Microsoft Research Builds 'BrowserShield'

SteelyBen writes "Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages. The BrowserShield project, an outgrowth of the company's 'Shield' initiative, could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005."

Just what we need

[TCM]

More complexity on top of bloated and horribly obscure software. That'll help security, really.

Re:

[rtyall]

I bet it's going to do nothing for the latency of loading web pages either.

Re:Just what we need

[holdenholden]

I was ambivalent on this until I read the word "Intercept". So basically this new layer sits between the browser and the Intratubes and rewrites pages according to some predetermined criteria. Now there are two options: either they ship the signatures of new exploits to me (via an update) or the layer is on their side (like a proxy).

In the first case: why not ship the actual updates? Otherwise, how would they guarantee that Grandma will update the signatures? Maybe they will need another layer between the new layer and the Tubes, so that the new new layer will rewrite the pages in case the old new layer is not updated. This is not very sensible...

On the other hand, if they host the layer on their side, clearly I am not interested in sharing this information with MS. Either way, I don't see how it will work.

Re:Just what we need

[NovaX]

why not ship the actual updates?

Sometimes, in the short term, fixing a bug is harder than making sure that it won't be exploited 95%+ of the time. This could be due to architecture/legacy issues, not having resource(s) who know that code base, or the fixer not knowing the code. By using signatures, you're seperating the person that writes the signature from knowing any of the code for the underlying product. Its probably much quicker since they don't have a steep learning curve, can rapidly generate signatures, and its both a cheaper and faster solution. That's not to say its good long term, but considering why IE is slow to fix bugs (MS had haulted development) this has the benefit of being independant and much easier to maintain.

On implementation, Vista will have auto-updates on be default. From their work towards making Windows far more modular, they can probably now stop services, patch, and restart them seemlessly instead of requiring a reboot. If it was proxy based, any browser could use it and we'd likely see a Google proxy too, since the data would be quite valuable and power users would naively trust Google more than Microsoft.

Re:

[LifesABeach]

Let us ponder the Logistics here. Millions of Vista O/S'es in the wild. And exploit has been detected. The bad people find out. The good people find out. Bad people start writing code to use the exploit. Good people start writing code to remove the exploit. Within a day, Root Kits are sent out globally. 3 or more weeks later,(using past performance data), Vista patches are sent out globally.

I predict, "who ever writes patches for Microsoft will have a job for life." I envy that person.

"slowly, one

Re:

[daviddennis]

Of course if you could detect signatures instead of actually fixing bugs, you might be able to get the new signature out at about the same time as the exploit instead of (as you said) three weeks later.

Intuitively, though, I'm not keen on something that rewrites the HTML that I receive. It seems like there's a lot of potential for abuse, like that infamous Internet Explorer linking thing that automatically sprinkled links to Microsoft-friendly sites into the page content you received. Is this just a troja

Re:Just what we need

[rjstanford]

AdMuncher (the single best Windows ad-blocking program, for whatever browser, bar none (IMnsHO)) already provides this functionality out of the box. Any 'sploits are easily blocked, once they're identified, as are damn near all the ads. As a bonus, when people are doing things like not properly recognizing IE7's flash handling (and I'm looking at you, SWFObject), you can easily rewrite the fairly recognizable line of code in a standard library as it comes down the pipe and fix a whole ton of "broken" webpages.

"Correct"? Probably not. Convenient? Absolutely.

AM is one of the very few modern shareware programs I not only paid for, but paid early and promote often. And no, I'm not involved, just an incredibly happy customer (and boy do the Mac blockers have a long way to go in comparison).

That's not even the real danger...

[babbling]

Researchers at Microsoft have completed work on a prototype framework called BrowserShield that promises to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.

What happens when you mix this with Digital Restrictions Management that goes down to the hardware level? What I'm getting at is, what if it's not malicious code that is being replaced by a "safe equivalent", but perhaps a controversial story on a news website, or an important email between governments?

In the future, he who controls the computers controls the world. Digital Restrictions Management will one day give just a few computer companies control over every internet-connected computer in the world.

Some people will respond to this with "ahh.. I'll just use a firewall". Those people do not realise that firewalls will contain DRM, too.

