<pedrocorreia.net ⁄>
 

<Microsoft Research Builds 'BrowserShield' ⁄ >




clicks: 3036 3036 2006-09-06 2006-09-06 goto tecnologia myNews tecnologia  Bookmark This Bookmark This


Microsoft researchers are experimenting with an automatic code zapper for the company's Internet Explorer Web browser.

Researchers at the Redmond, Wash., company have completed work on a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.

The BrowserShield project-the brainchild of Helen Wang, a project leader in Microsoft Research's Systems & Networking Research Group, and an outgrowth of the company's Shield initiative to block network worms-could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.

"This can provide another layer of security, even on unpatched browsers," Wang said in an interview with eWEEK. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content."

BrowserShield, described by Wang as a tool for deleting embedded scripts before a Web page is displayed on a browser, can inspect and clean both static and dynamic content. Dynamic content has become a popular vector for Web-borne malware attacks of late, security experts have said.

The framework could work particularly well, as it could provide a safety net, protecting many Web surfers from themselves.

Malicious hackers typically embed scripts on Web sites and then use social engineering techniques to trick unsuspecting visitors into downloading Trojans, bots, spyware programs and other harmful forms of malware.

With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

"We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user."

If the prototype is eventually folded into a Microsoft product, it could also protect against drive-by attacks that target flaws in IE, which is used by approximately 90 percent of Web surfers worldwide.

Indeed, during testing, Wang's team was able to inject HTML-rewriting logic into Web pages at an enterprise firewall. BrowserShield transparently rewrote and rendered many familiar Web sites that use JavaScript, a scripting language that can be used to run arbitrary server-provided code on a client computer.

"The framework could react in many ways to detect exploits," Wang wrote in a paper detailing the prototype tests. "Vulnerability-driven filtering should prevent all exploits (of a flaw) and should not disrupt any exploit free pages."

The research group tested BrowserShield against eight IE patches released in 2005 and found that BrowserShield-when used in tandem with standard anti-virus and HTTP filtering-would have provided the same protection as the software patches in every case, Wang wrote in a research paper.



este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
this is just a small excerpt from the article, to access the full article please click in the link below:

http://www.eweek.com/article2/0,1895,2011765,00.asp




Subscribe News RSS  Subscribe News Updates by E-mail





myNews <myNews show="rand" cat="tecnologia" ⁄>

MongoDb Architecture new ...

NOSQL has become a very heated topic for large web-scale deployment where scalability and semi-struc (...)

clicks: 17775 17775 2012-05-14 2012-05-14 goto url (new window) horicky.blogspo... goto myNews tecnologia


A Hopefully Fair and Useful Comparison of Haskell Web Frameworks new ...

Recently there has been a lot of discussion and questions about the differences between the big thre (...)

clicks: 14331 14331 2012-05-13 2012-05-13 goto url (new window) softwaresimply.... goto myNews tecnologia


Retina graphics for your website new ...

retina.js is an open source script that makes it easy to serve high-resolution images to devices wit (...)

clicks: 14170 14170 2012-05-11 2012-05-11 goto url (new window) retinajs.com/ goto myNews tecnologia


What every programmer should know about memory, Part 1 new ...

In the early days computers were much simpler. The various components of a system, such as the CPU, (...)

clicks: 15507 15507 2012-05-10 2012-05-10 goto url (new window) lwn.net/Article... goto myNews tecnologia


The State Of HTML5 Video

HTML5 has entered the online video market, which is both exciting and challenging for developers in (...)

clicks: 6116 6116 2012-02-14 2012-02-14 goto url (new window) longtailvideo.c... goto myNews tecnologia


A Tour of Amazon's DynamoDB

Amazon's recent release of DynamoDB, a database whose name is inspired by Dynamo, the key-value data (...)

clicks: 5826 5826 2012-02-13 2012-02-13 goto url (new window) paperplanes.de/... goto myNews tecnologia


Video: CSS3 Secrets: 10 things you might not know about CSS3

A number of prominent front-end developers delivered helpful talks at this year's Fronteers 2011 con (...)

clicks: 6371 6371 2011-11-30 2011-11-30 goto url (new window) css.dzone.com/a... goto myNews tecnologia


Google BigQuery Service: Big data analytics at Google speed

Rapidly crunching terabytes of big data can lead to better business decisions, but this has traditio (...)

clicks: 5483 5483 2011-11-30 2011-11-30 goto url (new window) googlecode.blog... goto myNews tecnologia