The Security Mentor

People who find security flaws in Microsoft products have an unusual turn of mind. But they have a normal tendency away from evil. That's why so many problems get reported to Microsoft first, so that Microsoft has a chance to fix them.

But what if somebody unethical or desperate is the first to find a security problem? That person could use it to break into computers or sell it to spammers and spyware pushers. Then the attacks are out on the net, and no Microsoft patch or antivirus update can detect them.

Microsoft started a project to detect unknown attacks. They simply set a bunch of computers to follow links through the Web's seedier areas. When one of the computers catches something, Microsoft can autopsy it and learn to recognize the new attack.

The good news is that until last month they didn't find any web sites that could infect a fully patched XP system. Last month they caught the first attack that could slip by the defenses of a machine that's up to date on patches. Microsoft had the fix out by July 12.
UPDATE 8/12: It turns out that a company called "SEC Consult" had found the problem first, though Microsoft was the first to see bad guys actually using it.