Re:

[Keeper]

DRM has nothing to do with controlling the message of content. It controls access to content.

And quite frankly, there are far easier ways of implementing such a sinister plot in a much more comprehensive fashion.

Re:

[babbling]

I think of DRM as anything that tries to control users against their will, and uses encryption to ensure that it isn't disabled or modified.

I understand that DRM currently hasn't been used as widely as this definition allows, but it will be, soon.

Re:

[Keeper]

That definition encompasses a far greater set of concepts than DRM does. Your definition includes things as ubiquitous as the login prompt.

DRM is a set of technology which enforces rules governing the access or use of content, typically in a manner enforcing a contract previously agreed upon by both parties. Nothing more, nothing less.

What people like you don't typically like is that technology now enables the contract to be enforced on more than a good-faith basis.

Re:

[CaptainCheese]

I think the login prompt is a really bad example. It's a content access control system...kinda makes it a super-basic DRM implementation

Re:

[zootm]

Well, the issue here is whether or not DRM will ever become mandatory, rather than optional. Hardware enforcement of DRM doesn't enforce the non-loading of non-DRMed content, and unless frivolous lawmakers (which are the real troublemakers here, not Microsoft — they merely provide implementations of what the market wants) pass a law forcing this to happen, it just won't. There's just no way that such a restriction will ever be accepted by the largest number of users. There's a world of difference betw

Re:

[suv4x4]

What happens when you mix this with Digital Restrictions Management that goes down to the hardware level?

The answer is: absolutely nothing.

What I'm getting at is, what if it's not malicious code that is being replaced by a "safe equivalent", but perhaps a controversial story on a news website, or an important email between governments?

The technology will not patch plain text content, it'll patch vulnerabilities. Of course this is obvious to most people worth a damn out there, but you get modded up anyways.

Re:

[mgblst]

What he is saying, if that there is a possibility for this to be abused. What is the difference for search for a vulnerability in a html page (ie some malicious javascript or activex) and searching for some text...nothing.

Re:

[CaymanIslandCarpedie]

that there is a possibility for this to be abused.

Fair enough, but really when isn't that the case?

You want a firewall? Well, if its blocking some packets but letting other through whats to stop it from censoring the web for you and not letting you view any web sites it deems "bad"?

Want a virus scanner? Well, if its scanning all your files whats to stop it from deleting anything it finds objectionable or that doesn't have valid DRM?

Want to network card? Well, whats to stop the card manufacturers

Re:

[Daniel_Staal]

In all of the above cases: the fact that people will not buy the product. People will notice. (And, a couple of those have been tried.)

Would you notice if a webpage was changed discretely? Will people stop using IE?

Re:That's not even the real danger...

[suv4x4]

Hmm, so I should trust MS to know what content I want them to "clean"? No thanks. MS has a lot to do to earn back my trust and I would bet the same goes for many other computer users.

What can I say except I'd hate to live in your isolated little made up "omg MS is coming to get me" world.

No matter what the society turns to be, there'll be always people to build inexplicably complex and ridiculous conspiracy theories that all link to the same "ultimate" enemy. Does it make you feel smarter that you saw this intricate plan of Microsoft to ban your blog noone gives a damn about either way?

But it's really not that cool to throw unsubstantiated FUD around as it used to be. We call it trolling, and it's mostly unwelcome.

Nope.

[hummassa]

That's why we need an open-source personal firewall for Windows.

No, that's why we need a Free Software substitute for Windows (*) and every proprietary app.
(*) For me, those are there: I use kubuntu for almost all my computing needs.

Re:

[asylumx]

Just admit that you'll never be happy with MS no matter what they do, and stop whining.

Damn them for not making a secure browser, but damn them again for trying to fix it, eh?

Flame on, since I'll probably get marked as troll for pointing out the truth.

zero-day browser exploits

[HateBreeder]

... Will just get a new name: zero-day browser-sheild exploits.

