Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Developments From Microsoft Research

Posted by Zonk on from the end-result-of-windows-money dept.

prostoalex writes "Information Week magazine runs a brief report from Microsoft Research, showcasing some of the new technologies the company's research division is working on. Among them — a rootkit that eliminates other rootkits, a firewall that blocks the traffic exploiting published vulnerabilities, a system for catching lost e-mail, a honeypot targeted at discovering zero-day exploits, and some anti-phishing applications."

4 of 206 comments (clear)

  1. rootkit wars by Toby+The+Economist · · Score: 5, Insightful

    > a rootkit that eliminates other rootkits

    Well, there goes kernel stability.

    I'm really not sure I want a future Norton RootKit Protector installing itself, bugs and all, into my kernel.

    1. Re:rootkit wars by Anonymous Coward · · Score: 5, Insightful

      Ok, no more BS. First of all, the project is called Strider Ghostbuster. Second it is not a rootkit itself. The way it works is it lists all the files on your computer running as a program on the suspect machine. Then you run it from a boot CD, just like Knoppix, and do the same thing. Then when see files listed on the scan from the CD that weren't on the other list, you know they are hiding themselves from the OS. This is a good idea because it doesn't require signature files of checksums of a known good state.

      Not everything from Microsoft is fucking stupid, but the comments that inevitably follow every single MS story on Slashdot are.

  2. What the ... ? Lost email? by khasim · · Score: 5, Insightful
    SureMail Microsoft researchers Sharad Agarwal and Venkat Padmanabhan determined that about 1% of all e-mails get lost in e-mail systems. SureMail is a proposed system in which the e-mail client detects when an e-mail has been sent to a recipient's account and alerts that recipient when an e-mail fails to make it to his or her in-box. SureMail would indicate the e-mail's sender but not disclose the missing message's contents.

    How the fuck does email get "lost"? How could that happen? Even a server crash should not cause that.

    Why not, instead, spend the time and money finding the real problem in your email system and fixing that? I handle about 1,500 in-bound messages a day. By their calculations, I should be losing 15 or so, every day. Yet that does not seem to be happening.
  3. No Legitimate Purpose by Anonymous Coward · · Score: 5, Insightful
    a rootkit that eliminates other rootkits

    There appears to be no legitimate purpose to such research.

    1. A rootkit that eliminates other rootkits can probably also be eliminated, so this research does not really solve a problem.
    2. Rather than perfecting a rootkit, they should be working towards making a rootkit an impossibility in their OS.
    3. If you can write a rootkit, eliminating other rootkits does not appear to be that large of a challenge in the first place.
    4. If you want to eliminate a rootkit, reinstalling the OS seems like a better idea.
    5. There are countless illicit uses of such software.

    Are they developing this rootkit in an effort to develop new security for their OS? I don't get it.