“You really don’t want to go there today…”
It’s a bug zapper for Web browsing. It’s a cool idea. How it will be secured and made solid I am not sure, but this is good news and a positive step toward solving zero-day exploits and quite possibly many vulnerabilities on unpatched browsers in the future.
Microsoft Research is working on something it calls BrowserShield, which will allow Internet Explorer to detect malicious code and rewrite it, then display the cleaned version of any static or dynamic page in the browser to the end user.
Researchers at the Redmond, Wash., company have completed work on a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.
“We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser,” Wang said. “We’re inserting our layer of code at run-time to make the Web page safe for the end user.”