Microsoft's BrowserShield to nullify malicious sites

Posted Sep 5th 2006 10:40AM by Jordan Running
Filed under: Internet, Security, Microsoft

Researchers at Microsoft have built a prototype framework called BrowserShield that "promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages," according to eWeek. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content," says Helen Wang, the project's leader. You can read Microsoft Research's paper on Browser Shield at the MSR web site (scroll down to Publications). The paper says BrowserShield's approach is "to rewrite HTML pages and any embedded scripts into safe equivalents before they are rendered by the browser. The safe equivalent pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities." The advantage of this approach over actually patching the vulnerabilities isn't immediately clear, though perhaps it would allow a faster response to threats.

Tags: browsershield, ie, internetexplorer, microsoft, security

Related Headlines

Microsoft Drops IE8 Beta 2 - First Impression (2 days ago - 23 Comments)
One in three new Vista machines downgraded to XP (8 days ago - 17 Comments)
Microsoft buys price comparison, research company for $486 million (Today - 0 Comments)
Microsoft finally gets into the keyboard app launcher biz with Speed Launch (10 days ago - 9 Comments)
Nawras PC Supervisor Configures Local Security Controls (16 days ago - 6 Comments)

Reader Comments (Page 1 of 1)

9-05-2006 @ 2:01PM

Fabulo said...

"...based on known vulnerabilities"

1. Then you have to know about the threats in advance? How is it different from firewall/ids/filtering/antivirus already in place?
2. Who ever thought that any app (especially a web browser) should download random code from unknown parties and run it would be a good idea?

We definitely brought that one on ourselves. And Microsoft is double guilty for unleashing the evil ActiveX on us.

9-06-2006 @ 10:16AM

Uso said...

Why would anyone care to have a site "safely" re-rendered that contains malicious content? Why not just stay freakin' away from such sites?

#	Blogger	Posts	Cmts
1	Lee Mathews	52	50
2	Brad Linder	48	4
3	Christina Clark	27	7
4	Jay Hathaway	15	1
5	Christina Warren	12	4
6	Kristin Shoemaker	11	13
7	Jason Clarke	7	2
8	Dolores Parker	6	5
9	Victor Agreda, Jr.	5	5
10	Danny Mendez	1	0
11	Gordon Finlayson	1	0
12	Sue Polinsky	1	1

Blogger

Posts

Cmts

Epic: There will be no Gears of War 2 for PC Wanted: a PAX attendee really good at video game trivia PSP Brite diagnosed with lower battery life expectancy	Rumor: Apple and AT&T working on tethering deal My favorite iPod touch apps: Mike R.'s picks Meet Spore's creator at Regent St. Apple Store
10 Awesome BlackBerry apps Googleholic for August 29, 2008 3 Mobile Web Apps that keep old Pocket PCs relevant	Empty the 401k: Riddler-winning Ferrambo up for sale VIDEO: Viper ACR and Corvette ZR1 battle on the 'Ring BMW helping disabled vets get back behind the wheel
Double-sided transparent touch display would make Battleship amazing German Customs raids over 50 booths at IFA looking for patent infringements VAIO UX gets hot-rodded with Core 2 Duo mod	Closing Bell: Dow, NASDAQ and S&P down on inflation and oil worries Is infrastructure investment good for the U.S. economy? Broadcom (BRCM): Behind the iPhone display, and more