Posted on 08/09/2005 9:11:18 AM PDT by theBuckwheat
Microsoft's "monkeys" find first zero-day exploit Robert Lemos, SecurityFocus 2005-08-08
Microsoft 's experimental Honeymonkey project has found almost 750 Web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month.
Known more formerly as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system.
Honeymonkeys, a name coined by Microsoft, modify the concept of honeypots--computers that are placed online and monitored to detect attacks.
"The honeymonkey client goes (to malicious Web sites) and gets exploited rather than waiting to get attacked," said Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group. "This technique is useful for basically any company that wants to find out whether their software is being exploited this way by Web sites on the Internet."
...
The honeymonkey project, first discussed at the Institute of Electrical and Electronics Engineers' Symposium on Security and Privacy in Oakland, California in May, is the latest attempt by the software giant to detect threats to its customers before the threats become widespread. The honeymonkeys consist of virtual machines running different patch levels of Windows. The "monkey" programs browse a variety of Web sites looking for sites that attempt to exploit browser vulnerabilities.
(Excerpt) Read more at security-focus.com ...
Then again, I guess asking that question makes about as much sense as seeking after the "root cause of terrorism". There is no rational explanation for it.
Are we talking about the same bug? In my recollection, the sendmail bug allowed arbitrary execution of code, which was compounded because sendmail was improperly configured (by default) to run as "root" (system admisitrator). Then again, it was a long time ago...
They became immensely successful and then had the nerve to not {gasp} share their source code with those who demanded it ... for FREE.
Coke has had their secret "Formula X" for how many years and yet no one DEMANDS they share it. Same with KFC, Dr. Pepper, etc. Do you hear outrage about these companies? Nope. Only Microsoft.
Thanks!!!!!
If 1988 was over 20 years ago, you are a genuine futurist.
I will not defend Microsoft against the charge that they did not anticipate the rise of the internet as a consumer appliance. I happen to remember 1995, when I first started using the internet at home. At the time the computer magazines were full of articles asking what the next killer app would be. No one mentioned the browser. So duh.
Microsoft concentrated its efforts on making networking easy for non-technical people, ath the expense of security. As a result, Windows has a 90 percent market share, and Unix in its various forms has less than ten percent. I wonder if Bill Gates and his stockholders would have it the other way round.
I said the sendmail bug was nearly 20 years ago. Also, UNIX does have a 20+ year head start on Microsoft, especially in regards to networking (ARPAnet debuted in 1968, though UNIX didn't begin to appear until the following year).
Microsoft concentrated its efforts on making networking easy for non-technical people, ath the expense of security.
Which meant ignoring decades worth of networking experience from the UNIX and VMS worlds. It was a business/marketing decision, but in the long run, a bad one because it has put them, as a company, always in a trailing mode of operation with regards to security.
All Windows computers are honeymonkey clients.
I don't think this thread is going the way it was planned.
It's really difficult to make fun of a company for taking proactive steps towards security, even if they have been negligent in the past.
Particularly when they have never had a disaster of the magnitude of their competitor's.
Eh, cheap shots are easier. Anyway, it looks to me like a fairly clever approach that should yield tangible benefits to end users. If it was the Mozilla Foundation doing this, we'd be hearing how clever it is, but it's not, so there ;)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.