Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Research Builds 'BrowserShield'

Posted by ryuzaki0 on from the security-you-can-trust-of-course dept.

SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."

10 of 226 comments (clear)

  1. zero-day browser exploits by HateBreeder · · Score: 5, Insightful

    ... Will just get a new name: zero-day browser-sheild exploits.

    --
    Sigs are for the weak.
  2. I made a similar product once. by Anonymous Coward · · Score: 5, Insightful

    Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.

    Innovation at its finest I suppose.

  3. Hold on a second... by JeremyALogan · · Score: 5, Insightful

    ... so their answer to poorly written software that is security-hole ridden is to layer more software written by the same people on top of it? Wouldn't it be easier to just write good software in the first place then actually fix, in a timely manner, anything that crops up? I'm failing to see how more bloat is going to help.

    --
    Jeremy Logan's Website.
  4. Didn't this already exist? by Anonymous Coward · · Score: 5, Funny

    I think they're just branding the "Disable ActiveX" checkbox.

  5. Re:Just what we need by holdenholden · · Score: 5, Interesting
    I was ambivalent on this until I read the word "Intercept". So basically this new layer sits between the browser and the Intratubes and rewrites pages according to some predetermined criteria. Now there are two options: either they ship the signatures of new exploits to me (via an update) or the layer is on their side (like a proxy).

    In the first case: why not ship the actual updates? Otherwise, how would they guarantee that Grandma will update the signatures? Maybe they will need another layer between the new layer and the Tubes, so that the new new layer will rewrite the pages in case the old new layer is not updated. This is not very sensible...

    On the other hand, if they host the layer on their side, clearly I am not interested in sharing this information with MS. Either way, I don't see how it will work.

  6. It already exists, and it's called the Proxomitron by Traf-O-Data-Hater · · Score: 5, Informative

    Sounds like M$ has just "invented" a limited-functionality locked-in version of the marvellous Proxomitron. An application I truly wouldn't be without. Scrubs HTML nasties right out of the box, and also allows you to see a web page the way you want to see it. It runs with any browser, not just Internet Exploiter. And it's the right price, too.

  7. Great! by Yetihehe · · Score: 5, Funny

    Now I can download cracks and keygens for MS products without fear!

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  8. Bizarro! by zmollusc · · Score: 5, Insightful

    WTF? This is the kind of approach that would be used on someone else's propriatary legacy software, or on some piece of hardware to keep it working without altering the thing itself. What are m$ saying? 'Our browser code is such a POS that we don't know how it works anymore'? 'We lost the source code ages ago and we cannot be bothered doing the job right'? 'We have so much market share that we really don't give a crap anymore, pass the crack pipe and the stock options'?

    --
    They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
  9. Ahh much better now by l0ungeb0y · · Score: 5, Funny

    So instead of this dangerous page which will try to install malware we'll get a cleaned-up and safe version

    I'm sure glad MS is out to make the interweb a better place for everyone.

  10. Tryed with anti-virus software. And failed. by ThePhilips · · Score: 5, Interesting

    Well, I thought anti-virus software vendors already failed at similar effort. Every new virus out there first disables all known anti-virus software.

    It all boils down to question: how could you tell malicious content from good one??? You would have to resort to signatures. That wouldn't help against 0day exploits in no way, since on that day 0 most signatures are not yet updated.

    From the article it sounds more like standard corporate firewall functionality: "block all what looks like HTTP redirect, since that can IE exploit", "block all .exe attachments since that might be Outlook exploit", "block .wmf since that might be IE/Outlook exploit", etc. Nothing new.

    Malicious hackers typically embed scripts on Web sites and then use social engineering techniques to trick unsuspecting visitors into downloading Trojans, bots, spyware programs and other harmful forms of malware.

    With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

    Buhahaha! Very funny!! They at Redmond take Windows security very very seriously - they have put best PR people on it!!!

    Good luck at identifying that "harmful code," darling!

    P.S. And for that "rewrites HTML pages" bit be sure to have M$' lawyers ready. Few content providers would like idea that their pages may be rewritten by the software monopolist.

    P.P.S. Would M$ ever learn? How long they intend to have that "ActiveX" crap enabled in their browsers by default?? How many sacrifices they intended to make???

    P.P.P.S. On related news from Germany, my employer (about 150 desktops) 1.5 year ago has banned M$IE. Firefox and Opera must be used to access inter/intranets.

    --
    All hope abandon ye who enter here.