Slashdot Mirror
Microsofts "Honeymonkey" Project
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
Did the sun rise from the West?
Sort of.
A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.
Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.
Why are they in various patch states? If you are looking for unknown exploits, the latest patchlevel will be just as useful, and you won't spend your time with millions of false alarms when known exploits get a hold of them.
Two simple questions:
1. Are these machines using non-Microsoft IP addresses for their 'net access?
2. If not, how long until the worm authors take that into account?
Yeah, and everybody should hold hands around a campfire and sing Kum-bay-yah too, but the real world tends to be a little different.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Maybe because they're trying to simulate the real world?
Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.
Microsoft has just released their much anticipated hands-free cordless mouse. Warning, it may hurt a little at first.
Because MS knows their product is NEVER going to be 100% upto date patched and ready.
A side effect of this may be a smaller, more targetted software defense update which could be applied to *all* versions of XP would help more people.
Normal Windows update for pre sp2 computer = ~200mb
Targetted Surgical update = ~10mb.
Both will prevent the trojans and viruses, but one is easier to apply than the other.
liqbase
From TFA...
""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."
Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
"given enough time a room full of monkeys could type out Shakespeare"
I believe the quote is "If you placed an infinite number of monkeys on an infinite number of typewriters, one of them would eventually produce the collected works of Shakespeare." rather than the grammatical nightmare stated above.
The Infinite Monkey Theorem
I don't have to squint too hard before this honeymonkey project, "...which is little more than a network of virtual Windows XP boxes in various patch states", starts looking like the network I work on every day. Remove the word "virtual", call it the usermonkey project, and you're most of the way there.
...they don't do something like this already? How does their security team do research, anyway?
"Anyone that has ever gotten an idea based on any of my work and done something better with it-good for you."--J.Carmack
Will the day come sometime in the future, when MS will be a security company ? Maybe. The strange thing is, they are looking for ways (like the av and antispy sw acquisitions) to defend a basically unsecure os, and not for ways to make the os itself more secure. My foremost problem with this is, that I don't feel optimistic enough to trust in security questions a company with almost none security-related success stories in their past. But, no doubt, there are many of such optimistic people out there. In the meantime, all their honeys can crawl my home debian for free, given they most certainly will not be able to crawl my work windows boxes.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
microsoft deciding to do somethign "good" is just an percieved impression. Setting up a system of honey pots is a good thing. Using it to find security flaws and then fix them is a "good" thing. If MS is trying to do somethign that happens to be "good" they are doing a "good" thing.
Doing a good thign doesn't address the reasoning behind why they are doing. It isn't like my statment was implying microsoft was being a good citizen on purpose or anytjhing. They are just doing somethign that i as well as other percive as a good thing. This doens't make us fanbois or microsoft representatives either.
As for linux being the reason they decided to do this, thats pure speculation. Microsoft does know what to do about linux and if you don't think they do then look into the idiotic pattens they ar e applying for. Guess who they will be used against when the time is right. (not apple or any other company that can muster enough money to throw them out.) Your right that linux can't be bought but your wrong about bankrupting it. All they have to do is manipulate the licensing of the software to include a chunk of change for them. If "linux" doesn't pay they can effectivly stop linux from being viably sold to any market or cause the price to be inflated to enourmous level and stop it's adoption outside indevidual hobyist. Microsoft would be in position to control this with a few more pattens on what everyone has come to expect as the norm for computing.
I'm not saying microsoft should or will do anythign like this but it wouldn't surprise me when they do. To think linux is out of the scope of microsofts claws is naive and exactly what will cause it to fall. With a few more pattens, it would be possible to stop linux from even being able to compete on the same grounds it is now. When surveys are saying vender lockin is one of the bigest reasons people are going with open source products, it is only reasonable for microsoft to lockin open source products and maintina thier revenue stream.
Again the moral of the story is what made microsoft take these actions (honey monkeys) wich apear to be honey pots with a little extra. It could be fear of linux, or maybe fear of apple who has a better percieved security tract record as well as a better desktop. It could also be some ploy to fend off litigation were they didn't take steps to secure a product they are selling as secure. It may be that in order to sell to certain organizations, they have to do this or it just may be that they are trying to clean thier reputation up a little. It is all just a guess.