Re:zero-day browser exploits

[kripkenstein]

Perhaps you joke, but it really isn't that clear whether this will work or not. TFA says

The research group tested BrowserShield against eight IE patches released in 2005 and found that BrowserShield--when used in tandem with standard anti-virus and HTTP filtering--would have provided the same protection as the software patches in every case

There were far more than 8 patches in 2005. How were these 8 selected? Were they of a specific type? Without such details, it's hard to form an opinion about this 'BrowserShield' thingie. For all we know, they selected the most convenient 8 to prove their point.

I made a similar product once.

[Anonymous Coward]

Unfortunately, I wrote it directly into my program without giving it another name, since I didn't realize I could sell the security separate from the program.

Innovation at its finest I suppose.

Re:

[jimicus]

I hope you published it because otherwise they'll get you for patent infringement.

Re:

[rbochan]

I'll reiterate:

Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, he said: "Because customers wouldn't pay for it until recently."

    -Craig Mundie, Microsoft CTO [zdnet.com]

Solve the problem, don't patch it

[mrjb]

How will this even help? Will the browser shield require signatures and/or heuristics like virus scanners, and thus get outdated? If manpower needs to be invested in this technology, wouldn't the same manpower be better invested in solving the problem, rather than patching it?

Fernando knows:

[smittyoneeach]

"Dahling, it is better to look good than to feel good.

And let me tell you something, dahling: you look BrowserShield-ous."

Re:

[jrumney]

Will the browser shield require signatures and/or heuristics like virus scanners, and thus get outdated?

With the comment in the article that AJAX applications can be supported by add-ons (as yet undeveloped), I got the impression that the base product needs just one signature - "<script.*(/>|</script>)"

Hold on a second...

[JeremyALogan]

... so their answer to poorly written software that is security-hole ridden is to layer more software written by the same people on top of it? Wouldn't it be easier to just write good software in the first place then actually fix, in a timely manner, anything that crops up? I'm failing to see how more bloat is going to help.

modular code?

[pikine]

I think it's just an effort to modularize code, but they need a new commercial name to get people excited. It's easier to write an parser + validator than to write parser + validator + render + javascript interpreter in one bunch. If they're nice, they would even offer outputting validated HTML code for non-IE browsers to use. IANAMP (I am not a Microsoft programmer), and IANHW (I am not Helen Wang) but I think that's the idea of this framework.

About inspecting the script for malicious run-time behavior, I

to grammar nazis

[pikine]

It's easier to write an parser + validator

This is just my poor editing. Please move on.

Re:

[PrivateDonut]

Its like using filter paper. The more layers of holey software you use, the more likey that bugs will get stuck on one of layers.

Re:

[MECC]

Its like using filter paper. The more layers of holey software you use, the more likey that bugs will get stuck on one of layers.

Except that for each layer of holey software, there are new off-ramps to to the operating system. Such exploits won't care about getting to the browser, since they can just exploit the 'software shield' and get to the operating system to do their damage via that vector.

No, I think this just creates more opportunity for system exploits, especially if MS grafts the so-called

Re:Hold on a second...

[kjart]

... so their answer to poorly written software that is security-hole ridden is to layer more software written by the same people on top of it?

Yes, much like you would run a firewall to protect 'poorly written software that is security-hole ridden'. Sometimes writting software to catch the exploits is easier and takes less maintenance completely eliminating each and every little bug.

Re:

[l3v1]

Yes, much like you would run a firewall to protect 'poorly written software that is security-hole ridden'. Sometimes writting software to catch the exploits is easier and takes less maintenance completely eliminating each and every little bug.

You write firewalls to have control over the access to your software. No firewall will protect you from sql injection, from buffer overflows, so on and so forth. The point of view they have taken on this matter is imho a flawed one: here's a bad code, we won't fix it,

Didn't this already exist?

[Anonymous Coward]

I think they're just branding the "Disable ActiveX" checkbox.

"Invents?"

[poptones]

Wow, Microsoft has "invented" privoxy! [privoxy.org]

Re:

[account_deleted]

Comment removed based on user account deletion

Why not remove the "features"?

[Anonymous Coward]

So, instead of removing Internet Explorers ability to run code, they add another layer to filter out the code to prevent IE from running it. Does this mean that IE - like Windows - has become so complicated that noone dares remove the offending code, so all development will be addition of more "features"?

Why bother!?

