Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsofts "Honeymonkey" Project

Posted by samzenpus on from the how-could-this-go-wrong dept.

g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."

33 of 320 comments (clear)

  1. secret name of the honeymonkeys by Hank+Chinaski · · Score: 5, Funny

    they call these guys "customers" over in redmond ...

    --
    IAAL
    1. Re:secret name of the honeymonkeys by Tackhead · · Score: 4, Funny
      > they call these guys "customers" over in redmond ...

      No, those are developers. Developers. Developers. Developers. Developers. Developers. Developers.

    2. Re:secret name of the honeymonkeys by Anonymous Coward · · Score: 5, Funny

      sigh...

      I like monkeys. The pet store was selling them for five cents a piece. I thought that odd since they were normally a couple thousand each. I decided not to look a gift horse in the mouth. I bought 200. I like monkeys.

      I took my 200 monkeys home. I have a big car. I let one drive. His name was Sigmund. He was retarded. In fact, none of them were really bright. They kept punching themselves in their genitals. I laughed. Then they punched my genitals. I stopped laughing.

      I herded them into my room. They didn't adapt very well to their new environment. They would screech, hurl themselves off of the couch at high speeds and slam into the wall. Although humorous at first, the spectacle lost its novelty halfway into its third hour.

      Two hours later I found out why all the monkeys were so inexpensive: they all died. No apparent reason. They all just sorta' dropped dead. Kinda' like when you buy a goldfish and it dies five hours later. Damn cheap monkeys.

      I didn't know what to do. There were 200 dead monkeys lying all over my room, on the bed, in the dresser, hanging from my bookcase. It looked like I had 200 throw rugs.

      I tried to flush one down the toilet. It didn't work. It got stuck. Then I had one dead, wet monkey and 199 dead, dry monkeys.

      I tried pretending that they were just stuffed animals. That worked for a while, that is until they began to decompose. It started to smell real bad.

      I had to pee but there was a dead monkey in the toilet and I didn't want to call the plumber. I was embarrassed.

      I tried to slow down the decomposition by freezing them. Unfortunately there was only enough room for two monkeys at a time so I had to change them every 30 seconds. I also had to eat all the food in the freezer so it didn't all go bad.

      I tried burning them. Little did I know my bed was flammable. I had to extinguish the fire.

      Then I had one dead, wet monkey in my toilet, two dead, frozen monkeys in my freezer, and 197 dead, charred monkeys in a pile on my bed. The odor wasn't improving.

      I became agitated at my inability to dispose of my monkeys and to use the bathroom. I severely beat one of my monkeys. I felt better.

      I tried throwing them way but the garbage man said that the city wasn't allowed to dispose of charred primates. I told him that I had a wet one. He couldn't take that one either. I didn't bother asking about the frozen ones.

      finally arrived at a solution. I gave them out as Christmas gifts. My friends didn't know quite what to say. They pretended that they like them but I could tell they were lying. Ingrates. So I punched them in the genitals.

      I like monkeys

    3. Re:secret name of the honeymonkeys by st1d · · Score: 5, Funny

      Nope, it's B.G.'s pet name for Steve Ballmer. I thought everybody knew that...

      --
      Microsoft has just released their much anticipated hands-free cordless mouse. Warning, it may hurt a little at first.
    4. Re:secret name of the honeymonkeys by mollymoo · · Score: 3, Funny
      Offtopic? Get a grip mods, it's about monkeys, which is half the topic. If you can't supply your own honey then use your left hand.

      Mod parent +5 funny!

      --
      Chernobyl 'not a wildlife haven' - BBC News
  2. Get ready for a ton of these by Anonymous Coward · · Score: 5, Funny

    *GENERIC JOKE ABOUT MONKEYS BEING IN CHARGE OF MS WINDOWS SECURITY*

    Just thought I'd head everyone off here...

    (lameness filter padding lameness filter padding lameness filter padding)

  3. Warning: This Operation Has Side Effects by Anonymous Coward · · Score: 5, Interesting

    In addition to getting info on new vulnerabilities, they'll probably also get loads of malware to add to the anti-spyware tool. This is a good thing.

  4. mmmmmm... honeymonkey by DaedalusLogic · · Score: 4, Funny

    Sounds delicious.

    But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.

    1. Re:mmmmmm... honeymonkey by Rorschach1 · · Score: 3, Funny

      Could this be a related species, perhaps?

  5. Good idea by X0563511 · · Score: 4, Interesting

    This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    1. Re:Good idea by harrkev · · Score: 5, Funny

      Sure. It sounds like a good idea -- until these boxes hit some warez and mp3 sites. Next thing you know, the BSA and MPAA are knocking on Microsoft's door. I wonder how many licenses for Windows and Office the BSA will force Microsoft to buy...

      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
    2. Re:Good idea by st1d · · Score: 5, Insightful
      This is a pretty good idea. If anything, it will help curb the script kiddies indesciminantly flinging exploits around. Unless you want that overflow you found to get patched, pick and choose your targets carefully.


      Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.
      --
      Microsoft has just released their much anticipated hands-free cordless mouse. Warning, it may hurt a little at first.
    3. Re:Good idea by Skye16 · · Score: 4, Funny

      So script kiddie-ism is the next stage in my evolution?

      ...

      God I'm depressed now.

  6. "bieng"? by Cheap+Imitation · · Score: 4, Funny

    It looks like the monkeys aren't only working on Shakespeare...

  7. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  8. I'm available... by kid_wonder · · Score: 4, Funny
    ...crawl the seedier side of the web.

    I like to call it, "break time"

    --

    "Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
  9. This group also did "ghostbuster" by nweaver · · Score: 5, Informative

    This group has done several impressive projects. Among them is the "Strider Ghostbuster" Rootkit Detector.

    This is part of the general Strider Project in Microsoft Research. They do very good work.

    --
    Test your net with Netalyzr
  10. Re:Hmm. by lcnxw · · Score: 5, Funny

    No, it is the start of Microsoft Newspeak. Longhorn will no longer say "Memory Page Fault" but instead "memfault." "Blue Screen" (bluescree) will lose its negative meaning and come to be a blessing from m.s. (Microsoft). Words like honeymonkey will eventually take on meanings like Ingsoc or doublethink, and there will be no more crashes, because it is no longer possible to concieve a crash.

    "he is a doubleplusgood honeyeymonkeyer."

    "Bluescree! Praise m.s.!"

    "MSCalc: 2+2=5!"

  11. I say by smittyoneeach · · Score: 4, Funny

    Put these honemonkeys on a network with a bunch of other computers running Firefox/greasemonkey, and let them fight it out.

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  12. So your saying... by denissmith · · Score: 4, Funny

    A roomful of monkeys wrote Windows XP? OK, I'll buy that.

    --
    I have nothing to hide. So, why are you spying on me?
  13. Re:Hmm. by Heliologue · · Score: 5, Funny

    Computers are supposed to crash. Computers have always crashed.

  14. this news is BIG by muszek · · Score: 5, Funny

    Pre-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 weeks later someone discovers it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years, 6 months and 2 weeks to patch most computers.
    Post-Monkey Era:
    -- someone exploits a vulnerability
    -- 2 days later monkeys report it
    -- half a year later M$ patches it
    -- three years later new version of Windows is released and finally the last 80% of users have patched systems.

    it took 3 years 6 months and 2 days to patch most computers.

    nice PR move though.

  15. how much thought went into this? by ChipMonk · · Score: 5, Insightful

    Two simple questions:

    1. Are these machines using non-Microsoft IP addresses for their 'net access?

    2. If not, how long until the worm authors take that into account?

  16. Re:Did the sun rise from the West? by winkydink · · Score: 3, Insightful

    Yeah, and everybody should hold hands around a campfire and sing Kum-bay-yah too, but the real world tends to be a little different.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  17. Re:Sounds stupid by LurkerXXX · · Score: 4, Insightful

    Maybe some of their non-critical patches actually fix an unknown exploitable hole. They might want to change the status of those fixes from optional to critical.

  18. The First Crash by nmb3000 · · Score: 4, Funny

    Here's the first crash

    I think they were computing pi.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  19. Honeymonkey Blacklist by kjfitz · · Score: 4, Informative

    Seems like the simple counter measure is a "blacklist" of the honeymonkey servers. Granted the IP addresses of these PCs should be secure but A LOT of info leaks / is stolen / is hacked / is accidentally exposed.

  20. Disappointing story by aslate · · Score: 4, Funny

    I thought this article was going to say "So they've hired an entire team of moneys to get them to write the next Windows". Infact it's just a load of machines doing nothing. I prefered my idea, much more chance of shit-fights between the moneys.

  21. Re:New job posting at Microsoft by Ithika · · Score: 5, Funny

    Do you have what it takes to hit the (honey)monkey?

    --
    the layman's guide to computer science
  22. It's a coverup by bman08 · · Score: 4, Funny

    Somebody at MS got caught surfing porn/warez and cooked up this 'honeymonkey' nonsense to cover his dirty buttocks.

  23. Nope by Mr.+Underbridge · · Score: 4, Funny
    I always assumed Skynet was based off of Windows XP.

    It takes a Terminator to defeat Skynet. It takes a script kiddie and a buffer overflow to defeat Windows.

  24. Re:Hmm sounds like a great idea by vistic · · Score: 3, Insightful

    More like queue the typical slashdot groupthink about how there's so much typical slashdot groupthink.

    In articles I tend to see just a small fraction of posts showing this supposed typical groupthink... and then a gigantic mass of posts from people who think they're observant and different and insightful for pointing out that it's going on.

  25. Re:A good idea by penix1 · · Score: 4, Insightful

    From TFA...

    ""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."

    Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.

    B.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.