Microsoft’s own anti-malware efforts have come to light. The timing is just right as malware attacks have been on the rise recently. Leading them, of course, is KeyRaider, the family of malware that harvested the Apple IDs of hundreds of thousands of jailbroken iDevice users.
StageFright comes up second, as it is the most dangerous malware discovered for Android. The discovery unearthed Android exploits that left close to a billion devices from the Froyo version up vulnerable to unprecedented unauthorized access. For now, here are 3 things you need to know about Project Sonar.
1. Job Postings
Ads for jobs within Microsoft revealed Microsoft's intention to build a malware detonation platform. The ads were found in the Microsoft Careers website and tech giant hinted at a VM-based (virtual machine) platform with a direct focus on malware. Project Sonar aims to extend current machine-based security features that Microsoft already has.
The listings reveal this much, “The Sonar team builds and operates a VM based malware detonation platform as a service. Our system spins up 10's of thousands of VMs a day to detect malware and protect customers. We're deployed in places like the Windows App Store and Exchange Online. We are taking the service to the next level to handle more customers and data at scale”
2. Watcher Analysis
At the moment Microsoft is keeping the lid on Project Sonar. The idea of a sandbox or detonation chamber is nothing new but what Microsoft will be doing with the collected information is still a mystery.
Mary Jo Foley, in an article on ZDNET, speculates that Microsoft may allow customers to run Sonar directly to analyze their own systems. On the other hand, it is also possible that the company itself could run Sonar and let customers analyze the data afterwards themselves.
3. Project Sonar Today
In the Ignite conference last May, Microsoft showed a sandbox that has a role in Microsoft’s Exchange Online service. It definitely seems like it is a component of the Exchange Online Advanced Threat Protection (ATP) service. ATP uses a sandbox that runs on Azure VMs to thwart malware.
The VMs also learn techniques that "attempt to figure out whether the (message) content is malicious or not," according to Windows IT Pro’s Tony Redmond. Additionally, Azure CTO Mark Russinovich shared a slide in an RSA 2015 presentation which read, "Microsoft's operating system group runs an IE zero-day sandbox detection detonation chamber.”
Lastly, how Cosmos figures in is also a curiosity. Microsoft uses Cosmos to “to process telemetry data; to perform analysis and reporting on large datasets, such as those created via Bing and Office 365; and to curate and perform back-end processing on many kinds of data.” Right now it is only used internally but will be external-facing in the future to complement HDInsight or the Hadoop-on-Azure service.
Cool Ad Here