[Turn-X Alphonse]

This just gets on my nerves. They must of spent ages planning and coding this not to mention funding.. Why the hell didn't thy put these resources into IE7 instead? Screw this "We'll protect you from the exploits", make it to the exploits are oh.. I don't know.. FIXED

Re:

[SerpentMage]

I completely agree. The reason why an exploit works is because the original software developers never thought about it. So let's add a layer, and what about the thing that the original software developers never thought about? Will the developers behind the extra layer think about it? I rather doubt it.

Like yourself I think if they had spent more time fixing IE maybe we would not have the problems we do.

Re:

[plover]

The reason why an exploit works is because the original software developers never thought about it. So let's add a layer, and what about the thing that the original software developers never thought about? Will the developers behind the extra layer think about it? I rather doubt it.

Consider how this works, and maybe it'll make it clearer why it should be more effective than just browser patching.

It's a "translator" layer, translating from JavaScript to HTML (or DHTML or whatever.) ALL JavaScript is r

Re:

[ZeroExistenZ]

you do don't want these guys (Microsoft Research) 'helping out'

...

I am ex-corporate research person, so you can trust me.

heh, sounds like a contradiction :p

Safe surfing?

[lostngone]

What is this like a condom for your web browser? Come on, I have heard about practicing safe surfing but this is ridiculous.

It already exists, and it's called the Proxomitron

[Traf-O-Data-Hater]

Sounds like M$ has just "invented" a limited-functionality locked-in version of the marvellous Proxomitron [proxomitron.info]. An application I truly wouldn't be without. Scrubs HTML nasties right out of the box, and also allows you to see a web page the way you want to see it. It runs with any browser, not just Internet Exploiter. And it's the right price, too.

Showing the page anyway?

[CosmeticLobotamy]

It goes without saying that I didn't read the article, but it sounds like they remove the bad stuff and then show the page anyway. Why? Why not just show a page that says, "These f***ing scumbags just tried to f*** up your computer. Quit going there, and punch them in the mouth if you meet them. In the mean time, find a less dangerous source of porn."

Re:

[westlake]

Why not just show a page that says, "These f***ing scumbags just tried to f*** up your computer.

because it will spare us twitter and the 500 other predictable Microshaft posts when your sloppy-but-oh-so-innocent JavaScript code gets the boot.

Give it a chance

[vtcodger]

I doubt it'll work out, but it's a concept that hasn't been explored much. Maybe it'll actually be effective in at least warning people that they are headed for trouble.

Lord knows, It'd be hard for the Internet to be less secure than it is today. It'd be kind of dumb to reject any remotely plausible idea for making things better just because it came from Microsoft.

Funny thing, MS

[bytesex]

They never, ever have believed in, and have only on a few occasions under very great pressure given in to, *removing* software (Clippy?); they just keep on adding instead. They must have missed that one important rule that everyone in a creative profession must once discover; 'writing is scratching', or 'prepare to throw one away' as it's called in software-land. If MS were a person, he'd be declared anally retentive; some many layers of compatibility, so many stick-on solutions that are supposed to work from below. Please guys - this is a seductive, but wrong approach - think again.

Re:

[Nuffsaid]

The fact is, no software company is more bound to backward compatibility than Microsoft. With the kind of installed base they have, who knows where in the world some critical production server would fail if they decide to remove Microsoft Pinball?

Sounds like they've re-invented the sandbox.

[giafly]

FTA: "We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user.

"The essence of the sandbox model is that local code is trusted to have full access to vital system resources (such as the file system) while downloaded remote code (an applet) is not trusted and can access only the limited resources provided inside the sandbox" - Java Security Architecture [sun.com]

That's great

[andi75]

Now I can run IE 3.0.2 again without fear of catching something bad...

Great!

[Yetihehe]

Now I can download cracks and keygens for MS products without fear!

Oh my....

[ErGalvao]

There goes MS again. Let me guess: it will show a big ass shiny shield with a really cool animated graphic and ask "Are you sure you want to execute this malicious code?" and when the user clicks the Ok button it will ask once more just to be sure.

