The idea of a honeypot is simple – you place a server on the network (usually in the DMZ) to entice the bad guys to attack your honeypot, while
ignoring your actual production boxes hidden safely behind additional layers of security. By distracting them with a baited system, they’ll focus their collective bad guy energy where it won’t interfere/damage/affect your production network. If you’re a security guru, they can also be
used to gather information about attackers and track their methods and strategies as they try to hack your systems.
Enter Microsoft.
Rather than placing a bait machine and waiting for someone to troll around and attack it, they created the Strider Honey Monkey Exploit
Detection System. The Honey Monkeys are a series of desktops, some patched and some intentionally vulnerable, that use an automated process to leisurely stroll around the internet – visiting sites that virus fearing mortals would fear to go. Powered by the Strider program, the machines are configured to watch for malicious activity such as changes to the system’s registry, to determine what web sites are spreading malware.
Why?
Think about it – Microsoft has the ability to see how their operating systems perform when users are surfing the internet, whether on questionable sites or on seemingly innocent web pages. The PCs emulate how humans navigate, so engineers can see which sites
propagate malware and then compare the damage to between patched systems versus unpatched, vulnerable machines. Doing so
allows Microsoft to determine how their protective mechanisms and configurations are holding up (or not holding up) to new attack
strategies. Gathering a wealth of data, Microsoft can also track the evolution of malware designs and counter them with proactive measures in their security updates and products. They can spend time doing what most security administrators are trying to do on their networks – “protect the environment from the users.”
They’ve already used information from the project, which was announced back in 2005, to implement improvements in their web browser
(Internet Explorer) for Windows 7. In addition to including a Phishing filter, which catalogs known phishing sites and warns users of potential social engineering, they’ve modified how the program handles malformed HTML pages to prevent the automatic running of malicious scripts.
The enhanced security of Windows 7 proves Microsoft is focusing on emerging threats and security protection – a smart move in today’s
cybercrime laden world. Though I disagree with some of the settings and changes which recently locked me out of my system “for my own protection”, the majority of people out on the internet aren’t nerdy women with a passion for security – they’re technology-ignorant wanna-be script kiddies following their human curiosity into unsafe web territories who will certainly benefit from the added lockdown.
This presents an interesting variation on the Turing test, in which a machine attempts to convince *another machine* that it is a human.