Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Research Builds 'BrowserShield'

Posted by ryuzaki0 on from the security-you-can-trust-of-course dept.

SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."

20 of 226 comments (clear)

  1. Just what we need by TCM · · Score: 4, Funny

    More complexity on top of bloated and horribly obscure software. That'll help security, really.

    --
    Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
    1. Re:Just what we need by holdenholden · · Score: 5, Interesting
      I was ambivalent on this until I read the word "Intercept". So basically this new layer sits between the browser and the Intratubes and rewrites pages according to some predetermined criteria. Now there are two options: either they ship the signatures of new exploits to me (via an update) or the layer is on their side (like a proxy).

      In the first case: why not ship the actual updates? Otherwise, how would they guarantee that Grandma will update the signatures? Maybe they will need another layer between the new layer and the Tubes, so that the new new layer will rewrite the pages in case the old new layer is not updated. This is not very sensible...

      On the other hand, if they host the layer on their side, clearly I am not interested in sharing this information with MS. Either way, I don't see how it will work.

    2. Re:Just what we need by NovaX · · Score: 4, Interesting

      why not ship the actual updates?

      Sometimes, in the short term, fixing a bug is harder than making sure that it won't be exploited 95%+ of the time. This could be due to architecture/legacy issues, not having resource(s) who know that code base, or the fixer not knowing the code. By using signatures, you're seperating the person that writes the signature from knowing any of the code for the underlying product. Its probably much quicker since they don't have a steep learning curve, can rapidly generate signatures, and its both a cheaper and faster solution. That's not to say its good long term, but considering why IE is slow to fix bugs (MS had haulted development) this has the benefit of being independant and much easier to maintain.

      On implementation, Vista will have auto-updates on be default. From their work towards making Windows far more modular, they can probably now stop services, patch, and restart them seemlessly instead of requiring a reboot. If it was proxy based, any browser could use it and we'd likely see a Google proxy too, since the data would be quite valuable and power users would naively trust Google more than Microsoft.

      --

      "Open Source?" - Press any key to continue
  2. zero-day browser exploits by HateBreeder · · Score: 5, Insightful

    ... Will just get a new name: zero-day browser-sheild exploits.

    --
    Sigs are for the weak.
    1. Re:zero-day browser exploits by kripkenstein · · Score: 4, Informative

      Perhaps you joke, but it really isn't that clear whether this will work or not. TFA says

      The research group tested BrowserShield against eight IE patches released in 2005 and found that BrowserShield--when used in tandem with standard anti-virus and HTTP filtering--would have provided the same protection as the software patches in every case

      There were far more than 8 patches in 2005. How were these 8 selected? Were they of a specific type? Without such details, it's hard to form an opinion about this 'BrowserShield' thingie. For all we know, they selected the most convenient 8 to prove their point.

  3. I made a similar product once. by Anonymous Coward · · Score: 5, Insightful

    Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.

    Innovation at its finest I suppose.

  4. Solve the problem, don't patch it by mrjb · · Score: 4, Insightful

    How will this even help? Will the browser shield require signatures and/or heuristics like virus scanners, and thus get outdated? If manpower needs to be invested in this technology, wouldn't the same manpower be better invested in solving the problem, rather than patching it?

    --
    Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
  5. Hold on a second... by JeremyALogan · · Score: 5, Insightful

    ... so their answer to poorly written software that is security-hole ridden is to layer more software written by the same people on top of it? Wouldn't it be easier to just write good software in the first place then actually fix, in a timely manner, anything that crops up? I'm failing to see how more bloat is going to help.

    --
    Jeremy Logan's Website.
  6. Didn't this already exist? by Anonymous Coward · · Score: 5, Funny

    I think they're just branding the "Disable ActiveX" checkbox.

  7. It already exists, and it's called the Proxomitron by Traf-O-Data-Hater · · Score: 5, Informative

    Sounds like M$ has just "invented" a limited-functionality locked-in version of the marvellous Proxomitron. An application I truly wouldn't be without. Scrubs HTML nasties right out of the box, and also allows you to see a web page the way you want to see it. It runs with any browser, not just Internet Exploiter. And it's the right price, too.

  8. Showing the page anyway? by CosmeticLobotamy · · Score: 4, Interesting

    It goes without saying that I didn't read the article, but it sounds like they remove the bad stuff and then show the page anyway. Why? Why not just show a page that says, "These f***ing scumbags just tried to f*** up your computer. Quit going there, and punch them in the mouth if you meet them. In the mean time, find a less dangerous source of porn."

