Web browsers are a primary target these days. Both IE and Firefox have numerous plug-ins. The majority of plug-in vulnerabilities are related to remote code execution.

The state of the practice of protecting against browser plug-in vulnerabilities:

• Web site blacklisting is very limited

  • With some toolkits like Mpack and IcePack, attackers can exploit users through trusted web sites

• Anti-virus products cannot block such attacks

• Phishing and XSS defense techniques cannot handle plug-in vulnerabilities

• Malicious Java applet disabling techniques are normally ineffective against plug-in vulnerabilities

To test this concept, SigFree was implemented as a proxy service, inside the firewall, with HTTP/HTTPS support capability. Performance was enhanced by multi-threading, releasing and reusing established connections, and message stream processing. This implementation was made for both end point application and as a shared proxy for client-server implementation.

The test setup and the results were as follows:

• Use Web Polygraph to simulate web traffic:

  • One web-polygraph server or client process can simulate many web servers or clients simultaneously

• Workload

  • Request rate set to 0.4 /secto simulate normal user
  • We simulate 1,000 users simultaneously
  • Content types: "image", "flash", "HTML", "others", "download"

• Evaluate the proxy with 400, 600, 700, 800, 900, 1000 users respectively

  o Each evaluation lasts 30 minutes