Skip to comments.'Honey monkeys' deployed to catch crooked code
Posted on 05/19/2005 4:39:29 PM PDT by LibWhacker
In an attempt to pre-empt computer hackers, Microsoft is developing "virtual" PCs to scour the web for previously unseen attack code.
At the software giant's Cybersecurity and Systems Management lab, based in Washington State, US, researchers are building a squad of the virtual PCs - created in software rather than hardware - to explore the darker corners of the world wide web.
To any website they visit, the machines appear to be a normal home computer. But the PCs are seeking out code designed to attack a computer and will sound an alarm if any code is executed in contravention of a machine's security settings, or if key system-parameters are unexpectedly altered. They use a software forensics package called Strider, previously created by Microsoft researchers to detect such changes.
This could enable the company to develop software patches to protect against malevolent code - often distributed via viruses or worms - before it can become a widespread nuisance.
Details of the project were revealed at the IEEE Security and Privacy conference, held in Oakland, US, between 8 and 11 May. Yi-Ming Wang, from Microsoft Research, told the conference that a set of prototype virtual machines are already being used to look out for tools that sneak through a PCs defences while a web page is loading.
He revealed that the machines have been dubbed "honey monkeys" at Microsoft. The name stems from an existing method for snaring hackers, using passive machines, known as honeypots. The "monkey" tag reflects that fact that the new machines will employ a more active, dynamic approach.
"I think it's a really good idea," says Ollie Whitehouse, technical manager for UK-based computer security firm Symantec. "It's a proactive way of detecting new threats and a logical extension of the honeypot approach."
States of disrepair
Wang has already created a handful of prototype honey monkeys. The virtual PCs are configured to resemble Windows computers in various states of disrepair, and with various software patches already installed. And they can trawl through around 7000 websites each day.
"If any web sites exploit a recently found vulnerability, we would talk to our patch and security response teams to tell our customers to apply the latest patch," Wang told SecurityFocus.com. "If we ever identify a fully patched machine that got exploited, weve got a big problem."
However, if the scheme is successful in the battle against malicious code, it would probably prompt hackers to build tools to counter honey monkeys. Whitehouse says this might include trying to identify the machines based on the speed with which they spin through a site.
There's many of them out there- If there weren't, there wouldn't be a problem.
Did I miss something here?
Sorry if this is a double-post but it didn't seem to go thru the first time on this old machine.
Unfortunately, after 15 minutes connected to the internet, the virtual PCs become infested and locked into a perpetual reboot cycle...