Microsoft works to 'shield' users from worms

Microsoft showed off some forward-looking technologies during a research road show yesterday, which included new ways to protect...

Microsoft showed off some forward-looking technologies during a research road show yesterday, which included new ways to protect users from worms and to identify "web spam".

Other technologies demonstrated included a tool to add metadata to digital pictures to make them easier to find, technology to improve the use of large displays with Windows, and a system that can create summaries of news stories by scanning several stories on the same subject.

Microsoft Researcher Helen Wang detailed a proposed "shield technology" for protecting computers between the time a software vulnerability is disclosed and the time a patch is made available and applied. Microsoft's top executives have mentioned the technology in speeches, but the company so far had provided little detail.

A shield is an application-specific firewall that is updated with vulnerability-specific data, Wang said. It would protect computers against worm attacks by examining network traffic and taking action if malicious traffic is detected. Vulnerability signatures would be distributed much like antivirus signatures are today.

Users have been slow to patch their systems because updates need to be tested. "The shield is not disruptive, much easier to test for side effects and easily reversible," Wang said. "These features allow a shield to be automatically installed, unlike software patches."

While Wang said she has seen a lot of interest from Microsoft's product groups in the shield technology, she said there are no concrete product plans. Microsoft is working on Longhorn, the next version of its Windows client, as well as releases of SQL Server and Windows Server 2003. All could, potentially, benefit from shield technology.

Fighting spam is another priority at Microsoft. While most of the emphasis has been on spam in e-mail, Microsoft's researchers showed an application of statistical analysis to identify what Microsoft calls web spam.

"A spam web page is a page that exists only to misdirect traffic from a search engine," said Dennis Fetterly, a Microsoft technologist involved with the project. Many of the spam web pages try to sell users porn, software, or financial services, and aim for high rankings in search engines.

Web spam can be identified by looking at the tactics used by the owners of such websites to trick search engines. Microsoft is tracking how many domain names point to the same website, the length of domain names and the number of links to the same site on a web page, among other things.

By analysing the data, likely spam pages can be pinpointed and then excluded from a search engine or placed lower on a search results page.

The web spam page could be of use for Microsoft's MSN team, which is working to launch a new web search service later this year to compete with Google. Fetterly would not confirm if MSN plans to use the technology.

Microsoft Research was founded in 1991 and has a staff of more 700 people in five locations around the world. The group gets a small piece of Microsoft's multibillion-dollar research and development budget to invent new technologies that may, eventually, make it into Microsoft products.

Joris Evers writes for IDG News Service

Read more on IT risk management