Microsoft researchers target worms, buffer overruns

Microsoft on Wednesday showed new ways to protect systems against Internet worms, prevent hacker attacks and measure bandwidth availability networks.

Researchers at Microsoft have shown off some forward-looking technologies, including new ways to protect systems against Internet worms, prevent hacker attacks and measure available bandwidth on home networks.

At its fifth annual TechFest, Microsoft Research presented about 150 projects at the company's headquarters. The event was expected to attract about 6000 Microsoft employees. Its main purpose is to promote the exchange of ideas, or "tech transfers," between Microsoft Research and product teams at the software maker.

One of the technologies on display, dubbed Vigilante, proposes a detection and protection system for Internet worms. The system would consist of "honey pot" computers connected to the Internet that would serve as bait for the worms. Once an attack was detected, the computers would analyze the attack and create alerts that included details on how to protect against the new worm. The alerts then would be pushed out to other computers, which would automatically put up shields and filter traffic to block the worm, Microsoft researchers said.

Systems receiving the Vigilante alerts would not require any action from an administrator to protect against worms, said Manuel Costa, a researcher in Microsoft's Cambridge, England, lab. "We need a completely automatic system to detect attacks," he said.

Costa, who was demonstrating a prototype of Vigilante at TechFest, acknowledged that administrators may be apprehensive of automatic changes to their systems, but he said the filters will block only real attack messages. Automatic filters are needed to provide a quick response to worm outbreaks, he said. "Otherwise, it will be too late."

Another Microsoft Research project focused on security suggests monitoring system activity to prevent malicious code from executing. The system, called Control-Flow Integrity, would prevent malicious code being run on a computer by checking application activity and validating it. Unexpected activity would be blocked, according to Microsoft.

The system would prevent attacks that exploit buffer overflows by inserting malicious code, said Roy Levin, director of Microsoft Research Silicon Valley. However, one side effect of monitoring applications is a slower system. "You are getting a stronger guarantee, but in exchange for some performance," Levin said.

Vigilante and Control-Flow Integrity are research projects only, but the researchers said they are drawing interest from Microsoft product teams. However, there has been no commitment from any of the product groups to use the technologies.

The transfer inside Microsoft has happened for "Probegap," a Microsoft Research technology that lets users estimate the available bandwidth on, for example, a home network. Probegap is planned as part of the next Windows client release, code-named Longhorn, due in 2006, said Venkata Padmanabhan, a researcher at Microsoft.

Application developers can link to the Probegap API (application programming interface) to check available bandwidth before executing a request, Padmanabhan said. For example, Windows Media Player can alert a user that there is not enough available bandwidth to play a high-quality video and instead offer a lower-quality stream, he said.

At TechFest, Padmanabhan demonstrated how lack of bandwidth today can disrupt the use of Windows XP Media Center Edition, a premium version of Windows designed to be an entertainment hub for the home that can be connected to other PCs and TVs over a wireless or wired network.

"Today, you can start an additional (video) stream and disrupt existing streams," he said. Windows XP Media Center Edition can handle about three TV-quality streams over a wireless network before running out of bandwidth, he said.

The more than 700 people at Microsoft Research work on projects in more than 50 research areas, including speech recognition, user interface, programming tools and methodologies, operating systems and networking, graphics, natural language processing, machine learning and mathematical sciences.

More information on the research projects mentioned in this story is available on the Microsoft Research Web site.


Control-Flow Integrity:


Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joris Evers

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?