  9. That's not even the real danger... by babbling · · Score: 4, Interesting

    Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.

    What happens when you mix this with Digital Restrictions Management that goes down to the hardware level? What I'm getting at is, what if it's not malicious code that is being replaced by a "safe equivalent", but perhaps a controversial story on a news website, or an important email between governments?

    In the future, he who controls the computers controls the world. Digital Restrictions Management will one day give just a few computer companies control over every internet-connected computer in the world.

    Some people will respond to this with "ahh.. I'll just use a firewall". Those people do not realise that firewalls will contain DRM, too.

  10. Sounds like they've re-invented the sandbox. by giafly · · Score: 4, Insightful
    FTA: "We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user.
    "The essence of the sandbox model is that local code is trusted to have full access to vital system resources (such as the file system) while downloaded remote code (an applet) is not trusted and can access only the limited resources provided inside the sandbox" - Java Security Architecture
    --
    Reduce, reuse, cycle
  11. Great! by Yetihehe · · Score: 5, Funny

    Now I can download cracks and keygens for MS products without fear!

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  12. Bizarro! by zmollusc · · Score: 5, Insightful

    WTF? This is the kind of approach that would be used on someone else's propriatary legacy software, or on some piece of hardware to keep it working without altering the thing itself. What are m$ saying? 'Our browser code is such a POS that we don't know how it works anymore'? 'We lost the source code ages ago and we cannot be bothered doing the job right'? 'We have so much market share that we really don't give a crap anymore, pass the crack pipe and the stock options'?

    --
    They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
  13. Ahh much better now by l0ungeb0y · · Score: 5, Funny

    So instead of this dangerous page which will try to install malware we'll get a cleaned-up and safe version

    I'm sure glad MS is out to make the interweb a better place for everyone.

  14. This will be fun by houghi · · Score: 4, Funny

    for webpages made by Frontpage.

    --
    Don't fight for your country, if your country does not fight for you.
  15. well it's the Microsoft way by Pliep · · Score: 4, Insightful

    1. create product with security leaks
    2. receive complaints
    3. do not solve security leaks but instead, build a wall around them
    4. go to sleep and forget about 1.

  16. Wrong-Headed! by dacap · · Score: 4, Insightful

    *sigh* So they are STILL trying to put bandaids on their old, insecure, highly-patched (and therefore low quality) software rather than ditching insecure communications protocols and writing a simpler browser that is secure from the gound up.

    Yep - Microsoft is all in favor of security - so long as it maintains backward compatibility and they don't have to throw anything away.

    --
    English -- gotta love it! / The engineers refuse to refuse the rocket until the refuse is removed from the launch pad.
  17. Tryed with anti-virus software. And failed. by ThePhilips · · Score: 5, Interesting

    Well, I thought anti-virus software vendors already failed at similar effort. Every new virus out there first disables all known anti-virus software.

    It all boils down to question: how could you tell malicious content from good one??? You would have to resort to signatures. That wouldn't help against 0day exploits in no way, since on that day 0 most signatures are not yet updated.

    From the article it sounds more like standard corporate firewall functionality: "block all what looks like HTTP redirect, since that can IE exploit", "block all .exe attachments since that might be Outlook exploit", "block .wmf since that might be IE/Outlook exploit", etc. Nothing new.

    Malicious hackers typically embed scripts on Web sites and then use social engineering techniques to trick unsuspecting visitors into downloading Trojans, bots, spyware programs and other harmful forms of malware.

    With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

    Buhahaha! Very funny!! They at Redmond take Windows security very very seriously - they have put best PR people on it!!!

    Good luck at identifying that "harmful code," darling!

    P.S. And for that "rewrites HTML pages" bit be sure to have M$' lawyers ready. Few content providers would like idea that their pages may be rewritten by the software monopolist.

    P.P.S. Would M$ ever learn? How long they intend to have that "ActiveX" crap enabled in their browsers by default?? How many sacrifices they intended to make???

    P.P.P.S. On related news from Germany, my employer (about 150 desktops) 1.5 year ago has banned M$IE. Firefox and Opera must be used to access inter/intranets.

    --
    All hope abandon ye who enter here.