Inside Microsoft's Labs - InformationWeek
Software // Enterprise Applications
05:25 PM

Inside Microsoft's Labs

It's not every day that Microsoft Research opens up about technologies still in its labs. Here's a look at some things in the security pipeline, from a tool that helps find rootkits to a program that notifies of lost e-mails.

It's not every day that Microsoft Research opens up about technologies still in its labs. Microsoft's R&D arm was launched in 1991 with 20 researchers and has grown to 700 employees worldwide. Rich Draves, an area manager, shared with InformationWeek some of the most promising emerging security technologies on his team's workbench.

>> GhostBuster At its Redmond, Wash., lab, Microsoft Research is developing technology for finding rootkits by using their own deceptive behavior against them. Known as GhostBuster, it relies on analyzing and comparing system information at both a high level--from a Win32 API, for example--and a low level--such as the raw disk information. Any difference in the two views--for example, the low-level view indicating a file not present in the high-level view--makes a compelling case that a rootkit is trying to hide. GhostBuster is likely to be developed as a standalone security tool rather than included as a feature within Windows.

>> Shield Today, Microsoft relies heavily on software patching to improve security. Researcher Helen Wang is developing a software "shield" that would run on a firewall or a PC that would function as, essentially, a content filter that searches for and blocks any network traffic that would exploit a detected vulnerability. The shield wouldn't disrupt the operating system or other software running on the PC. "The shield is vulnerability-specific, not exploit-specific," Draves says. Tests have been promising; Draves says the shield would have protected Microsoft customers from 98% of the vulnerabilities found in its products over the past two years, including those targeted by the SQL Slammer worm and Windows Meta File exploits.

>> SureMail Microsoft researchers Sharad Agarwal and Venkat Padmanabhan determined that about 1% of all e-mails get lost in e-mail systems. SureMail is a proposed system in which the e-mail client detects when an e-mail has been sent to a recipient's account and alerts that recipient when an e-mail fails to make it to his or her in-box. SureMail would indicate the e-mail's sender but not disclose the missing message's contents.

>> Vigilante At its Cambridge lab in England, Microsoft Research is developing software code-named Vigilante for detecting and responding to worm attacks, in particular zero-day exploits for which there are no available fixes. When installed on a network honeypot that collects information about incoming traffic, Vigilante would study the flow of data for irregularities that indicate it's been tainted with malware and warn all PCs on the network.

>> XFI Developed in Microsoft's Silicon Valley research lab, XFI offers users a safe way to run an application downloaded from the Web, such as a codec needed to run a video clip or a device driver to connect a piece of hardware. XFI is an extension of control-flow integrity and software-fault isolation, and identifies a potentially malicious application when it tries to access memory outside the range it would normally need.

>> Anti-Phishing Security Microsoft Research has proposed a system in which a user's Web browser would identify passwords and other sensitive information when keyed into HTML forms on Web pages. When those passwords are in- put into a new site, that incident would be reported to a server. If the server detects an unusual number of logons to the new site, it could send out a signal that the site should be investigated for a phishing scam.

Return to the story:
The New Security Solutions

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll