Browsershield Built to Block Malicious Code in Webpages

Microsoft has been working on a new project to help Internet Explorer block malicious code that’s hidden on webpages, one that will show a harmless version of the webpage instead. It’s called Browsershield and its just one of many security related products coming from Microsoft. From Neowin,

The BrowserShield project, the brainchild of Helen Wang, a project leader in Microsoft Research’s Systems & Networking Research Group, and an outgrowth of the company’s Shield initiative to block network worms could one day even become Microsoft’s answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.

“This can provide another layer of security, even on unpatched browsers,” Wang said in an interview with eWEEK. “If a patch isn’t available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content.” BrowserShield, described by Wang as a tool for deleting embedded scripts before a Web page is displayed on a browser, can inspect and clean both static and dynamic content. Dynamic content has become a popular vector for Web-borne malware attacks of late, security experts have said.

We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser,” Wang said. “We’re inserting our layer of code at run-time to make the Web page safe for the end user.” If the prototype is eventually folded into a Microsoft product, it could also protect against drive-by attacks that target flaws in IE, which is used by approximately 90 percent of Web surfers worldwide. BrowserShield is one of many security-related projects coming out of Microsoft Research.

This sounds pretty cool, until it starts messing up my webpages. ;) Anything that can block some of this crap these losers put out there on the web, is fine with me. More info from Microsoft Research.

“This transformation logic,” Wang says, “can be injected at a firewall, as a browser extension, or by Web publishers.”

Dunagan provides an enthusiastic elaboration.

“That’s something that we both think is really, really nice about this,” he says. “It’s something where ISA can help protect all the people within a corporation, or it can be something where MSN Search makes it so that any of the cached Web pages that you can see on their site cannot contain these exploits; they can help protect everybody who is going to MSN Search to look at these things. There are two different value propositions, and they appeal to many people.”

Some search engines have been trumpeting something called “safe search,” which amounts to a blacklist of known malicious sites.

“BrowserShield can enable a much more powerful way of doing this safe search,” Wang states. “Basically, even for a malicious site that is not already blacklisted, BrowserShield can help prevent it from doing known bad things, such as exploiting a vulnerability of a browser.”

The technology, similarly, can deliver security-enhanced browsing.

“Say there’s a zero-day browser exploit,” Wang says. “At a particular time, a patch might not be available. But in the meantime, we can allow users to browse through a BrowserShield-enabled toolbar. Users would then be able to type URLs into the toolbar rather than in the usual address bar. This allows all Web sites to be sanitized by the BrowserShield toolbar and enables a safe browsing experience.”