Slashdot Mirror
Microsofts "Honeymonkey" Project
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
they call these guys "customers" over in redmond ...
IAAL
*GENERIC JOKE ABOUT MONKEYS BEING IN CHARGE OF MS WINDOWS SECURITY*
Just thought I'd head everyone off here...
(lameness filter padding lameness filter padding lameness filter padding)
I always assumed Skynet was based off of Windows XP.
In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.
Sounds delicious.
But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.
This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
It looks like the monkeys aren't only working on Shakespeare...
Comment removed based on user account deletion
Did the sun rise from the West?
Sort of.
A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Queue the typical Slashdot groupthink about how Microsoft is somehow evil/stupid for doing this.
Actually attempting to use their product as if they were an end user in the wild of the internet. Seems to me this shows that Microsoft is definately moving towards a more security conscious mindset.
I like to call it, "break time"
"Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
This group has done several impressive projects. Among them is the "Strider Ghostbuster" Rootkit Detector.
This is part of the general Strider Project in Microsoft Research. They do very good work.
Test your net with Netalyzr
No, it is the start of Microsoft Newspeak. Longhorn will no longer say "Memory Page Fault" but instead "memfault." "Blue Screen" (bluescree) will lose its negative meaning and come to be a blessing from m.s. (Microsoft). Words like honeymonkey will eventually take on meanings like Ingsoc or doublethink, and there will be no more crashes, because it is no longer possible to concieve a crash.
"he is a doubleplusgood honeyeymonkeyer."
"Bluescree! Praise m.s.!"
"MSCalc: 2+2=5!"
Put these honemonkeys on a network with a bunch of other computers running Firefox/greasemonkey, and let them fight it out.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
A roomful of monkeys wrote Windows XP? OK, I'll buy that.
I have nothing to hide. So, why are you spying on me?
Computers are supposed to crash. Computers have always crashed.
A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.
No its not, from a company that has a 50 billion dollar warchest and can afford to hire the best and brightest, you should expect only good ideas.
Virtual boxen will catch a wide array of exploits, but may miss some. For example, it sounds like they look for attempts to create executables on disk, so a RAM resident nasty might escape notice. Also, some exploits many only work on "real" machines such as those proposed for exploiting hyperthreading.
The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.
Two wrongs don't make a right, but three lefts do.
I thought AOL patented this years ago.
Pre-Monkey Era:
-- someone exploits a vulnerability
-- 2 weeks later someone discovers it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.
it took 3 years, 6 months and 2 weeks to patch most computers.
Post-Monkey Era:
-- someone exploits a vulnerability
-- 2 days later monkeys report it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.
it took 3 years 6 months and 2 days to patch most computers.
nice PR move though.
Hey! My girlfriend is African and I have to say ... some of the things she cooks resemble that remark.
The higher the technology, the sharper that two-edged sword.
Two simple questions:
1. Are these machines using non-Microsoft IP addresses for their 'net access?
2. If not, how long until the worm authors take that into account?
Yeah, and everybody should hold hands around a campfire and sing Kum-bay-yah too, but the real world tends to be a little different.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Maybe some of their non-critical patches actually fix an unknown exploitable hole. They might want to change the status of those fixes from optional to critical.
Here's the first crash
I think they were computing pi.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
Seems like the simple counter measure is a "blacklist" of the honeymonkey servers. Granted the IP addresses of these PCs should be secure but A LOT of info leaks / is stolen / is hacked / is accidentally exposed.
I thought this article was going to say "So they've hired an entire team of moneys to get them to write the next Windows". Infact it's just a load of machines doing nothing. I prefered my idea, much more chance of shit-fights between the moneys.
Do you have what it takes to hit the (honey)monkey?
the layman's guide to computer science
Somebody at MS got caught surfing porn/warez and cooked up this 'honeymonkey' nonsense to cover his dirty buttocks.
Newer patch states may conceal still-present older bugs. I.E. the SP2 firewall may stop someone from exploiting a long-unnoticed remote vulnerability... until the attacker comes across a machine with the firewall turned off.
wait, so them stoping people from illegally pirating their product is a bad thing??
Philosophy.
Maybe because they're trying to simulate the real world?
I guess Ballmer should now be singing:
Monkey, monkey, monkey, monkey
Virus! Virus!
Monkey, monkey, monkey, monkey
Argh! It's a spam!
Rediculous is ridiculous!
It takes a Terminator to defeat Skynet. It takes a script kiddie and a buffer overflow to defeat Windows.
Because MS knows their product is NEVER going to be 100% upto date patched and ready.
A side effect of this may be a smaller, more targetted software defense update which could be applied to *all* versions of XP would help more people.
Normal Windows update for pre sp2 computer = ~200mb
Targetted Surgical update = ~10mb.
Both will prevent the trojans and viruses, but one is easier to apply than the other.
liqbase
From TFA...
""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."
Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
"given enough time a room full of monkeys could type out Shakespeare"
I believe the quote is "If you placed an infinite number of monkeys on an infinite number of typewriters, one of them would eventually produce the collected works of Shakespeare." rather than the grammatical nightmare stated above.
The Infinite Monkey Theorem
[1] Even though Microsoft will not be able to find every single vulnerability, this will help them find and fix common vulnerabilities that appear. Since they'll know where the problem came from, they'll also be able to test any solutions they come up with. And there always is a "window of opportunity", but this will help Microsoft shorten it.
[2] According to the description, the network is set up to crawl websites looking for vulnerabilities. If one of the websites infects the crawler, then they will have found a vulnerability. So it could help. In fact, they could also watch for non-browser related exploits, which are commonly used by worms. So in both cases, it very well could help Microsoft detect unreported vulnerabilities.
