Rupert Goodwins' Diary

Tuesday 9/8/2005

This monkey's gone to heaven. Thus sang the Pixies, so beloved of the aggressively fey the world over, eerily presaging the news today that millions of virtual monkeys have indeed gone to heaven over the past few months. Fortunately for animal rights activists, no primate real or synthesised was hurt — the silicon simians in question are honeymonkeys. This is shorthand for a cross between a Webcrawling robot — the monkey — and a system designed to be attractive to attackers, the honeypot.

The idea is that you send the honeymonkeys out to visit Web sites by the simple expedient of pointing a browser at the sites and seeing what happens. If the Web site contains scurrilous code, it will latch onto the monkey and infect it — but another process running on the honeymonkey's computer will spot the infection, take notes and vape the honeymonkey before spawning another pristine outside and in to take its place. All this works via virtual computers, which as you well know is the ability of one piece of hardware to pretend to be lots of different sorts of computer at once.

Now, using this technique researchers have discovered hundreds of unexpected exploits being enthusiastically deployed under the noses of the anti-malware mob. Because the honeymonkeys are virtual, the infection within them has no way of telling that it's running in an artificial environment and can put up no defence against being probed. One automated machine can probe thousands upon thousands of sites in a day, with absolutely no risk of infection.

But, er, chaps? Virtualisation is being added to just about every processor chip under the sun, so what's to stop this sort of technique becoming part of the basic immune system of every operating system? It's not a panacea — it does nothing for the problem of identifying legitimate updates about which the user may know nothing — but for a wide variety of attacks, it will be a pretty good prophylactic.