Haute Secure (HIPS)

[Rasheed187]

It´s probably crap, but check it out:

http://www.hautesecure.com/

[Meriadoc]

Have you used it Rasheed187?..install in VM and tell us if it is or not

Apparently has a good pedigree.

[WSFuser]

Quote:

Today we support Internet Explorer. Soon we will also keep you safe from malware when using Firefox or Safari.

Since Im using Firefox I guess this does nothing for me.

Browsing the forums gives more info: How does Haute Secure protect me from malware?

[tamdam]

actually, its an interesting concept reading from the website, it sounds awfully similar to linkscanner pro.

edit: anyway, if it is a HIPS it seems to be limited to internet based only - not things like cd-roms maybe.

[Espresso]

They have a 64bit version as well.

EDIT: Only works on Vista64, not XP x64.

[Meriadoc]

Okay downloaded Haute Secure. 2.53Mb

Interesting, playing with it now.

[Meriadoc]

Site & content blocking.

Haute Secure knows what I do about this site. Content is blocked when continued to the page.

[Longboard]

Another little bait:
http://www.darkreading.com/document.asp?doc_id=128856
might be nice ?
Possibly not crap, might not be fully mature yet.

[xuesisi]

LinkScannerPro is better than it

[interstate ron]

I kinda like it so far and it's not a "pro" with a dollar sign.

[dan_maran]

http://www.alex-ionescu.com/?p=44

http://blogs.zdnet.com/security/?p=366

[Espresso]

What's a good site to test this software? Preferably something benign.

It's a shame it doesn't work with IE shells like Sleipnir/Maxthon/etc.

[gerardwil]

I tried this one a few days ago but it messed up my machine, so take care.
That said I don't blame Haute Secure for that, could be my setup as well.

Gerard

[silat]

Quote:

Originally Posted by Espresso

What's a good site to test this software? Preferably something benign.

It's a shame it doesn't work with IE shells like Sleipnir/Maxthon/etc.

Actually when I used Maxthon I got the Haute warnings but had no way to disable as the Haute Toolbar doesnt appear in Maxthon

[Rasheed187]

I checked it out on my VM and I really don´t see what´s so special about this tool. When it comes to the HIPS part, a tool like SSM for example does the except same job, and I have never been a fan of the approach taken by a tool like LinkScanner. Also, it might have been a conflict or something but the GUI was very sluggish, I really don´t see why these obviously smart and talented guys couldn´t come up with something better.

[LUSHER]

It's not meant to compete with SSM Pro.

A closer but not perfect fit would be comparing it with DefenseWall and Sandboxie maybe plus site blocking like SiteAdvisor. It's meant for more ordinary users seeking reasonable security than people like you Rasheed187 seeking to protect themselves from elite hackers. Remember only 0.01% of users are computer geeks.

Most of today's safe browsing security products either focus on advising the user when a bad website is visited, or filtering bad content using signatures. In Web 2.0, we do not consider that sufficient. Any site could be an amalgamation of content from numerous dynamic sources. And polymorphic exploit code and unannounced 0-day vulnerabilities mean sometimes signatures are too slow. That is why Haute Secure takes a multi-layer approach that includes signature-less protection against malware installation.

Haute Secure’s initial beta release is first and foremost a behavior-based malware filter. Haute Secure is capable of identifying and blocking the installation of malware that is delivered through exploitation of a vulnerability in the user’s browser or a browser plug-in. This is what we term “active protection.” Secondarily, it provides URL blocking services for known bad sites. We call this “passive protection.”

Active Protection

Haute Secure’s active protection uses a “soft sandbox” to identify malware installation attempts. (More information is available here: http://community.hautesecure.com/forums/t/29.aspx.) This is different than a traditional sandbox primarily in that it focuses only on trapping certain violations of a behavior rule set, rather than a strict quarantine policy. Soft sandboxing allows most normal actions during browsing to occur without interruption. The behavior rule set triggers when behavior consistent with a transparent installation of software is observed. While the actual rules are a bit more complicated, Haute Secure essentially looks for executable code to be installed on the computer without user consent. Hence, if a user with Haute Secure installs an ActiveX control, this will occur without interruption. If a user downloads and runs a program, this will occur without interruption. However, if the user navigates to a site and the site serves exploit code to the browser that it is not properly patched again, and that exploit code tries to install malware, this will be blocked. Haute Secure uses context clues to determine the difference between intentional and unintentional code installation.

http://community.hautesecure.com/blo...y/default.aspx

[Espresso]

Quote:

Originally Posted by silat

Actually when I used Maxthon I got the Haute warnings but had no way to disable as the Haute Toolbar doesnt appear in Maxthon

I just tried Maxthon and got no warning when I went to a crack site that is blocked in IE.

[Rasheed187]

@ LUSHER

I agree, if it can stop drive by attacks it is indeed a very useful tool for non-geeks. I wish some expert could take this tool for a testdrive, to see how it actually performs against attacks. I also wonder if it might do a better job in protecting your browser than a regular HIPS. So far I´ve only gotten a couple of strange alerts for no apparent reason.

And I don´t believe it´s crap, but I do hope that they will make the GUI a bit more handy to use and easier to understand. Also, I´m not sure but I think it might conflict a bit with a couple of HIPS, so I don´t think I will install it on my box anytime soon. But still, I will keep my eye on this tool, because it sure looks interesting.

[Espresso]

Anyone notice that CtUrlHistoryCatalog.ctlog in the C:\WINDOWS\Ct\ folder has ballooned to a large size? It was over 100MB on my sister's computer. She's been complaing of IE slowdowns and Haute Secure appears to be the culprit so I ditched it.

[Kees1958]

Expresso,

Noticed this to. When you have opted for the feedback program, it will collect all sites you visit. So you allow HauteSecure to spy on you. But there is away to work around this by using autoruns:
1. Unselect the items marked in the attached images.
2. Reboot.
3. Copy the files CtUrlHistoryCatelog.Ctlog and CtUrlHistoryCatelog.Ctlog.ctidx from a location after you just fresh installed HauteSecure (so they will be ste back to their initial value of a few kliobytes)
4. Select the in step 1 unselected items
5. Reboot

And hautesecure is trimmed sown again.

Not the procedure one would imagine user friendly, but runningVista64 itis the onlly strong protection offered on IE
Go to auto
Thx

[Kees1958]

Got a reply from the developers. Haute secure only tracks 5 days of URL history. In future the numbe rof days can be set by the configuration util.

Experiences so far:
Soft Sandbox feature:
Does not seem to slow doen the system, has not yet kicked in. Has the great advantage that it is the only containment offered on Vista64 at the moment.

URL protection
Although only a limited number of users are feeding the central engine, it kicks in at the usual suspect sites (warez etc).

No freeby nag screens or other Beta hassles, so for the time being it is a keeper.

Regards Kees

[Sportscubs1272]

Antivir Premium gave me a warning when I installed this on my machine.

[Kees1958]

Okay,

A year ago a dll of Dynamic Security Agent was also flagged by Antivir. Do not install when you don't trust it.

Regards Kees

[Perman]

Hi, folks: This puzzles me:Haute Secure Has flagged Wilders site as warning level1, bronze colour.

[Sportscubs1272]

I had the (AntiVir) heuristics on high so that might be the problem!