Researchers at Microsoft have built a prototype framework called BrowserShield that "promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages," according to eWeek. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content," says Helen Wang, the project's leader. You can read Microsoft Research's paper on Browser Shield at the MSR web site (scroll down to Publications). The paper says BrowserShield's approach is "to rewrite HTML pages and any embedded scripts into safe equivalents before they are rendered by the browser. The safe equivalent pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities." The advantage of this approach over actually patching the vulnerabilities isn't immediately clear, though perhaps it would allow a faster response to threats.