Microsoft inked an agreement with whitelist specialist Digital Resolve on Sept. 5 to help its next-generation Internet Explorer 7 Web browsing software and Windows Live Toolbar application protect users against fraudulent Web sites.
Under the terms of the deal, Digital Resolve, a unit of Digital Envoy, will provide its Trusted Server data feed directly into the two Microsoft products, promising to arm the programs with the latest information about Web sites that have been tested and proven to be legitimate, in the name of steering users away from URLs that may be involved in phishing.
The data feed will be used as a source of information for Microsofts own Phishing Filter, already built into beta versions of IE 7 and Windows Live Toolbar, and will also be utilized in Windows Internet Explorer 7 for Windows XP Service Pack 2 and in Windows Vista, both of which are still under development and expected to arrive in 2007.
Digital Resolves software, which has generally been used by financial services companies to validate their own Web sites and search for phishing attempts launched in their likenesses, uses data mining tools to continually scour the Web for phishing activity.
When a user attempts to direct a browser toward a questionable Web site, the IE7 provides a warning prompt since the URL has not been verified by the Digital Resolve data feed.
The Trusted Server tools in Microsofts Phishing Filter will be turned on as default protections in the products that carry them, company officials confirmed.
While many traditional anti-phishing technologies use blacklists of suspicious sites to help block user access to fraudulent URLs, Digital Resolves tools instead depend upon whitelists of authenticated pages. The system also aims to replace the two-factor image-based authentication technologies being used by banks and other companies with online operations to help customers log onto their sites safely. Putting the onus on businesses and users to protect themselves is unwieldy, and leaves people open to more sophisticated phishing attacks, Digital Resolve executives said.
The anti-phishing software maker has worked with Microsoft previously to help safeguard users of Microsofts Xbox Live online gaming network from outside attackers.
“Blacklists have been used for a long time, but this is something more dynamic that was needed to help protect Windows users before fraudulent sites are identified, as using a positive identifying indicators to legitimate sites doesnt leave any room from a social engineering standpoint,” said David Helsper, vice president of engineering at Digital Resolve, based in Norcross, Ga. “A lot of online vendors are trying to address the authentication problem with images and shared secrets, but this takes the burden away from the companies and end users and puts validation directly onto the desktop.”
Trusted Server specifically addresses so-called man-in-the-middle attacks, an emerging form of phishing in which criminals use spyware or cross-site scripting attacks to place themselves between users and legitimate Web sites to steal personal data. As businesses have improved their site defenses and end users have become more aware of phishing schemes, man-in-the-middle attacks have begun to increase in number, Helsper said.
Another nascent form of phishing the software offers to protect against is the type of attacks built around DNS cache poisoning, through which fraudsters attempt to dupe Web servers into believing they are communicating with legitimate sites when in fact they are being attacked.
“We were impressed with the quality of Digital Resolves data feeds, and they have become an important addition to our rich network of data provider partners,” said Alan Packer, product unit manager of the Anti-Phishing Team at Microsoft, based in Redmond, Wash. “This agreement underscores Microsofts goal of employing a broad range of data sources from both third parties and end users to help protect customers from the threat of phishing.”
Trusted Server could someday be augmented with an automatic malicious code zapper being developed by Microsoft for future iterations of IE, the worlds most popular browser, although representatives at the software giant said it is too early to tell if the technologies will interact. Researchers at the software maker are touting a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.
The BrowserShield project—an outgrowth of the companys Shield initiative to block network worms, and the brainchild of Helen Wang, a project leader in Microsoft Researchs Systems and Networking Research Group—could one day even become Microsofts answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.