OSNews

More bloat for a bad designed browser. Patch over patch.

Does it seem like MS's answer to everything is a new framework or a new kludge on top of existing software as an answer to everything ?

I swear the company spends more time writing security frameworks and anti-exploit tools for their own software then they do developing anything new.

Sounds as if you can get some of this already using Privoxy. As it's a local proxy you can set all your browsers to run through just the one programme. Works well here, anyway, on both Windows and Linux. It also nixes adverts which I can't imagine the MS stuff doing.

...there's too much hype there. For example,
"BrowserShield transparently rewrote and rendered many familiar Web sites that use JavaScript, a scripting language that can be used to run arbitrary server-provided code on a client computer."
That's overstating things just a tad! If I didn't know better, I might think Javascript let the server send "format c:" to my machine, which would blithely run it.
Luckily that's not the case, despite Microsoft's best efforts at times - in theory at least Javascript is limited in what it can do.

Using a halfway decent browser, I don't feel any need to rewrite HTML on the fly. If code presented by a page is "potentially malicious" (of course just about anything is _potentially_ malicious, but obviously some things are worse than others), the browser shouldn't have any capability to display it.

Cool, I really can't wait for another Microsoft's security feature (TM) in my browser! Oh joy, oh hapiness, this will surely make my browser work faster and I won't have any problems[/sarcasm]

Is it possible to trust that an organisation releases software which is insecure either 'by design' or through incompetance?

Seems rather ironic that they cannot be trusted to build a secure product from the ground up, but then expect to be trusted to throw a security blanket over it to fix the original problems?

Cannot trust one aspect, but can be trusted on another?

As far as I am concerned, the open source community is about the only one that can be 'most trusted' for software security.

"Users of the Firefox browser should be aware of their script settings when surfing the internet. Firefox extensions like 'Noscript,' which bars malacious Javascript from executing, are a wise idea. They help ensure that the browser offers as small of a target as possible to malware authors, claims an article in PC Professionell magazine.

The report in the Munich-based magazine notes that malware authors are increasingly occupying themselves with the alternative browser. This includes spam mails that attack vulnerabilities in Firefox. These messages attempt to lure the user into clicking on a web address that contains specific Javascripts. If the site recognizes Firefox as the visiting browser, then the scripts attempt to exploit an older security hole in the browser, for which a patch has now been released, to smuggle malware or spyware onto the computer."

http://tech.monstersandcritics.com/news/article_1187456.php/Be_awar...

At least they are trying to fix some issues that other browsers won't even get to think about fixing.

The mental midgets on here are insane. Just because Microsoft wants to make something more secure and wants to add this to their browser which does not exist for other browsers and probably won't they are all jealous.

I think it is a great idea and I would like to see other browsers like Firefox to adopt something like this.

Screw the haters living in their parents house.

All the Bandaids in the world are not going to fix a
User's proclivity to stick their fingers in someplace
that they don't belong. Nice try guys, why not make it
impossible to do bad things with iE?? Oh, that's right,
you would have to throw out backwards compatibility with
all of those fancy bells and whistles that you placed in the Windows OS back when it was only meant to run on non-networked PCs. Decisions, decisions (tsk).
Jim

I thought you needed a prescription for those shield barriers. Why not a more catchy name and slogan like
Browser Prophylactic - Dont get infected!
or similar?

I don't understand why is everyone attacking MS and their actions. I personaly don't favour MS but when someone is right, I do admit it. Looks like they get attacked either way regardless whether **they are doing **something** or not doing something about their security issues. E.g: when there were not any updates for IE until IE7

Also, if you trully undertstand things, you will know that the more user friendly something is, the more vulnerable is to attacks and security flaws so there is nothing surprising here. Yes, Linux is secure but it is not as user friendly as Windows. Even MacOS X has security issues and we all know it is a Unix/BSD...

Edited 2006-09-06 12:51

So they just leave the security flaws inside the browser and instead do a kind of pattern matching on websites!? That's like completely retarded..

Don't fix the browser, fix the web, brilliant piece that.

After installing on a *virgin* XP system I rebooted and I immediately saw the "IE has performed a fatal exception error" and crashed on my very first login as admin. Will the browser shield shield me from this pain?

Internet Explorer is so heavily embedded within Windows, and lot's of crucial functionality, that if MS were to completely re-write IE (as it desperately needs), they would destroy a lot of stuff in Windows.

Thus, MS have to put a blanket on top of IE to provide better security.

Actually, I applaud their efforts. They're actually trying to solve a problem.

Unfortunately, they're being forced (due to their bad design decisions of the past) to use a kludge/hack.

I'm just glad I use Linux most of the time, and when I'm on Windows, I use Opera or Seamonkey or Firefox.

They should be working on "BrowserThanDoesntHaveGapingSecurityHolesInTheFirstPlace" instead of a band-aid fix for the mess that is IE.