Personally I'm very affraid about MS sniffing my code. Experience shows that it will let tons of lines of malicious code pass, while locking down many good codes out there.

When those people will learn to stop trying to do magic tricks and be serious? A solution to browser flaws already exists and it's not magical at all, but technical: it's called "patch".

Bizarro!

[zmollusc]

WTF? This is the kind of approach that would be used on someone else's propriatary legacy software, or on some piece of hardware to keep it working without altering the thing itself. What are m$ saying? 'Our browser code is such a POS that we don't know how it works anymore'? 'We lost the source code ages ago and we cannot be bothered doing the job right'? 'We have so much market share that we really don't give a crap anymore, pass the crack pipe and the stock options'?

Great

[rainer_d]

Instead of fixing the real problem, they create another code-layer ontop.
Reminds me of those comedy-scenes, where people try to set a shaky table straight by shortening one leg - and then shortening it to much, resulting in three legs that are too long, then cutting these...until all the legs are cut to zero.
No wonder so little of MS-Research ends-up in products - but in this light, it might not be bad after all.

Potentially Unsafe Code Samples

[Anonymous Coward]

UNSAFE HTML:                            REPLACE WITH:

<a href="*.apple.com*"*>*</a>           <a href="mailto:/webmaster?Subject=Your%20Site%20Suck s">I am a Communist.  Please mail me if you love Osama bin Laden --- I certainly do!</a>
<body*>*Linux*</body>                   <body>This page cannot be displayed due to faulty programming in the server's OS.</body>
<embed src="*.[^w][^m][^av]"*></embed>  <b><u><i><blink>This page contains content created using a pirated version of Windows Media Player.  Contact the police.</blink></i></u></b>

Strangling metaphors

[pubjames]

That's like putting a Robin Reliant into a huge metal box to make it as safe as a Volvo. Or something. More coffee...

Re:Strangling metaphors

[troon]

It's a Reliant Robin, dammit. The model is a Robin, made by Reliant.

Re:

[gEvil (beta)]

But I thought the adjective that modified the noun came first?!? Damn English language! So confusing...

Re:

[Duds]

I did try to google the answer to this but foxfire couldn't find one on pediawiki.

dotslash error

[slashbob22]

I think dotslash is broken. Both EI and raope render your website and browser names weirdly.

Re:

[Sir Runcible Spoon]

They don't make them any more. You could try a scrap yard. Get an extra wheel while you are there.

http://www.3wheelers.com/robin.html [3wheelers.com]

Ahh much better now

[l0ungeb0y]

So instead of this dangerous page which will try to install malware [mozilla.com] we'll get a cleaned-up and safe version [microsoft.com]

I'm sure glad MS is out to make the interweb a better place for everyone.

Magic

[suv4x4]

The research group tested BrowserShield against eight IE patches released in 2005 and found that BrowserShield--when used in tandem with standard anti-virus and HTTP filtering--would have provided the same protection as the software patches in every case, Wang wrote in a research paper.

I'm afraid without more information this sounds too much like magic. "Vulnerability-driven filtering should prevent all exploits (of a flaw) and should not disrupt any exploit free pages."

How is the technology filtering, what is it filtering, and how will it differentiate exploit free from exploit-ridden pages? If it can simply detect them why not just block them?

Microsoft Research has produced amazing technologies in the past and most of their current research is also very promising, in the area of GUI design, security, algorithms and so on. I just hope they are in tune with what Microsoft is already doing in Vista to avoid redundant layers of technology.

Also there's always the danger of Microsoft slapping a technology on IE for pure PR reasons ("haha Firefox has no filter!").

But I believe we have a case of poorly written article here. It's not uncommon that reporters simply have no idea what they are covering and coming up with wrong conclusions on what fundamentaly the shield is.

I'd say wait for the opinion to "mature" a bit on this technology.

Re:

[jimicus]

More to the point, if it can detect something, check whether or not the host is patched against it, and block accordingly, you could go one step further and get the patch installed at the same time.

Rice's Theorem anyone?

