Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
The MSR Strider Project
The Strider Family of Projects
Last Updated: January 20, 2010 (Minor update: 11/19/2015)

  • Cybersecurity
    • Strider Gatekeeper Spyware Management
      • Proposed a characterization of spyware based on the concept of Auto-Start Extensibility Points (ASEPs) (see Nov. 2004 LISA paper)
      • This project helped jumpstart Microsoft anti-spyware product effort and the ASEP concept influenced the actual product.

    • Strider GhostBuster Rootkit Detection
      • Proposed a cross-view diff-based approach to rootkit detection (see June 2005 DSN paper & Dec. 2005 LISA paper)
      • Read Bruce Schneier's comments
      • This project helped jumpstart Microsoft anti-rootkit product effort. The GhostBuster tool was deployed on 200,000+ internal machines.

    • Strider HoneyMonkey Malicious Website Detection
      • Proposed a black-box, state-change-based, signature-free approach to detecting malicious websites that exploit known and zero-day browser vulnerabilities (see Feb. 2006 NDSS paper)
      • Read Bill Cheswick's comments
      • Industry's first scalable, automated, virtual machine-based client-side honeypot, which is capable of detecting malicious websites attempting to exploit unknown (also called �zero-day�) browser vulnerabilities. The HoneyMonkey system is used by the Microsoft Windows group as a primary method for catching zero-day exploits so that those vulnerabilities can be quickly patched to protect web users. Also the first to demonstrate that search engines could become a major infection vector. With broad coverage from technical press of our findings, all major search engines are now using HoneyMonkey-like technologies to screen their search results and the safety of using search engines has been significantly improved.

    • Strider Typo-Patrol Cybersquatter Analysis
      • Proposed a traffic redirection-based analysis for detecting large-scale, systematic domain cybersquatters (see July 2006 SRUTI paper)
      • Read the WashingtonPost article by Leslie Walker and Brian Krebs
      • The tool was released here and has been used by many trademark domain owners to identify cybersquatters.
      • The first to shed light on the cybersquatters� practice in serving adult ads harmful to minors on typo-squatting domains of children�s websites. By using traffic correlation analysis to expose those major domain-parking companies who were profiting from typo-squatting, by using interviews with the WashingtonPost and other technical press to create public pressure on those companies, and by releasing the URL Tracer tool to enable brand-name owners to patrol their own typo-domains, we helped eradicate the questionable practice and make the Web safer.

    • Strider Search Ranger Search-Spam Detection
      • Proposed a �Follow the Money� approach to detecting large-scale search spammers who are corrupting the Web with junk content and websites in order to promote their links to spam content into top search results (see Feb 2007 NDSS paper, May 2007 WWW paper, and June 2007 ICAC paper)
      • Read John Markoff's article on the New York Times
      • The first to use redirection analysis to illuminate the dark side of search engine optimization, also known as search spamming. In 2006, all major search engines were attacked by web spammers who started using dynamic redirection techniques to defeat the conventional anti-spam techniques based solely on static analysis of links and page content. The search quality of queries with commercial intent was degrading to the point of being almost unusable. We were the first to analyze the business structure of the search-spam industry and discover that it was shaped like a �double-funnel� and so the most effective way of disrupting that industry was to attack the bottleneck of the funnel. He transferred his redirection-based spam-detection technique to Microsoft�s search engine and demonstrated a 30% redirection in overall spam � by far the single most effective technique in spam reduction. He used an interview with the New York Times to educate search users and the industry and to put pressure on those legitimate Internet Service Providers and advertising syndicators who were helping the spammers hide their tracks. This work contributed significantly to keeping search results clean and making web use more productive.

  • Systems Management
    • Strider Troubleshooter

    • Flight Data Recorder (FDR)
      • Highly efficient and highly compressed always-on tracing of persistent-state accesses for configuration monitoring (see 2006 OSDI paper and 2006 LISA paper)
      • FDR is now deployed on 1,000+ Microsoft production servers and 500+ desktop machines.

    • Patch Impact Analyzer
      • Intersecting always-on persistent-state access trace with patch manifest to predict potential stability impact due to patch installation (see May 2004 ICAC paper)
      • This tool was shipped as part of Windows Vista Application Compatibility Toolkit (ACT).

    • Strider Security Tracer
      • A black-box tracing technique that identifies the causes for least privilege incompatibilities (i.e., application dependencies on Admin privileges) (see Feb. 2005 NDSS paper)
      • This tool was shipped as part of Windows Vista Application Compatibility Toolkit (ACT).

  • Strider Foundation

Project Members





Contact Us Terms of Use Trademarks Privacy Statement ©2010 Microsoft Corporation. All rights reserved.Microsoft