[3] All they need to do is use IE. If their system gets infected, that's enough to raise an alarm. They don't need matching video cards to see if IE has a buffer overflow in its image rendering module. And they are trying to secure their OS -- that's the point of this research! Discover holes, and fix them. A more apt analogy would be letting people try to break into your car, and then installing countermeasures against whatever techniques succeded.
Sure, it's not the perfect solution (as if one exists), but it's a good idea.
Sounds to me like they copied this guy's idea:
http://www.malwareblog.com
He's been doing this exact same thing for almost the past year. The site just went up a couple months ago, but he's been sending his findings to AV companies and some mailing lists for much longer. There's a lot of undiscovered stuff floating around out there.
Need Free Juniper/NetScreen Support? JuniperForum
I don't have to squint too hard before this honeymonkey project, "...which is little more than a network of virtual Windows XP boxes in various patch states", starts looking like the network I work on every day. Remove the word "virtual", call it the usermonkey project, and you're most of the way there.
...they don't do something like this already? How does their security team do research, anyway?
"Anyone that has ever gotten an idea based on any of my work and done something better with it-good for you."--J.Carmack
Will the day come sometime in the future, when MS will be a security company ? Maybe. The strange thing is, they are looking for ways (like the av and antispy sw acquisitions) to defend a basically unsecure os, and not for ways to make the os itself more secure. My foremost problem with this is, that I don't feel optimistic enough to trust in security questions a company with almost none security-related success stories in their past. But, no doubt, there are many of such optimistic people out there. In the meantime, all their honeys can crawl my home debian for free, given they most certainly will not be able to crawl my work windows boxes.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
microsoft deciding to do somethign "good" is just an percieved impression. Setting up a system of honey pots is a good thing. Using it to find security flaws and then fix them is a "good" thing. If MS is trying to do somethign that happens to be "good" they are doing a "good" thing.
Doing a good thign doesn't address the reasoning behind why they are doing. It isn't like my statment was implying microsoft was being a good citizen on purpose or anytjhing. They are just doing somethign that i as well as other percive as a good thing. This doens't make us fanbois or microsoft representatives either.
As for linux being the reason they decided to do this, thats pure speculation. Microsoft does know what to do about linux and if you don't think they do then look into the idiotic pattens they ar e applying for. Guess who they will be used against when the time is right. (not apple or any other company that can muster enough money to throw them out.) Your right that linux can't be bought but your wrong about bankrupting it. All they have to do is manipulate the licensing of the software to include a chunk of change for them. If "linux" doesn't pay they can effectivly stop linux from being viably sold to any market or cause the price to be inflated to enourmous level and stop it's adoption outside indevidual hobyist. Microsoft would be in position to control this with a few more pattens on what everyone has come to expect as the norm for computing.
I'm not saying microsoft should or will do anythign like this but it wouldn't surprise me when they do. To think linux is out of the scope of microsofts claws is naive and exactly what will cause it to fall. With a few more pattens, it would be possible to stop linux from even being able to compete on the same grounds it is now. When surveys are saying vender lockin is one of the bigest reasons people are going with open source products, it is only reasonable for microsoft to lockin open source products and maintina thier revenue stream.
Again the moral of the story is what made microsoft take these actions (honey monkeys) wich apear to be honey pots with a little extra. It could be fear of linux, or maybe fear of apple who has a better percieved security tract record as well as a better desktop. It could also be some ploy to fend off litigation were they didn't take steps to secure a product they are selling as secure. It may be that in order to sell to certain organizations, they have to do this or it just may be that they are trying to clean thier reputation up a little. It is all just a guess.
Dude, you're 5 years out of date. India is saturated. My job just went to Beijing in China.
Stick Men
Well, you have a choice to make.
You can go down the path of the Script Kiddie, Fandom, Techno-Fandom, Programmer, Uber-User or Hacker.
Script Kiddie pretty much excludes being any good at the other paths, but the other paths do not necessarily exclude each other.
Script Kiddie: A worthless waste of skin who considers themselves to be "better" in one way or another because they can download and run the utilities the found listed in their copy of "Hacking Exposed" and type in an obscure dialect of L33t 5p33k.
Fandom: A Sci-Fi or fantasy fan. A Geek path that does not require computer skills, but doesn't preclude them either. Star * Geeks, Buffy fans and even some furries fall into this category, but don't let the unsavory stereotype associated with the above groups turn you off. The vast majority of Sci-Fi fans are perfectly normal people.
Techno-Fandom: The Sci-Fi fans who run the Sci-Fi conventions. There's a LOT of overlap with the theater industry in this group. It also has a lot of people who dislike Sci-Fi but participate to hang out with their friends and meet hot chicks at the Dresden Dolls concerts.
Programmer: Linus Torvalds,Woz, Bill Gates in the early years, Mad Dog and the like are among the icons in this category.
Hacker: Black Hat, White Hat or Grey Hat, this is the group Script Kiddies are pretending to be part of. Cult of the Dead Cow is good example. Most of this group's literature is read by the Script Kiddies, who then pretend to understand it, sometimes even fooling themselves.
Uber-User: Many Techs fall into this category. They know far more about computers than a Script Kiddie ever will, can administer most servers and environments reliably and tend to be on the ball. In their knowledge, they're beyond the "Just Enough to be Dangerous" level, but not quite Programmers or Hackers. They're a separate category because many people send their lives here, never quite becoming Programmers. The difference is often Grey and fuzzy, with people changing their classification easily if you shift platforms on them. For example, many Windows Hackers are reduced to Uber-Users when switching to *nix and vise versa.
"Live Free or Die." Don't like it? Then keep out of the USA