[wertarbyte]

So they are trying to build a machine that can decide whether arbitrary code is malicious or not - I highly doubt that this is possible in respect to Rice's Theorem [wikipedia.org]. It basically says that every aspect of an complex system cannot be decided. A well known example is the halting problem [wikipedia.org]: You cannot decide whether a turing machine (or an algorithm running on it) will ever come to a stop, or is going to loop forever. And since binding processing time via infinite loops could be considered malicious behaviour, and most script languages are turing complete, an automaton will never be able to decide if a specific piece of code will harm your system. It is possible that certain aspects of a program (opening files in strange places, writing to files that should not be written to) raise suspicion, and certain chracteristics of code might also leed to detection similiar to the work virus scanners do - but I still prefer the good ol' evil bit [wikipedia.org].

LEAKED: Source code to Browser Shield!

[Le Marteau]

s///gs

Re:

[Le Marteau]

Should have used preview. Here's the code.

 

s/<script.+?<\/script>//gs

Already in anti-virus software

[cibyr]

This sort of thing is already in anti-virus software. I use Avast! (free edition) and it has a "Web Shield" module (sounds a look like "Browser Shield", doesn't it?) that transparently proxies web traffic. When it finds anything nasty it pops up dialog box asking you if you want to download/access it anyway or "abort connection".

While this is all well and fine, would it be too much for Microsoft to just patch their bugs?

Comment removed

[account_deleted]

Comment removed based on user account deletion

from Microsoft Research

[krunk4ever]

Do note, this is from Microsoft Research and not a core developement team working on the browser. There will always be bugs in software, just like virus can exist on any OS (though some may have more than others). MSR has been renowned for coming up with interesting solutions for interesting problems. I mean Firefox, Opera, Safari, and any other browser out there has been hit with exploits before. I mean every update of Firefox I download has multiple security updates. I'm not saying a perfect browser can't exist, but the road to get there requires both time and effort, espeically while trying to add new features to keep up to date to be able to compete with other browsers.

Just like how AV software isn't the solution to viruses, it's done quite well in protecting many systems. I personally don't understand exactly how this browsershield works, but from what I can grasp, it seems to be an additional check before loading the page into the browser and removing any malicious code. How it detects the malicious code is not clear, but having seen interesting research come out of MSR, I have my faith in these guys to have come up with an interesting solution.

well it's the Microsoft way

[Pliep]

1. create product with security leaks
2. receive complaints
3. do not solve security leaks but instead, build a wall around them
4. go to sleep and forget about 1.

Re:

[I'm Don Giovanni]

Oh please...
If Mozilla had come up with this you guys would be praising it to high heaven.

And what do you mean, "it's the Microsoft way?" Are you saying that they don't fix security problems today? Wake up and smell the coffee. MS fixes security leaks just as your beloved Mozilla does (don't tell me that you're unaware that most of Firefox's "updates" in recent months have been for multiple and critical security flaws).
If MS ends up implementing this "shield", there's no reason to believe that they'd sto

Wrong-Headed!

[dacap]

*sigh* So they are STILL trying to put bandaids on their old, insecure, highly-patched (and therefore low quality) software rather than ditching insecure communications protocols and writing a simpler browser that is secure from the gound up.

Yep - Microsoft is all in favor of security - so long as it maintains backward compatibility and they don't have to throw anything away.

MS move...

[Capt James McCarthy]

Could they be targeting AJAX pages and the like that do not submit to the "MS" standard of AJAX. I wonder if Google Maps will still function properly with this 'security feature.'

Bye bye karma

[cornjones]

I know we all love to hate MS but this is a good idea.
First off, I have seen first hand some of MSResearch fairs and they is a lot of great stuff coming out of them. Anything that comes out of those labs is worth at least some thought before you dismiss it.

That aside, stripping nasties using a simple system before they reach a more complex system isn't really a bad idea. All of our mail servers have some sort of filter that does this (granted, more for dumb users). IIS 5 did this using a tool that was later built into IIS 6. Hell, firewalls aren't a much different idea. Most of us already run some sort of proxy software to block popups, scripts, or ads. All MS is proposing here is the equivalent of proximity or similar proxy software.

Do we just hate this idea b/c MS is doing it?

Re:

[NatasRevol]

No, we hate the idea because it's bloody fucking obvious to everyone except Microsoft that they should fix all the vulnerabilites in IE before building a wall around them. In other words, use the shield code to FIX IE.

