Developers of browser toolbars are creating new tools that defend against more than just adware, spyware, and phishing sites. New toolbars can defend against malware too, without the use of signature databases.

Signature databases have been the traditional method of detecting various forms of malware, particularly in desktop antivirus and antispyware tools and in some gateway-based content-scanning tools. While signature-based scanning is reasonably effective, new forms of malware can slip past defenses before signature databases are updated to include signatures for their detection. Malware developers often use techniques that can morph code into a new form.

Late last year, Exploit Prevention Labs launched the LinkScanner Pro browser toolbar. An offshoot of the company's original SocketShield product, LinkScanner Pro helps protect against malicious content in Web sites and search results by scanning Web page content in real time without the use of signature databases. After scanning a Web page, the tool presents an on-screen indication of the potential risk of the site.

In April, Finjan released a competing toolbar called SecureBrowsing. SecureBrowsing also works in real time, however the current version is limited to working only with results from a select set of search engines, as well as certain Web-based email systems and social networking sites. Unlike LinkScanner, it doesn't have the capability to allow the user to scan any link that appears in whatever site is being visited.

Both tools represent an evolution beyond typical Web page reputation ranking systems, which are based on databases (similar to signature-based detection systems) that must be periodically updated and pushed out to end users. The current versions of both Microsoft Internet Explorer and Mozilla Firefox integrate reputation-based ranking systems. However, the LinkScanner and SecureBrowsing real-time scanning tools work to provide on-the-spot reputation ranking, which is invaluable since intruders often move their malicious content from site to site in an effort to avoid defenses.

Neither real-time scanning nor signature-based protection is foolproof. Nevertheless, the new toolbars serve as strong additions to existing content defense systems.

Exploit Labs recently demonstrated the effectiveness of such toolbars when it discovered that malicious content was being hosted at sites that use Google ads. One particular ad spoofed the Better Business Bureau and hosted a dangerous exploit that installs a backdoor and keylogger to steal banking credentials. With LinkScanner installed, simply moving the mouse over the hyperlink revealed the danger.