Saturday, August 13, 2005

Good news on the security front

New Microsoft security system scours Web

AUGUST 10, 2005 (TECHWORLD.COM) - Microsoft Corp. has taken the wraps off a new security program that uses automated "HoneyMonkeys" to patrol the Web, seeking out sites that automatically install malicious code on Windows XP systems.

In its first month, the Strider HoneyMonkey research project located 752 Web addresses linking to 287 sites that could automatically infect unpatched machines, Microsoft said. The project also discovered an attack that could penetrate a fully up-to-date Windows XP Service Pack 2 system using a previously unknown vulnerability.

Microsoft first discussed the HoneyMonkey program in May and last week published a research paper discussing the details.

The project is relatively limited in scope; It only looks for code that can be installed with no user interaction, leaving out the more sophisticated and increasingly successful attacks relying on social engineering -- attacks such as phishing.

This could be part of the answer. Well done Microsoft.

No comments: