Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Research Builds 'BrowserShield'

Posted by ryuzaki0 on from the security-you-can-trust-of-course dept.

SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."

2 of 226 comments (clear)

  1. It already exists, and it's called the Proxomitron by Traf-O-Data-Hater · · Score: 5, Informative

    Sounds like M$ has just "invented" a limited-functionality locked-in version of the marvellous Proxomitron. An application I truly wouldn't be without. Scrubs HTML nasties right out of the box, and also allows you to see a web page the way you want to see it. It runs with any browser, not just Internet Exploiter. And it's the right price, too.

  2. Re:zero-day browser exploits by kripkenstein · · Score: 4, Informative

    Perhaps you joke, but it really isn't that clear whether this will work or not. TFA says

    The research group tested BrowserShield against eight IE patches released in 2005 and found that BrowserShield--when used in tandem with standard anti-virus and HTTP filtering--would have provided the same protection as the software patches in every case

    There were far more than 8 patches in 2005. How were these 8 selected? Were they of a specific type? Without such details, it's hard to form an opinion about this 'BrowserShield' thingie. For all we know, they selected the most convenient 8 to prove their point.