greg hughes - dot net - Microsoft's BrowserShield would re-write malicious web code before it attacks

Tuesday, September 05, 2006

Microsoft's BrowserShield would re-write malicious web code before it attacks

"You really don't want to go there today..."

It's a bug zapper for web browsing. It's a cool idea. How it will be secured and made solid I am not sure, but this is good news and a positive step toward solving zero-day exploits and quite possibly many vulnerabilities on unpatched browsers in the future.

Microsoft Research is working on something they call BrowserShield, which will allow Internet Explorer to detect malicious code and rewrite it, then displaying the cleaned version of any static or dynamic page in the browser to the end user.

From eWeek:

Researchers at the Redmond, Wash., company have completed work on a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.

"We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user."

More on eWeek.com

Tags: IE, Internet Explorer, BrowserShield, Microsoft, Security, Malware, Scripts, Hack

Add/Read: Comments [1]

IT Security | Tech

Tuesday, September 05, 2006 10:29:11 AM (Pacific Daylight Time, UTC-07:00)

Monday, September 11, 2006 4:34:37 AM (Pacific Daylight Time, UTC-07:00)

Am I the only one to think that this could be the death knell for Internet Exploder? IE can't handle properly written pages reliably, so how will it behave once that code has been interfered with? I know this is only supposed to interfere with malicious code, but that is a little hard to define technically, isn't it?

Name
E-mail
Home page

	Remember Me
Comment (Some html is allowed: `a@href@title, b, blockquote@cite, em, i, strike, strong, sub, super, u`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.

Live Comment Preview

"Computers used to take up entire buildings, now they just take up our entire lives."

- Unknown

"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."

- Jon Stewart

Syndication [XML] and .net Alerts

For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own.

Subscribe - click the icon for my feed

... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account:

Contact

Drop me an email:

Send mail to the author(s)

Phone: 503-766-2258
Add me to MSN Messenger

Monthly Archive

April, 2008 (16)

March, 2008 (22)

February, 2008 (32)

January, 2008 (9)

December, 2007 (6)

November, 2007 (4)

October, 2007 (19)

September, 2007 (36)

August, 2007 (19)

July, 2007 (17)

June, 2007 (16)

April, 2007 (11)

March, 2007 (5)

February, 2007 (14)

January, 2007 (16)

December, 2006 (16)

November, 2006 (4)

October, 2006 (23)

September, 2006 (14)

August, 2006 (21)

July, 2006 (34)

June, 2006 (25)

April, 2006 (20)

March, 2006 (17)

February, 2006 (34)

January, 2006 (30)

December, 2005 (23)

November, 2005 (39)

October, 2005 (30)

September, 2005 (49)

August, 2005 (31)

July, 2005 (21)

June, 2005 (35)

April, 2005 (54)

March, 2005 (60)

February, 2005 (27)

January, 2005 (59)

December, 2004 (70)

November, 2004 (58)

October, 2004 (55)

September, 2004 (64)

August, 2004 (53)

July, 2004 (65)

June, 2004 (50)

April, 2004 (26)

March, 2004 (20)

February, 2004 (26)

January, 2004 (28)

December, 2003 (12)

October, 2003 (8)

September, 2003 (11)

August, 2003 (1)

On this page

Search and Translate this Site

Blog Posting Categories

Navigation Links

About Greg Hughes

Archive of all entries

Alltop - Windows

NWFusion Compendium [of tech info]

news.com RSS feeds

This blog is featured on...

Blogroll

Alex is a former coworker who blogs about a variety of IT-related topics.

Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology.

Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog.

Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too.

Matthew Lapworth

Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something.

Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :)

MSFT Security Bulletins [RSS]

RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each.

Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally.

Scott Adams' Dilbert Blog

Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog.

Scott Hanselman

Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around.

Sign In

Who Links Here

Total Posts: 1664
This Year: 84
This Month: 7
This Week: 7
Comments: 2625