Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Developments From Microsoft Research

Posted by Zonk on from the end-result-of-windows-money dept.

prostoalex writes "Information Week magazine runs a brief report from Microsoft Research, showcasing some of the new technologies the company's research division is working on. Among them — a rootkit that eliminates other rootkits, a firewall that blocks the traffic exploiting published vulnerabilities, a system for catching lost e-mail, a honeypot targeted at discovering zero-day exploits, and some anti-phishing applications."

12 of 206 comments (clear)

  1. rootkit wars by Toby+The+Economist · · Score: 5, Insightful

    > a rootkit that eliminates other rootkits

    Well, there goes kernel stability.

    I'm really not sure I want a future Norton RootKit Protector installing itself, bugs and all, into my kernel.

    1. Re:rootkit wars by Anonymous Coward · · Score: 5, Insightful

      Ok, no more BS. First of all, the project is called Strider Ghostbuster. Second it is not a rootkit itself. The way it works is it lists all the files on your computer running as a program on the suspect machine. Then you run it from a boot CD, just like Knoppix, and do the same thing. Then when see files listed on the scan from the CD that weren't on the other list, you know they are hiding themselves from the OS. This is a good idea because it doesn't require signature files of checksums of a known good state.

      Not everything from Microsoft is fucking stupid, but the comments that inevitably follow every single MS story on Slashdot are.

    2. Re:rootkit wars by Bjarke+Roune · · Score: 4, Insightful

      Why is this modded funny? One of the hardest kind of rootkits to detect is ones based on virtualization, and they indeed do run under the kernel, tricking the kernel to believe that the kernel is running on actual hardware when in fact it is running on virtual hardware generated by the rootkit. I do not know if there are any actual, malicious rootkits out there doing this, but they could do it, and it would be very hard to get rid of such a rootkit if it was done properly.

      --
      Bjarke Roune
  2. What the ... ? Lost email? by khasim · · Score: 5, Insightful
    SureMail Microsoft researchers Sharad Agarwal and Venkat Padmanabhan determined that about 1% of all e-mails get lost in e-mail systems. SureMail is a proposed system in which the e-mail client detects when an e-mail has been sent to a recipient's account and alerts that recipient when an e-mail fails to make it to his or her in-box. SureMail would indicate the e-mail's sender but not disclose the missing message's contents.

    How the fuck does email get "lost"? How could that happen? Even a server crash should not cause that.

    Why not, instead, spend the time and money finding the real problem in your email system and fixing that? I handle about 1,500 in-bound messages a day. By their calculations, I should be losing 15 or so, every day. Yet that does not seem to be happening.
    1. Re:What the ... ? Lost email? by martin-boundary · · Score: 4, Insightful
      Unlikely. SMTP is designed for reliability. When a server OKs a client DATA submission, it is supposed to accept to route the mail no matter what, even if it might take a week to contact another server. SMTP servers which have been around for a while are plenty reliable, certainly much more than 99%. The relevant RFCs have been around in one form or another for 20 years.

      The most likely causes of lost mail are stupid admins, who either don't know how to set up their mail spools, or run unreliable commercial or homebrew mail filters, in the wrong place and/or with the wrong settings.

  3. Because if you fix the problem, you've fixed it. by khasim · · Score: 2, Insightful
    Why not do both?

    If you fix the problem of "lost" emails, then why run a system to find alert people to email that is not lost any more?

    If your system is unreliable, adding complexity usually does not make it more reliable. You need to fix the problem at the lowest level possible.

    Since this is Microsoft, they're probably referring to Exchange/Outlook. Exchange is mostly database driven now. If you're losing messages in your database, having someone re-send them is NOT the approach you want to take.

    You have what is known as "database corruption" and that does NOT spontaneously solve itself. You have a serious problem.
  4. Re:Hacks by rucs_hack · · Score: 2, Insightful

    excellent, this will amount to a microsoft tutorial for hackers on how to deploy their stuff whilst simultaniously removing those from competing groups....

  5. The research department is ... by zoftie · · Score: 2, Insightful

    From what I know of the Microsoft research, is that it is patent fishing net so that in the future they can sell/control techologies. Basically covering future turf, so that they can control cash flows and maybe make some money on top of it selling the patents. Control in such way if fooling company developing their product would have some nice feature that will partly infringe on the patent. Then microsoft can hurt the company and tell it what to do. And tech is developed far enough to have an idea for patent, and then dropped. Sort of like slugs sliming up the IP territory.

    I might be wrong, its been a while.

  6. No Legitimate Purpose by Anonymous Coward · · Score: 5, Insightful
    a rootkit that eliminates other rootkits

    There appears to be no legitimate purpose to such research.

    1. A rootkit that eliminates other rootkits can probably also be eliminated, so this research does not really solve a problem.
    2. Rather than perfecting a rootkit, they should be working towards making a rootkit an impossibility in their OS.
    3. If you can write a rootkit, eliminating other rootkits does not appear to be that large of a challenge in the first place.
    4. If you want to eliminate a rootkit, reinstalling the OS seems like a better idea.
    5. There are countless illicit uses of such software.

    Are they developing this rootkit in an effort to develop new security for their OS? I don't get it.

  7. Don't call stop-gap measures research ... by YeeHaW_Jelte · · Score: 4, Insightful

    If this is microsoft innovation, it's not very innovative. All these 'technologies' are basically extra layers of software to fix the bugs in the first layers ... be it security (phishing stuff, adaptive firewalls, etc etc) or losing emails ... which should not happen anyway and we already have basically the same technique they're developing in the mail protocol, namely confirming a received email.

    --

    ---
    "The chances of a demonic possession spreading are remote -- relax."
  8. A rootkit to destroy other rootkits... by Opportunist · · Score: 4, Insightful

    Lemme get this straight. A company is working on a rootkit for their own OS. Now, it could be me, but if I didn't sleep through OS programming, as the maker of the OS I already have total control over everything in it (provided my user allows me to have it, which is pretty much a given with MS OSs). Why do I need a rootkit?

    Not to mention that Vista was trumped to be the most secure, un-hackable system ever. How do you install a rootkit on it? I thought it is impossible (spare your corrections, I know it is possible no matter what. I just want to get an answer from the guys that keep telling me it is impossible to rootkit Vista).

    So we're now at the "who gets deeper into the system" war. Because one thing is a given, 3 days after the MS rootkit to destroy other rootkits, the rootkit to destroy the MS rootkit is rolling out. Then it's a month 'til patchday and... you know the drill, we already live it.

    There is no technical solution to social problems. As long as people are dumb enough to click everything offered to them while they're running on admin or root privileges, those things will exist and they will work. Now, with Vista finally trying to run on low privileges, the social engineering part will become bigger to get the user to grant more privileges when necessary for the bug to survive, but since pretty much EVERY program will need those for installation, people will hand out those privileges like freebies, because it's customary that a new program needs them.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re:Norton Ghost or a "dd" solution via Linux by Zwaxy · · Score: 2, Insightful

    OK, so you've got a clean image saved somewhere. Now what?

    How do you detect whether you've been infected, when all you have is an image of an NTFS filesystem?

    And once you are infected, how do you clean up without losing all your user files?