September 4, 2006
Microsoft researchers are experimenting with an automatic code zapper for the company's Internet Explorer Web browser.
Researchers at the Redmond, Wash., company have completed work on a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.
The BrowserShield projectâ€”the brainchild of Helen Wang, a project leader in Microsoft Research's Systems & Networking Research Group, and an outgrowth of the company's Shield initiative to block network wormsâ€”could one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.
"This can provide another layer of security, even on unpatched browsers," Wang said in an interview with eWEEK. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content."