The mere act of connecting to a network has become the largest source of computer infection. Browsing network sites provides an opportunity for malicious code to enter a computer and steal financial or personal information or conscript the machine into running cyber attacks. A tool developed by SRI and research partner Georgia Institute of Technology is intended to render that vulnerability obsolete.
Block All Drive-by Download Exploits (BLADE) blocks even unknown, zero-day attacks without interfering in normal browser operations. BLADE ensures a browser will not be tricked into installing remote malware applications or data without consent. The system tracks how users interact with browsers, monitoring download authorizations. Any unauthorized, surreptitious attempt results in the download being redirected to a restricted area. The computer is protected because the unauthorized code is neither installed nor executed.
Automatic software updates from known domains can easily be accommodated. In addition to protecting browsers, BLADE can also be extended to secure any network-enabled application, from email and instant-messaging to media players.
BLADE has been shown to be 100 percent effective over months of testing against thousands of threats, using a variety of configurations of common network browsers. Since BLADE does not need to recognize malware to block an unauthorized download and installation, even new or disguised threats are neutralized.
BLADE is funded through grants from the National Science Foundation, the U.S. Army Research Office, and the Office of Naval Research.