to stop a bot from installing a key logger and browser history scraper? Or from scanning your personal files? Or from turning on your webcam?

      Additionally, owners of sys

  • "Trust us. No one on that list is there because of a mistake or because they are a business competitior or because they have views we don't like or because they have an ugly pet. Once we have enough people using our list we'll establish control over the flow of information and...er... I mean we'll stamp out that pesky varmit infected computers.... yessiree"

    To state the obvious, this is the Information Age. Information is of increasing value, therefore, the control to it's access is of great interest
  • I applaud their wit and strategy, although it is THEIR software that is causing all this in the first place....I know they can not go backwards,
    or change their OS methodology, so instead they do the next best thing, make all the info available to those law enforcements, to catch the ones that
    would use these vulnerabilities to exploit the people using Windows..... great! so today the big evil corp we know as MS, has done a good deed indeed!
    First step on the road to redemption....

Never make anything simple and efficient when a way can be found to make it complex and wonderful.

Working...