Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

'Honey monkeys' deployed to catch crooked code
New Scientist ^ | 5/19/05 | Will Knight

Posted on 05/19/2005 4:39:29 PM PDT by LibWhacker

In an attempt to pre-empt computer hackers, Microsoft is developing "virtual" PCs to scour the web for previously unseen attack code.

At the software giant's Cybersecurity and Systems Management lab, based in Washington State, US, researchers are building a squad of the virtual PCs - created in software rather than hardware - to explore the darker corners of the world wide web.

To any website they visit, the machines appear to be a normal home computer. But the PCs are seeking out code designed to attack a computer and will sound an alarm if any code is executed in contravention of a machine's security settings, or if key system-parameters are unexpectedly altered. They use a software forensics package called Strider, previously created by Microsoft researchers to detect such changes.

This could enable the company to develop software patches to protect against malevolent code - often distributed via viruses or worms - before it can become a widespread nuisance.

Sneaking through

Details of the project were revealed at the IEEE Security and Privacy conference, held in Oakland, US, between 8 and 11 May. Yi-Ming Wang, from Microsoft Research, told the conference that a set of prototype virtual machines are already being used to look out for tools that sneak through a PCs defences while a web page is loading.

He revealed that the machines have been dubbed "honey monkeys" at Microsoft. The name stems from an existing method for snaring hackers, using passive machines, known as honeypots. The "monkey" tag reflects that fact that the new machines will employ a more active, dynamic approach.

"I think it's a really good idea," says Ollie Whitehouse, technical manager for UK-based computer security firm Symantec. "It's a proactive way of detecting new threats and a logical extension of the honeypot approach."

States of disrepair

Wang has already created a handful of prototype honey monkeys. The virtual PCs are configured to resemble Windows computers in various states of disrepair, and with various software patches already installed. And they can trawl through around 7000 websites each day.

"If any web sites exploit a recently found vulnerability, we would talk to our patch and security response teams to tell our customers to apply the latest patch," Wang told SecurityFocus.com. "If we ever identify a fully patched machine that got exploited, we’ve got a big problem."

However, if the scheme is successful in the battle against malicious code, it would probably prompt hackers to build tools to counter honey monkeys. Whitehouse says this might include trying to identify the machines based on the speed with which they spin through a site.


TOPICS: News/Current Events; Technical
KEYWORDS: adware; code; computer; crooked; hackers; hardware; honey; ieee; machine; malicious; microsoft; monkeys; prototype; security; software; spam; strider; virtualmachines; viruses; web

1 posted on 05/19/2005 4:39:38 PM PDT by LibWhacker
[ Post Reply | Private Reply | View Replies]

To: LibWhacker; martin_fierro
As opposed to using Honkey Monkeys
2 posted on 05/19/2005 4:56:38 PM PDT by mikrofon (Always, the right tools for the job...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mikrofon

3 posted on 05/19/2005 4:59:19 PM PDT by martin_fierro ( and Patent Pending)
[ Post Reply | Private Reply | To 2 | View Replies]

To: LibWhacker
"If we ever identify a fully patched machine that got exploited, we’ve got a big problem."

There's many of them out there- If there weren't, there wouldn't be a problem.

Did I miss something here?

4 posted on 05/19/2005 5:31:46 PM PDT by perfect stranger (I need new glasses.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: martin_fierro
Is that the pic you meant to post or just what the website does to deter hot linking?

Sorry if this is a double-post but it didn't seem to go thru the first time on this old machine.

5 posted on 05/19/2005 5:35:05 PM PDT by perfect stranger (I need new glasses.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: perfect stranger
Is that the pic you meant to post or just what the website does to deter hot linking?

Yes.

6 posted on 05/19/2005 5:36:04 PM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 5 | View Replies]

To: martin_fierro

Thanx.


7 posted on 05/19/2005 5:41:37 PM PDT by perfect stranger (I need new glasses.)
[ Post Reply | Private Reply | To 6 | View Replies]

Unfortunately, after 15 minutes connected to the internet, the virtual PCs become infested and locked into a perpetual reboot cycle...


8 posted on 05/19/2005 9:35:50 PM PDT by D-fendr
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson