Microsoft unleashes Strider HoneyMonkey on Web malcontents

I poked a few fun fingers at Vista. Sure, I did. After all, I’m a pundit, and making obvious jokes at the expense of large corporate marketing departments is my job. But apparently, Microsoft is inured to name-blame jabs because just a few weeks after announcing that its new OS would be named after a line from White Men Can’t Jump, the company actually used e-mail to ensure my full awareness of the name for its new anti-malware research project: The Strider HoneyMonkey  project.

Now there are several possible explanations for this name. One: copious amounts of tequila and foreign tobacco-style substances. Two: a random-name generator built using Windows coding practices. Three: Redmond simply got tired of the name jabs and decided to send a message that it doesn’t care anymore. Or four: You can simply read Microsoft’s technical report on the project, available here as a PDF, and find out that the name does make sense as long as you’re thinking strictly along component lines.

But while the name is amusing with enough beer, the project is fairly ambitious. The idea is to put together an Automated Web Patrol, which will make use of multiple Windows XP machines with varying degrees of patchability, to build an organized and streamlined process for locating zero-day Web vulnerabilities and exploits. This team of hapless Internet kamikazes simply trolls the fringes of the Web looking for exploit sites face-first.

Each member is built as a virtual machine, presumably for quick recovery after being compromised. They run a series of monkey programs to hunt for exploits and record all activity they encounter on the malware frontier. Microsoft then uses this data to direct teenage ninja assassins-in-training at the evildoers rather than, say, making changes to its code base.

But Microsoft isn’t stopping there in its attack on Web malcontents.

Ask a Microsoftee to spout on this topic today and you’ll get a quick lecture on the benefits of Internet Explorer 7. Microsoft has actually put a little thought into browser security for this version, and the results are attractive. Mostly.

For one, IE7 now appends the original domain name to any Web script and also curtails the script’s ability so it can touch only its own domain. This should stomp hard on jokers trying to run nasty cross-domain scripts commonly used in phishing attacks.

You’ve also got the Microsoft Phishing Filter, which is similar in construction to its Outlook-based spam filter. Opt in, and every time your system encounters a new phishing site that Redmond hasn’t yet marked for death, it’s added to a database that Microsoft will regularly release as an IE upgrade. If you do encounter a site in the phishingbase, IE will warn you of its sinister tendencies before you get a chance to bite the hook.

On a geekier level, IE7 now processes Web addresses using a single data handler, which will make it much more difficult for malformed HTML links to con the browser into running baddie scripts or other malware.