News Microsoft to launch BrowserShield

[Garside]

http://www.bit-tech.net/news/2006/09...BrowserShield/

[DougEdey]

Surely it would be better to just completely block a page from loading. And what is defined as malicious? A pop up box? A pop under box? An auto download?

(Please can we rename is BrowzarShield?)

[Cthippo]

Quote:

Originally Posted by The Article

Soon though, all surfing security worries could be a thing of the past

Please tell me that was sarcasm

Quote:

BrowserShield will check all code before it loads up removing anything that it deems malicious.

What's malicious? Well, anything from Google, Apple, any linux site, etc.

This isn't a problem for me since I use Opera, but I have to admit that it does bug me that they are making another product aimed at people who probably shouldn't be allowed to use a computer. I'm also concerned about the false positive rate for this, especially as so many sites want flash and java plugins and who knows what all else. Also, it's a given that this will be defeated within days and may be hacked. As long as you can disable this feature it shouldn't be too bad.

[Flibblebot]

So Microsoft are releasing a product to protect insecure browsers.
So who makes the browser with the highest number of insecurities...?

There's the stable door. Oh dear, the horse has bolted. Oh well, better close the door anyway...

[Rich_13]

which therefore inproves their browser, EVERY brower is insecure if you look hard enough for the bugs / holes.

Sounds like a good idea to me.

[Buzzons]

agreed rich, with IE holding what was 99% of the market it was, just as XP and other MS OS's are the key target for hackers / malware authors as they will get more results. Firefox / thunderbird have had their own critical updates yet no one seems to slag them off when they are found, they just go "hooza the bug was fixed" yet when MS does it, its like "booo another bug having to be fixed" -- why? cos everyone seems to hate them for doing the world a favour by making an OS so easy to use that anyone can -- with no real learning curve -- this is good for non geeks -- as in, those that prob wont be reading this, nor really have an idea what a forum is -- so that is all good. for those of us that are more eductated then sure, it may seem a bit silly / bad / MS oriantated but so what? we wont use it.. those that need it will.

[Laitainion]

Quote:

Originally Posted by Rich_13

which therefore inproves their browser, EVERY brower is insecure if you look hard enough for the bugs / holes.

Exactly, I use Firefox which has had it's own fair share of security fixes, it's just not as popular as IE so doesn't get targetted as much.

If this new program get's implemented on the firewall level, I think it would be really good, it's not a panacaea for our problems. I don't think anything could magically solve all the problems the Internet brings with it, anything that is done is just a form of damage control, and will continue to be for the forseeable forture.

[aggies11]

An interesting idea. Don't just block the page, but "clean it" of any of the "bad" parts. Remove the offending scripts/code silently, and user has nothing to worry. I'd imagine this would only be compatable with IE though?

For what it's worth, I've currently experienced a Firefox/Flash vulnerability (both at the latest version), that somehow changes my DNS settings (redirects to another DNS server). It's rather harmless, and doesn't do any more than that, but it has the ability to crash the browser. I'm pretty sure it's a vulnerability, as my system looks totally clean.

So I tool like this could always be usefull, if it works.

Aggies

[Firehed]

Quote:

Originally Posted by Laitainion

Exactly, I use Firefox which has had it's own fair share of security fixes, it's just not as popular as IE so doesn't get targetted as much.

If this new program get's implemented on the firewall level, I think it would be really good, it's not a panacaea for our problems. I don't think anything could magically solve all the problems the Internet brings with it, anything that is done is just a form of damage control, and will continue to be for the forseeable forture.

You forgot to mention that Microsoft waits until the exploit is in the wild to patch, unlike Firefox (or really any other browser for that matter).

I'm personally a fan of just disabling scripts. Makes for better coding practices anyways.

[Tyinsar]

Maybe I'm missing something but if this is intended to help the people who run unpatched browsers how do you get them to add this patch?

[yahooadam]

seems like an idea, but how it works, and how well it works are going to be the big questions

also, shouldn't it be called IESheild, as its only going to work with IE - this is MS were talking about

[DXR_13KE]

a very good idea, for noobs, i hope they implement this in a correct way.

[Aankhen]

So let me get this straight... add lots of completely unnecessary, proprietary, untested technology to your browser, thereby increasing the number of security holes by a factor of a thousand... then create a whole movement to stop people from using those features? Way to go, Microsoft.