Microsoft Research Builds 'BrowserShield'

SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."

Re:Just what we need

[holdenholden]

I was ambivalent on this until I read the word "Intercept". So basically this new layer sits between the browser and the Intratubes and rewrites pages according to some predetermined criteria. Now there are two options: either they ship the signatures of new exploits to me (via an update) or the layer is on their side (like a proxy).

In the first case: why not ship the actual updates? Otherwise, how would they guarantee that Grandma will update the signatures? Maybe they will need another layer between the new layer and the Tubes, so that the new new layer will rewrite the pages in case the old new layer is not updated. This is not very sensible...

On the other hand, if they host the layer on their side, clearly I am not interested in sharing this information with MS. Either way, I don't see how it will work.

Tryed with anti-virus software. And failed.

[ThePhilips]

Well, I thought anti-virus software vendors already failed at similar effort. Every new virus out there first disables all known anti-virus software.

It all boils down to question: how could you tell malicious content from good one??? You would have to resort to signatures. That wouldn't help against 0day exploits in no way, since on that day 0 most signatures are not yet updated.

From the article it sounds more like standard corporate firewall functionality: "block all what looks like HTTP redirect, since that can IE exploit", "block all .exe attachments since that might be Outlook exploit", "block .wmf since that might be IE/Outlook exploit", etc. Nothing new.

Malicious hackers typically embed scripts on Web sites and then use social engineering techniques to trick unsuspecting visitors into downloading Trojans, bots, spyware programs and other harmful forms of malware.

With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

Buhahaha! Very funny!! They at Redmond take Windows security very very seriously - they have put best PR people on it!!!

Good luck at identifying that "harmful code," darling!

P.S. And for that "rewrites HTML pages" bit be sure to have M$' lawyers ready. Few content providers would like idea that their pages may be rewritten by the software monopolist.

P.P.S. Would M$ ever learn? How long they intend to have that "ActiveX" crap enabled in their browsers by default?? How many sacrifices they intended to make???

P.P.P.S. On related news from Germany, my employer (about 150 desktops) 1.5 year ago has banned M$IE. Firefox and Opera must be used to access inter/intranets.