Slashdot Mirror
Microsoft Research Builds 'BrowserShield'
SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."
More complexity on top of bloated and horribly obscure software. That'll help security, really.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
... Will just get a new name: zero-day browser-sheild exploits.
Sigs are for the weak.
Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.
Innovation at its finest I suppose.
How will this even help? Will the browser shield require signatures and/or heuristics like virus scanners, and thus get outdated? If manpower needs to be invested in this technology, wouldn't the same manpower be better invested in solving the problem, rather than patching it?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
... so their answer to poorly written software that is security-hole ridden is to layer more software written by the same people on top of it? Wouldn't it be easier to just write good software in the first place then actually fix, in a timely manner, anything that crops up? I'm failing to see how more bloat is going to help.
Jeremy Logan's Website.
I think they're just branding the "Disable ActiveX" checkbox.
This just gets on my nerves. They must of spent ages planning and coding this not to mention funding.. Why the hell didn't thy put these resources into IE7 instead? Screw this "We'll protect you from the exploits", make it to the exploits are oh.. I don't know.. FIXED
I like muppets.
Sounds like M$ has just "invented" a limited-functionality locked-in version of the marvellous Proxomitron. An application I truly wouldn't be without. Scrubs HTML nasties right out of the box, and also allows you to see a web page the way you want to see it. It runs with any browser, not just Internet Exploiter. And it's the right price, too.
It goes without saying that I didn't read the article, but it sounds like they remove the bad stuff and then show the page anyway. Why? Why not just show a page that says, "These f***ing scumbags just tried to f*** up your computer. Quit going there, and punch them in the mouth if you meet them. In the mean time, find a less dangerous source of porn."
Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.
What happens when you mix this with Digital Restrictions Management that goes down to the hardware level? What I'm getting at is, what if it's not malicious code that is being replaced by a "safe equivalent", but perhaps a controversial story on a news website, or an important email between governments?
In the future, he who controls the computers controls the world. Digital Restrictions Management will one day give just a few computer companies control over every internet-connected computer in the world.
Some people will respond to this with "ahh.. I'll just use a firewall". Those people do not realise that firewalls will contain DRM, too.
Reduce, reuse, cycle
Now I can download cracks and keygens for MS products without fear!
Extreme Programming - Redundant Array of Inexpensive Developers
There goes MS again. Let me guess: it will show a big ass shiny shield with a really cool animated graphic and ask "Are you sure you want to execute this malicious code?" and when the user clicks the Ok button it will ask once more just to be sure.
Personally I'm very affraid about MS sniffing my code. Experience shows that it will let tons of lines of malicious code pass, while locking down many good codes out there.
When those people will learn to stop trying to do magic tricks and be serious? A solution to browser flaws already exists and it's not magical at all, but technical: it's called "patch".
Er Galvão Abbott - IT Consultant and Developer
I searched a bit. There's a better article here. From that artcle:
Also there is a pdf of a paper they have written
.From the abstract of that (I haven't read the whole thing):
So it looks like what this does is execute scripts that generate HTML and then check the HTML for known vunerabilities.
ccalam - acoustic versions of new songs.
WTF? This is the kind of approach that would be used on someone else's propriatary legacy software, or on some piece of hardware to keep it working without altering the thing itself. What are m$ saying? 'Our browser code is such a POS that we don't know how it works anymore'? 'We lost the source code ages ago and we cannot be bothered doing the job right'? 'We have so much market share that we really don't give a crap anymore, pass the crack pipe and the stock options'?
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
UNSAFE HTML: REPLACE WITH:
k s">I am a Communist. Please mail me if you love Osama bin Laden --- I certainly do!</a>
<a href="*.apple.com*"*>*</a> <a href="mailto:/webmaster?Subject=Your%20Site%20Suc
<body*>*Linux*</body> <body>This page cannot be displayed due to faulty programming in the server's OS.</body>
<embed src="*.[^w][^m][^av]"*></embed> <b><u><i><blink>This page contains content created using a pirated version of Windows Media Player. Contact the police.</blink></i></u></b>
So instead of this dangerous page which will try to install malware we'll get a cleaned-up and safe version
I'm sure glad MS is out to make the interweb a better place for everyone.
This sort of thing is already in anti-virus software. I use Avast! (free edition) and it has a "Web Shield" module (sounds a look like "Browser Shield", doesn't it?) that transparently proxies web traffic. When it finds anything nasty it pops up dialog box asking you if you want to download/access it anyway or "abort connection".
