GoodScriptThe investors who are generously funding it, but want to stay anonymous for now, just authorized me to unveil a few details about the revolutionary project which I’ve been feverishly working on during the past months. What we’re talking about is not merely a next-generation NoScript. No, we’re talking about the ultimate security tool, nothing less, code named GoodScript.

GoodScript’s key feature is the ability to detect and block malicious JavaScript and other active content before it can harm your web browser, while all the “good” code is automatically allowed to run untouched.

“Nothing new”, you say, “my antivirus has claimed to do that for a long time”. Not quite. Your antivirus compares the code with a database of signatures, and whatever matches is flagged as malicious. What about new code, whose signature has not been added yet? “Heuristic detection” you say. But you must keep in mind that heuristic detection on dynamic languages like JavaScript, which may be heavily obfuscated and offer many ways to do the same thing, is very difficult: it almost surely require to interpret the script in advance inside a sandbox (which might itself be evaded or exploited), and is extremely slow, heavily hurting performance which is the holy grail of modern browsers.

Enters GoodScript. GoodScript does not hurt performance, because it doesn’t need the code to be interpreted. It doesn’t even need the code to be downloaded: actually, if GoodScript detects malice, the evil code is left on its server, far from your browser.

How does this wonder work? First, the bad news: GoodScript works on IE9 only. Why? Because IE9 is the fastest browser around, with everything hardware-accelerated. Hardware acceleration is crucial to GoodScript. Its secret sauce is “Relativistic Workers“, a special kind of Web Workers (HTML5 voodoo) which get hardware-accelerated by IE9. By using Relativistic Workers, GoodScript’s code can run at relativistic speed (near to the speed of light). Thanks to this breakthrough in code speed, we could implement GoodScript’s “PrecogEngine” component, which leverages relativistic effects to temporarily travel in the near future and watch the effects of the potentially malicious code before it could even been downloaded from the web. The great thing about this approach is that it’s not limited to traditional exploits causing immediate effects on your system, such as the attempt of writing on your filesystem or to install a keylogger, but it can detect more elusive signs of malicious intent, e.g. that some hours later your online bank account is gonna be annihilated by a wire transfer to Russia, after a successful XSS attack managed to steal your credentials.

A big thanks to Microsoft: without their commitment to making IE9 fully hardware-accelerated, our exclusive PrecogEngine (the only client-side technology capable of preventing Thought Exploit) wouldn’t have been possible: GoodScript would still be a naive dream and we would be stuck with whitelists, XSS filters and other boring stuff.

Let’s hope Google and Mozilla catch up soon with hardware acceleration, even though a Firefox version would also require working around incompatibilities with this new feature they just announced :(

13 Responses to “Great News for IE9 Users!”

  1. #1 sonickydon says:

    yeah… try again next year Giorgio…
    (though I admit you had me till the "fastest browser around with full hardware acceleration…" ).

  2. #2 Alan Baxter says:

    Congratulations again, Giorgio, on being at the forefront with another seemingly unbelievable software breakthrough! Too bad I’m running XP and won’t be able to take advantage of IE9 and GoodScript.

  3. #3 dis9team says:

    九区的黑客们 出来吧

  4. #4 Giuliano says:

    Bel tentativo Giorgio. Ci sono cascato finché non ho letto la frase "fastest browser around with full hardware acceleration…" ;)
    Buon primo Aprile anche a te!

  5. #5 Mark says:

    I loled at the Webworkers part :).
    IE9 doesn’t even support WebWorkers.

  6. #6 Braden says:

    You had me fooled for a bit. Nicely done.

  7. #7 AnonymousCoward says:

    Literally fantastic!

  8. #8 David Naylor says:

    Lol, you had me too!

    Was getting really frustrated and annoyed until I realized. =)

  9. #9 Basti says:

    Nice!

    Even if one believes that code does not need to be interpreted and downloaded, the rest makes it easy to recognize it as april’s fool.

    BTW: Maybe NoScript could have "Do Not Fool" before Firefox has it. NoScript is updated more often.

  10. #10 Merike says:

    Haha! While 4th paragraph sounded like "this can’t be, or can it?" I didn’t suspect the pun until 5th which made it too obvious :D.

  11. #11 Icy says:

    Until I read the comments, I thought my world had somehow been flipped upside down and everything I’d ever known in my small 19 year life was now outdated and irrelevant.

    Good to see that ain’t the case :p

  12. #12 Aerik says:

    PreCog LMAO. Thanks for the minority report, giorgio.

  13. #13 kmr1684 says:

    giogio babe you got me on his one truly ha ha ha ha

Bad Behavior has blocked 7274 access attempts in the last 7 days.