The investors who are generously funding it, but want to stay anonymous for now, just authorized me to unveil a few details about the revolutionary project which I’ve been feverishly working on during the past months. What we’re talking about is not merely a next-generation NoScript. No, we’re talking about the ultimate security tool, nothing less, code named GoodScript.
Enters GoodScript. GoodScript does not hurt performance, because it doesn’t need the code to be interpreted. It doesn’t even need the code to be downloaded: actually, if GoodScript detects malice, the evil code is left on its server, far from your browser.
How does this wonder work? First, the bad news: GoodScript works on IE9 only. Why? Because IE9 is the fastest browser around, with everything hardware-accelerated. Hardware acceleration is crucial to GoodScript. Its secret sauce is “Relativistic Workers“, a special kind of Web Workers (HTML5 voodoo) which get hardware-accelerated by IE9. By using Relativistic Workers, GoodScript’s code can run at relativistic speed (near to the speed of light). Thanks to this breakthrough in code speed, we could implement GoodScript’s “PrecogEngine” component, which leverages relativistic effects to temporarily travel in the near future and watch the effects of the potentially malicious code before it could even been downloaded from the web. The great thing about this approach is that it’s not limited to traditional exploits causing immediate effects on your system, such as the attempt of writing on your filesystem or to install a keylogger, but it can detect more elusive signs of malicious intent, e.g. that some hours later your online bank account is gonna be annihilated by a wire transfer to Russia, after a successful XSS attack managed to steal your credentials.
A big thanks to Microsoft: without their commitment to making IE9 fully hardware-accelerated, our exclusive PrecogEngine (the only client-side technology capable of preventing Thought Exploit) wouldn’t have been possible: GoodScript would still be a naive dream and we would be stuck with whitelists, XSS filters and other boring stuff.
Let’s hope Google and Mozilla catch up soon with hardware acceleration, even though a Firefox version would also require working around incompatibilities with this new feature they just announced :(