In-depth exploration: Secrets of new technologies in Microsoft labs

First, let's take a look at Microsoft's R & D department, which was established by 20 researchers in 1991 and now has over 700 employees worldwide. The following are emerging security technologies with promising research by regional manager Rich draves.

　　GhostbusterMicrosoft Research Institute at Microsoft Raymond headquarters is developing a technology that uses rootkit behavior to search for rootkit. Microsoft calls this technology ghostbuster, which relies on analyzing and comparing system information in advanced (such as Win32 API) and low (such as raw disk information) States.

Once the results of these two States are found to be different, for example, to see files that do not exist in the advanced mode from the low-level mode, rootkit may be hidden in the system. Ghostbuster is likely to develop into an independent security tool instead of being integrated into windows.

　　ShieldToday, Microsoft relies heavily on software patches to improve security. Researchers Helen Wang is developing a software called "shield" that runs on a firewall or computer and can be used as a filter to search and block any network traffic to take advantage of system risks. SHIELD does not interrupt the normal operation of the operating system or other software running on the computer. Draves indicates that shield is targeted at risks rather than exploitation.

Test results are excited, draves said shield should be able to protect its customers from the 98% risks found in Microsoft products over the past two years, this includes SQL Slammer Worm and Windows metadata exploitation code.

　　SuremailMicrosoft researcher Sharad Agarwal and Venkat padmanabhan confirm that about 1% of emails in the email system will be lost. Suremail is a system proposed to solve this problem. The client of the email system checks when the email has been sent to the recipient's account and sends a notification to the recipient when the recipient has not received the email. Suremail can indicate the sender of the email, but does not disclose the specific content of the lost email.

　　VigilanteAt the Cambridge lab in the UK, Microsoft Research Institute is developing a software code-named vigilante to check worms and respond, especially to zero-day vulnerabilities that are not yet patched. It is installed on the honeypot (honeypot) that collects inbound information from the network. Vigilante will study whether the data stream is irregular. If so, it may have been infected by malware, therefore, warnings are issued to all computers on the network.

　　XfiDeveloped in Microsoft's research lab in Silicon Valley, it provides users with a way to securely run programs downloaded from the Internet, just as video clips require decoder or hardware drivers. Xfi is an extension of control flow integrity and software fault isolation, and can identify potential malicious programs when the program attempts to access memory space beyond its needs.

　　Anti-phishing SecurityMicrosoft Research Institute has proposed a system where users' Web browsers can identify passwords and other sensitive information entered into the web table. When these passwords are entered on other new sites, the event is reported to a server. If the server detects abnormal logon numbers for the new site, it sends a signal indicating that the site has a phishing risk.