A browser is a software application enabling a user to display and interact with information (text, images, audios and videos records and streams, forms, etc.) located on a page (also called, webpage) at a website on a network (such as the World Wild Web or an intranet). Any information on a webpage has an associated attribute allowing the linking of this information to other information at another location of a network.
Different protocols are available and allow communication through a network, and handling data in a large number of formats, such as HTML.
As an example, FIG. 1 is a simplified model of “client-server architecture”. A client 101 (a browser) initiates a request 103 to a server 105 (a website). A server 105 receives the request 103, and replies with a message 107 containing, a requested file, an acknowledgement, an error message, or some other information.
A plug-in (also called “browser plug-in”) expands the functionalities of a browser by adding extra features to it. Many browser plug-ins are visible to the user and he/she can interact with these plug-ins. A plug-in can be, as an example, a toolbar, a search assistant or a set of functions allowing blocking pop-up windows. Others plug-ins are not visible to users and run without Graphical User Interface (GUI). However, some plug-ins, visible and invisible, can be malicious and can, for example, spy on the users (e.g. obtain unauthorized access to personal information and transmit it to a third party).
In order to reduce the risks generated by malicious plug-ins and more generally by malicious software, some approaches are available, such as the firewall technologies, which can highly limit the intrusion and the hijacking of personal data.
A firewall is a device or a software dedicated and configured in order to permit, to deny, to encrypt or to proxy computer traffic over a network connection, according a set of rules. Said network can be an organization network or the Internet. In all contexts, personal firewalls can be used in order to protect a single host by limiting the types of processes that are allowed to perform specified activities.
It is a severe drawback of network/personal firewalls, that they are useless when the user installs a malicious plugin. The plugin runs in the context of a trusted process (the browser, e.g. Microsoft Internet Explorer), and uses standard outgoing traffic (HTTP) to send stolen data out to an unauthorized location. Such activity cannot be distinguished from legitimate traffic sent by the same browser process. So a personal firewall doesn't affect malicious plug-ins, because they run within the realm of a trusted process and behave, for all it matters to the personal firewall, like the browser. Likewise, once the PC is infected, a network firewall is useless against malicious plug-ins, because they generate traffic that is indistinguishable from that of the browser.
It is an object of the present invention to increase the security of the data exchanged between a web browser using plug-ins and a website.
It is another object of the present invention to provide a firewall dedicated to browser(s).
It is yet another object of the present invention to provide a software firewall which patches the functions used by a browser to load or to create a plug-in object.
It is still another object of the present invention to provide software allowing to prevent malicious software from getting data.
It is a further object of the present invention to provide a software preventing plug-ins from gaining access to a browser internal data structure.
Further purposes and advantages of this invention will become apparent as the description proceeds.