Yes, firewalls do this, but you don't see Mailman building a mail shield to protect its vulnerabilities - they fix them. You don't see Firefox building a web shield to protect its vulnerabilites - they fix them. Etc, etc, etc.

The concept from MS is fine. The implementation, as is typical,

There's nothing at all wrong with this concept

[I'm Don Giovanni]

"we hate the idea because it's bloody fucking obvious to everyone except Microsoft that they should fix all the vulnerabilites in IE before building a wall around them. In other words, use the shield code to FIX IE."

This tells me that you haven't the first clue about software development. You're demanding that Microsoft "fix all the vulnerabilies in IE" before implementing a "wall". You're extremely naive if you think that MS can just "fix all vulnerabilities in IE" before the vulnerabilities are even dis

Re:

[Winterblink]

I think everyone will agree that the idea is a good one, we're just fearful of the implementation of it. What does Microsoft consider to be "nasty" code that should be filtered out? Are they the only deciding body on what stays and what goes? Can the user override this behavior, or are we locked into having to code our sites according to a single entity's rules?

And then the fun question: once the rules have been established, how long until someone gets around it via some method they never even thought o

Re:

[Chanc_Gorkon]

No, it's not a good idea. Adding another layer of shit on top of a shit pile only does one thing....make it harder to get through the shit. Now if you would just fix your shit wall or replace your shit wall with something that isn't shit then that would fix the problem. No matter what you try to do with the piece of shit, it's still is what it is...a turd and you can't shine a turd. Time to dump the IE code and fscking rewrite it...wait....I already did about 3 years ago and it's called Firefox.

Tryed with anti-virus software. And failed.

[ThePhilips]

Well, I thought anti-virus software vendors already failed at similar effort. Every new virus out there first disables all known anti-virus software.

It all boils down to question: how could you tell malicious content from good one??? You would have to resort to signatures. That wouldn't help against 0day exploits in no way, since on that day 0 most signatures are not yet updated.

From the article it sounds more like standard corporate firewall functionality: "block all what looks like HTTP redirect, since that can IE exploit", "block all .exe attachments since that might be Outlook exploit", "block .wmf since that might be IE/Outlook exploit", etc. Nothing new.

Malicious hackers typically embed scripts on Web sites and then use social engineering techniques to trick unsuspecting visitors into downloading Trojans, bots, spyware programs and other harmful forms of malware.

With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

Buhahaha! Very funny!! They at Redmond take Windows security very very seriously - they have put best PR people on it!!!

Good luck at identifying that "harmful code," darling!

P.S. And for that "rewrites HTML pages" bit be sure to have M$' lawyers ready. Few content providers would like idea that their pages may be rewritten by the software monopolist.

P.P.S. Would M$ ever learn? How long they intend to have that "ActiveX" crap enabled in their browsers by default?? How many sacrifices they intended to make???

P.P.P.S. On related news from Germany, my employer (about 150 desktops) 1.5 year ago has banned M$IE. Firefox and Opera must be used to access inter/intranets.

An even better way ...

[LaughingCoder]

Surf from inside a Virtual PC.

Whoo hoo!

[Jester6641]

All this from the same people that brought you a spam-free hotmail inbox!!!!!! Buy now and rejoice that, soon, the only web pages you'll see in the course of your day are the ones specifically designed to get through the filter, while the useful pages that commit some innocent foul are rejected at the door.

Security from MS cannot work

[Opportunist]

No, hold on, not a MS-bashing comment, please read on.

It's not that MS is "inapt" or that they can't get their act together, it's simply that computers are computers, people are people and the mix of those is by its very nature unreliable and insecure. No matter how good you make it, there will always be tiny cracks in the security, be it for technical shortcomings or flaws in human nature that can be manipulated by social engineering.

Now, MS is the biggest manufacturer of operating systems. This shield will, invariably, also be present on every PC running their OS. So the first thing you have to defeat, as the attacker, is this shield. Can't get past it, don't bother continuing trying to defeat other security software that may or may not be present. This shield WILL be present!

