Researchers at Microsoft have built a prototype framework called BrowserShield that "promises to allow IE to
intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages," according to eWeek. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content," says Helen Wang, the project's leader. You can read Microsoft Research's paper on Browser Shield
at the MSR web site (scroll down to Publications). The paper says BrowserShield's approach is "to rewrite HTML pages and any embedded scripts into safe equivalents before they are rendered by the browser. The safe equivalent pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities." The advantage of this approach over actually patching the vulnerabilities isn't immediately clear, though perhaps it would allow a faster response to threats.
Tags: browsershield, ie, internetexplorer, microsoft, security
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
Comments
2
Subscribe to commentsFabuloSep 5th 2006 2:01PM
"...based on known vulnerabilities"
1. Then you have to know about the threats in advance? How is it different from firewall/ids/filtering/antivirus already in place?
2. Who ever thought that any app (especially a web browser) should download random code from unknown parties and run it would be a good idea?
We definitely brought that one on ourselves. And Microsoft is double guilty for unleashing the evil ActiveX on us.
UsoSep 6th 2006 10:16AM
Why would anyone care to have a site "safely" re-rendered that contains malicious content? Why not just stay freakin' away from such sites?