While this is all well and fine, would it be too much for Microsoft to just patch their bugs?
It's not exactly rocket surgery.
It's a Reliant Robin, dammit. The model is a Robin, made by Reliant.
Ydco co
for webpages made by Frontpage.
Don't fight for your country, if your country does not fight for you.
Do note, this is from Microsoft Research and not a core developement team working on the browser. There will always be bugs in software, just like virus can exist on any OS (though some may have more than others). MSR has been renowned for coming up with interesting solutions for interesting problems. I mean Firefox, Opera, Safari, and any other browser out there has been hit with exploits before. I mean every update of Firefox I download has multiple security updates. I'm not saying a perfect browser can't exist, but the road to get there requires both time and effort, espeically while trying to add new features to keep up to date to be able to compete with other browsers.
Just like how AV software isn't the solution to viruses, it's done quite well in protecting many systems. I personally don't understand exactly how this browsershield works, but from what I can grasp, it seems to be an additional check before loading the page into the browser and removing any malicious code. How it detects the malicious code is not clear, but having seen interesting research come out of MSR, I have my faith in these guys to have come up with an interesting solution.
HD Trailers
1. create product with security leaks
2. receive complaints
3. do not solve security leaks but instead, build a wall around them
4. go to sleep and forget about 1.
*sigh* So they are STILL trying to put bandaids on their old, insecure, highly-patched (and therefore low quality) software rather than ditching insecure communications protocols and writing a simpler browser that is secure from the gound up.
Yep - Microsoft is all in favor of security - so long as it maintains backward compatibility and they don't have to throw anything away.
English -- gotta love it! / The engineers refuse to refuse the rocket until the refuse is removed from the launch pad.
I know we all love to hate MS but this is a good idea.
First off, I have seen first hand some of MSResearch fairs and they is a lot of great stuff coming out of them. Anything that comes out of those labs is worth at least some thought before you dismiss it.
That aside, stripping nasties using a simple system before they reach a more complex system isn't really a bad idea. All of our mail servers have some sort of filter that does this (granted, more for dumb users). IIS 5 did this using a tool that was later built into IIS 6. Hell, firewalls aren't a much different idea. Most of us already run some sort of proxy software to block popups, scripts, or ads. All MS is proposing here is the equivalent of proximity or similar proxy software.
Do we just hate this idea b/c MS is doing it?
Well, I thought anti-virus software vendors already failed at similar effort. Every new virus out there first disables all known anti-virus software.
It all boils down to question: how could you tell malicious content from good one??? You would have to resort to signatures. That wouldn't help against 0day exploits in no way, since on that day 0 most signatures are not yet updated.
From the article it sounds more like standard corporate firewall functionality: "block all what looks like HTTP redirect, since that can IE exploit", "block all .exe attachments since that might be Outlook exploit", "block .wmf since that might be IE/Outlook exploit", etc. Nothing new.
Buhahaha! Very funny!! They at Redmond take Windows security very very seriously - they have put best PR people on it!!!
Good luck at identifying that "harmful code," darling!
P.S. And for that "rewrites HTML pages" bit be sure to have M$' lawyers ready. Few content providers would like idea that their pages may be rewritten by the software monopolist.
P.P.S. Would M$ ever learn? How long they intend to have that "ActiveX" crap enabled in their browsers by default?? How many sacrifices they intended to make???
P.P.P.S. On related news from Germany, my employer (about 150 desktops) 1.5 year ago has banned M$IE. Firefox and Opera must be used to access inter/intranets.
All hope abandon ye who enter here.
No, hold on, not a MS-bashing comment, please read on.
It's not that MS is "inapt" or that they can't get their act together, it's simply that computers are computers, people are people and the mix of those is by its very nature unreliable and insecure. No matter how good you make it, there will always be tiny cracks in the security, be it for technical shortcomings or flaws in human nature that can be manipulated by social engineering.
Now, MS is the biggest manufacturer of operating systems. This shield will, invariably, also be present on every PC running their OS. So the first thing you have to defeat, as the attacker, is this shield. Can't get past it, don't bother continuing trying to defeat other security software that may or may not be present. This shield WILL be present!
So every attacker out there WILL have to come up with a cracking scheme. No matter what the cost, no matter how long it takes. It HAS to be cracked.
Thus security from MS cannot be relied on. Not because it is insecure in any way. But because every piece of malware HAS to come with some procedure to circumvent MS security. It will invariably have countermeasures in its arsenal.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.