Archive for April 1st, 2011

GoodScriptThe investors who are generously funding it, but want to stay anonymous for now, just authorized me to unveil a few details about the revolutionary project which I've been feverishly working on during the past months. What we're talking about is not merely a next-generation NoScript. No, we're talking about the ultimate security tool, nothing less, code named GoodScript.

GoodScript's key feature is the ability to detect and block malicious JavaScript and other active content before it can harm your web browser, while all the "good" code is automatically allowed to run untouched.

"Nothing new", you say, "my antivirus has claimed to do that for a long time". Not quite. Your antivirus compares the code with a database of signatures, and whatever matches is flagged as malicious. What about new code, whose signature has not been added yet? "Heuristic detection" you say. But you must keep in mind that heuristic detection on dynamic languages like JavaScript, which may be heavily obfuscated and offer many ways to do the same thing, is very difficult: it almost surely require to interpret the script in advance inside a sandbox (which might itself be evaded or exploited), and is extremely slow, heavily hurting performance which is the holy grail of modern browsers.

Enters GoodScript. GoodScript does not hurt performance, because it doesn't need the code to be interpreted. It doesn't even need the code to be downloaded: actually, if GoodScript detects malice, the evil code is left on its server, far from your browser.

How does this wonder work? First, the bad news: GoodScript works on IE9 only. Why? Because IE9 is the fastest browser around, with everything hardware-accelerated. Hardware acceleration is crucial to GoodScript. Its secret sauce is "Relativistic Workers", a special kind of Web Workers (HTML5 voodoo) which get hardware-accelerated by IE9. By using Relativistic Workers, GoodScript's code can run at relativistic speed (near to the speed of light). Thanks to this breakthrough in code speed, we could implement GoodScript's "PrecogEngine" component, which leverages relativistic effects to temporarily travel in the near future and watch the effects of the potentially malicious code before it could even been downloaded from the web. The great thing about this approach is that it's not limited to traditional exploits causing immediate effects on your system, such as the attempt of writing on your filesystem or to install a keylogger, but it can detect more elusive signs of malicious intent, e.g. that some hours later your online bank account is gonna be annihilated by a wire transfer to Russia, after a successful XSS attack managed to steal your credentials.

A big thanks to Microsoft: without their commitment to making IE9 fully hardware-accelerated, our exclusive PrecogEngine (the only client-side technology capable of preventing Thought Exploit) wouldn't have been possible: GoodScript would still be a naive dream and we would be stuck with whitelists, XSS filters and other boring stuff.

Let's hope Google and Mozilla catch up soon with hardware acceleration, even though a Firefox version would also require working around incompatibilities with this new feature they just announced :(

Bad Behavior has blocked 965 access attempts in the last 7 days.