Inside Microsoft's Labs - InformationWeek
Software // Enterprise Applications
05:25 PM

Inside Microsoft's Labs

It's not every day that Microsoft Research opens up about technologies still in its labs. Here's a look at some things in the security pipeline, from a tool that helps find rootkits to a program that notifies of lost e-mails.

It's not every day that Microsoft Research opens up about technologies still in its labs. Microsoft's R&D arm was launched in 1991 with 20 researchers and has grown to 700 employees worldwide. Rich Draves, an area manager, shared with InformationWeek some of the most promising emerging security technologies on his team's workbench.

>> GhostBuster At its Redmond, Wash., lab, Microsoft Research is developing technology for finding rootkits by using their own deceptive behavior against them. Known as GhostBuster, it relies on analyzing and comparing system information at both a high level--from a Win32 API, for example--and a low level--such as the raw disk information. Any difference in the two views--for example, the low-level view indicating a file not present in the high-level view--makes a compelling case that a rootkit is trying to hide. GhostBuster is likely to be developed as a standalone security tool rather than included as a feature within Windows.

>> Shield Today, Microsoft relies heavily on software patching to improve security. Researcher Helen Wang is developing a software "shield" that would run on a firewall or a PC that would function as, essentially, a content filter that searches for and blocks any network traffic that would exploit a detected vulnerability. The shield wouldn't disrupt the operating system or other software running on the PC. "The shield is vulnerability-specific, not exploit-specific," Draves says. Tests have been promising; Draves says the shield would have protected Microsoft customers from 98% of the vulnerabilities found in its products over the past two years, including those targeted by the SQL Slammer worm and Windows Meta File exploits.

>> SureMail Microsoft researchers Sharad Agarwal and Venkat Padmanabhan determined that about 1% of all e-mails get lost in e-mail systems. SureMail is a proposed system in which the e-mail client detects when an e-mail has been sent to a recipient's account and alerts that recipient when an e-mail fails to make it to his or her in-box. SureMail would indicate the e-mail's sender but not disclose the missing message's contents.

>> Vigilante At its Cambridge lab in England, Microsoft Research is developing software code-named Vigilante for detecting and responding to worm attacks, in particular zero-day exploits for which there are no available fixes. When installed on a network honeypot that collects information about incoming traffic, Vigilante would study the flow of data for irregularities that indicate it's been tainted with malware and warn all PCs on the network.

>> XFI Developed in Microsoft's Silicon Valley research lab, XFI offers users a safe way to run an application downloaded from the Web, such as a codec needed to run a video clip or a device driver to connect a piece of hardware. XFI is an extension of control-flow integrity and software-fault isolation, and identifies a potentially malicious application when it tries to access memory outside the range it would normally need.

>> Anti-Phishing Security Microsoft Research has proposed a system in which a user's Web browser would identify passwords and other sensitive information when keyed into HTML forms on Web pages. When those passwords are in- put into a new site, that incident would be reported to a server. If the server detects an unusual number of logons to the new site, it could send out a signal that the site should be investigated for a phishing scam.

Return to the story:
The New Security Solutions

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll