Today, there are several web browsers for a user to operate when accessing the Internet. These web browsers vary greatly with feature richness and functionality. Because of the variety, software manufacturers and developers understand that web browsers may determine the user's experience during operation. Therefore, software manufacturers and developers are becoming more sensitive to enhancing the user's experience in using a particular web browser.
Web browsers may be categorized into two categories, open-source web browsers and closed-source web browsers. The difference between the two browsers is that an open-source web browser has its computer source code available to the public, such as to independent software developers or third-party vendors (ISVs), while a closed-source web browser does not have its computer source code available to the public. With the open-source web browser, the public may review the computer source code, make modifications of the computer source code with the owner's approval, or create third-party computer software based on the computer source code that has been reviewed. The third-party computer software may be built with a knowledge and understanding of the computer source code of the open-source web browser. This may result in a reduced amount of software testing to ensure the functionality and integration of the third-party computer software with the open-source web browser.
As stated earlier, computer source code of the closed-source web browser is not opened to the public. The owner of the closed-source web browser has control over the modification of the computer source code. In this situation, ISVs may not review, access, nor modify the computer source code. ISVs may find it difficult to create third-party computer software, although they are allowed to create such software that works with the closed-source web browser. Usually, the resulting third-party computer software is referred to as add-on software. Because add-on software is created independently of the computer source code, more software testing may be desired to test the functionality between the add-on software and the closed-source web browser. Software testing may be more involved and rigorous to ensure the functionality and integration of the add-on software and the closed-source web browser.
Along with the evolution of web browsers, there has been an increase in software enhancements to web browsers. One of those software enhancements has been tabbed browsing. Tabbed browsing allows a user to have multiple browser views existing in one browser window. In the past, a user had to open a separate window to access a web page. Opening multiple web pages would require opening multiple windows. With tabbed browsing, multiple web pages may be opened inside of one window. The multiple web pages are identified by tabs that may be individually selected to access a particular web page.
Because of the multiple web page concept in one window, tabbed browsing may facilitate unscrupulous operators of malicious web pages into tricking a user into entering sensitive information into the malicious web page. This technique is commonly referred to as “phishing”. There are a number of techniques that malicious web pages may use on an unsuspecting user operating tabbed browsing.
In one scenario, an unscrupulous operator might operate a malicious web page in a background browser. The background browser may show a popup dialog while a different (and presumably trusted) web page shows in a foreground browser. A user may be willing to respond to the popup dialog thinking it comes from the trusted site. This technique is commonly referred to as “spoofing”. For example, the user may have two web pages in a tab band while operating tabbed browsing. The foreground browser may operate with a legitimate website while the background browser may operate with a malicious website. The background browser may load and show a dialog saying “Enter your login and password”. The user may be currently doing some other activity, like reading email, in the foreground browser with the legitimate website. So, to the user, the popup dialog may look as if it came from the legitimate website. The user would then enter credentials that would go directly to the malicious website.
In a second scenario, again, an unscrupulous operator might operate a malicious web page in a background browser. The background browser could run a high frequency timer (say every 10 milliseconds) that continuously grabs the input focus from a foreground browser. As typing occurs, the keystrokes could go directly to the malicious website unbeknownst to a user. The malicious website could then forward the captured information as desired.
In a third scenario, again, an unscrupulous operator might operate a malicious web page in a background browser to cause the background browser to move into the visible area of the web browser. In some operations of tabbed browsing, the background browsers are not actually hidden but are moved from the visible area (moved off screen). An unscrupulous operator might use a script to move the background browser that is located out of the viewing area into the visible area of the screen or web browser. The purpose of this tactic might be to capture information from an unsuspecting user.
In a final scenario, some web browsers use security context such as zones to restrict access to resources such as the user's file system, registry, etc. When some uniform resource locators (URLs) are stored as “favorites” in a web browser and re-accessed at a later time, the security context for the URL may be lost, allowing an unsafe web page access to the resources. The security context may be lost if the user opens the URL in a tab.
Recognizing the state of the prior art, a solution is needed to overcome the problems identified above. Specifically, the solution needs to detect or mitigate “phishing” techniques to enable a user to use tabbed browsing without fear that information may be compromised or stolen.