t's not every day that Microsoft Research opens up about technologies still in its labs. Microsoft's R&D arm was launched in 1991 with 20 researchers and has grown to 700 employees worldwide. Rich Draves, an area manager, shared with InformationWeek some of the most promising emerging security technologies on his team's workbench.

>> Ghostbuster At its Redmond, Wash., lab, Microsoft Research is developing technology for finding rootkits by using their own deceptive behavior against them. Known as Ghostbuster, it relies on analyzing and comparing system information at both a high level--from a Win32 API, for example--and a low level--such as the raw disk information. Any difference in the two views--for example, the low-level view indicating a file not present in the high-level view--makes a compelling case that a rootkit is trying to hide. Ghostbuster is likely to be developed as a standalone security tool rather than included as a feature within Windows.

>> Shield Today, Microsoft relies heavily on software patching to improve security. Researcher Helen Wang is developing a software "shield" that would run on a firewall or a PC that would function as, essentially, a content filter that searches for and blocks any network traffic that would exploit a detected vulnerability. The shield wouldn't disrupt the operating system or other software running on the PC. "The shield is vulnerability-specific, not exploit-specific," Draves says. Tests have been promising; Draves says the shield would have protected Microsoft customers from 98% of the vulnerabilities found in its products over the past two years, including those targeted by the SQL Slammer worm and Windows Meta File exploits. (continue at source)