

Software aims to whack drive-by malware threat - coondoggie
http://www.networkworld.com/community/node/67104

======
david_shaw
From the article:

 _BLADE "thwarts the ability of browser-based exploits to surreptitiously
download and execute malicious content by remapping to the filesystem only
those browser downloads to which a programmatically inferred user-consent is
correlated, BLADE provides its protection without explicit knowledge of any
exploits and is thus resilient against code obfuscation and zero-day threats
that directly contribute to the pervasiveness of today's drive-by malware."_

This sounds like a great idea, but here's the problem that I have with BLADE:
if we're going to create something to semi-intelligently decide whether
browser content is actual user data or something malicious. Okay, that sounds
good in theory, but I think it's a little more difficult to implement in
practice. Wouldn't it be easier to simply _prompt_ the user to ask?

I know, I know--users would just be fooled by tricky malware or would deny
session ID cookies because they look like a random string of letters and
numbers (looks like a _hacker!_ ). Instead of reinventing the wheel with an
academic system that can't possibly stop _all_ malware and can't possibly
allow _all_ legitimate traffic, why don't we simply encourage end users to run
noscript and adblock (pretty much eliminates the adware aspect) and the
ability to allow "drive-by" downloads on a per-site basis?