So every attacker out there WILL have to come up with a cracking scheme. No matter what the cost, no matter how long it takes. It HAS to be cracked.

Thus security from MS cannot be relied on. Not because it is insecure in any way. But because every piece of malware HAS to come with some procedure to circumvent MS security. It will invariably have countermeasures in its arsenal.

Beware of GPL violation !

[boule75]

They have just embedded Lynx in IE, just in case the later would provide too wide an access to the OS.

It's good news: we now know that Lynx compiles on Win32 and runs as nobody.

DOESN'T HELP

[Chanc_Gorkon]

Just fix the fscking browser and your problems will be SOLVED Microsoft. Adding bullshit on the top won't help things. It will just add more complexity for when things go wrong.

This would break AJAX

[dcam]

Correct me if I am wrong, but won't this break AJAX, and well pretty much any page that uses heavy Javascript. The article talks of replacing client side Javascript with the HTML it would generate. This would suggest that Javscript would no longer be executed on the client. No more onchange/onclick events.

It's been done

[whitehatlurker]

Filtering proxies, like the Proxomitron [usask.ca] or Privoxy [privoxy.org] will do some of this for you. The thing is that this doesn't really work that well for security. You can reduce some exposure [kyeu.info], but it there are things that will get past your checks.

And the MicroSoft implementation seems to be a limited sub-set. It won't even block ads.

Paraphrasing Tower of Power: What is Safe?

[DannyO152]

First of all: prototype framework? Is now really the time to put out the press release? Granted, they've advanced past the conceptualized foundation stage, but it sounds to me like there's more work.

Second, and maybe I'm exposing my ignorance, but aren't these "read junk and output clean" programs variations on Turing's Halting Problem and inherently faulty or potential DOS vectors?

This may be another chorus of the op-had-to-add-something-blues, but I understood that the WMF problem was that the spec allo

"A sucker born every minute"

[seven of five]

The worst part is, M$ is counting on & exploiting the ignorance of the average PC user for a buck - again. Most folks will think this is a good idea.

Re:

[somersault]

.. isn't it a better idea to design your program in a safe fashion, or build this 'shield' into the program itself? That's what I thought when I read this, and what everyone else here has said too. Of course it's a good idea to have secure applications, but IE has been around for more than 10 years, it's hardly a spectacular innovation on the part of Microsoft to finally think about making it more secure. If they write their browser shield as well as they do everything else, then it'll probably just give pe

Re:

[somersault]

Yeah well not necessarily completely rewrite everything - if the code was designed in clear sections rather than just a big mess, then they can do it section by section, but in the end a lot of code will just have to be rewritten.

Re:

[Pieroxy]

Firefox is not safe, nor is Ubuntu, nor is VMWare. You shouldn't believe commercial propaganda written on a commercial website.

Re:

[niceone]

I searched a bit. There's a better article here [microsoft.com]. From that artcle:

BrowserShield's suggested solution to nefarious forces who try to hijack your computer for personal gain is to comb through a Web page for JavaScript or Visual Basic® script and encapsulate it with associated logic that is executed at run time on the user's computer.

Also there is a pdf of a paper they have written [microsoft.com]

.

From the abstract of that (I haven't read the whole thing):

The key challenge in filtering dynamic HTML is that

Re:

[Nuffsaid]

...solution to nefarious forces who try to hijack your computer for personal gain...

What? MS is actually doing something against itself?

Re:

[legoburner]

So it looks like what this does is execute scripts that generate HTML and then check the HTML for known vunerabilities.

Next stop, badware scripts that generate javascript which then goes on to make HTML instead of just generating HTML. I am sure that there will be many levels of potential obfuscation that can only be stopped by using a browser engine to parse/validate the javascript, and at that point wouldn't the browser engine be vulnerable to the same exploits?

Re:

[Watson Ladd]

Why not have the browser do this in the first place? What's the point of having a different program doing it?

Re:

[Emetophobe]

Cartoon figure? You mean like Calvin from Calvin and Hobbes.

http://clintanderson.com/gallery/microsoft/calvin. jpg [clintanderson.com]

Re:

[Jussi K. Kojootti]

Stop the coughing and explain how your link is relevant?