Haute Secure experience so far

Discussion in 'other anti-malware software' started by Kees1958, Apr 5, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Haute Secure is a so called soft sandbox/surf guard. It can be best compared with lincsanner pro, see http://hautesecure.com/howitworks.aspx

    The application is in beta (final stages). Beta has not reflected in many bugs while we were using it. On their website the more or less explain the functionality of the surfguard and not of the soft sandbox. Reason for this is that it can be used right out of the box without configuraton.

    When you want to play with it, you need to start the admin module from the program list (surfguard can be launched from a tray icon and a browser task bar).

    Web 2.0, XML, COM, Ajax, Java/J2EE and all other zero footprint distrbuted computing facilities, are the reason that I stopped using anti executables. The code can be anywhere, so a limited user rights and policy sandbox strategy is the way the go (may be backed up by a behavioral blocker).

    On Vista64 there is little freeware HIPS available. Comodo has some goodies. PRSC has a paid 64 bits compatibilty version. CFP3.0 is real 64 bits code, but most others are adapted 32 bits programs. Hautsecure also has a real 64 bits version. Because my son is a gamer, speed counts. Webbrowser protection of HauteSecure is good, but lately I also used it as a replacement for D+ and PRSC. The reduction of Vista64 startup time was remarkable.

    Using global template

    The admin has a global and a per program setting. Templates are default templates, which can be used for programs. When a template is valid for as certain program it becomes a profile. Idea behind it is that you have more profiles for the same program. Selecting prompt will prompt, selecting enable will block it silently. The admnin module needs structuring (e.g. devide in internal and external traffic facing programs, and within this the change of running dynamic code). For noob users it is nicely working ap, for power users the configuration needs some more refinement (to make it easier to use). When HauteSecure notices a intrusion it will pop up a warning. When you want to make it a permanent rule, you have to enter a check code (of I think 8 characters). For the power user it should be more easy to accept permanent rules.

    Using LUA in quiet mode (use tweakuac freeware) to deal with punkbuster, teamspeak etc, you still have file and registry virtualisation, IE in protected mode and programs start in LUA by default, when you log-in as an admin.

    LUA is a nice extra layer of protection, which was weakened by running in quiet mode. Using a global template, can reduce this without a lot of annoying LUA pop-ups.

    I have encloded a picture with the options selected for a global profile. Make sure you increase your response time (options screen of admin) to 60 seconds. These setting did generate only one or two pop-ups.

    As said: you do not need global rules when running full LUA, for gamers LUA in quiet mode and HauteSecure global profile will provide a very light strong defense.

    At the moment only running Avast 4.8 and HauteSecure (not using VFWC 1.3 and PRSC anymore) with default Vista firewall. Son is very very content with the responsiveness of his dual core@3.2 gameing box. Off course the guys are former Microsoft employees and know the Vista architecture very well. So there speed headstart is understandable.

    Regards Kees

    Note the "block certain functions being called outside a module"has to do with vista architecture improvements, which are made even tighter. Pitty they do not explain what is blocked and what the effect is. Just as an example of the beta state of help info.
     

    Attached Files:

    Last edited: Apr 5, 2008
  2. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Kees1958,

    Thanks for the info. I've been watching Haute Secure with interest.

    How effective has it been for you at stopping malware?
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Nice piece Kees.

    Questions-

    1. Are you running Avast's web guard and haute secure at the same time?
    2. Do you know what scanning engine(s) haute secure uses to analyze the safety of search result url's, if any?

    thanks
     
  4. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    I cannot see how it protects from Malware as I have run a number of known Viruses and testing tools which haven't been detected. I'm running the program with "out of the box" settings so maybe I'm doing something wrong o_O - Anyone have any recommended settings?

    ~interact
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Interact,

    Please note that you have to go to the administrator module (look for HauteSecure in your program list). There you have to go to the admin module.
    Look for global and enable a profile with the settings I recommended.

    While testing I found one Beta glitch: the stop create service can not always be unblocked. You have to create a program specific profile when you run into this situation (was a known bug which will be dealt with).

    Haute secure is simular to Linkscanner Pro with the difference that you can use the softsandbox globally (for all programs) or can use it for specific programs other than your browser (I have also made a profile for LimeWire).

    When you test it out of the box, you should test it against malicious sites. Its primary goal is to offer additional protection against drive by infections. .

    Downloading software, executing malware in the out of the box settings will not trigger alerts, because your behind the browser already. Only when you define a global profile it will add to your protection.

    The sandbox has not the same strength as for instance DefenseWall, the containment module (which audits single trigger behaviors like SSM/D+) is also limited.

    Point is that with Vista64 and LUA, I reduced oour protection by running LUA in quiet mode (very few admin elevation prompts when logged in as admin).
    For those situations HauteSecure Global profile is a great add-on to compensate this.

    On Vista32 there are more intelligent behavior blockers (e.g. ThreatFire, Mamutu) and better sandboxes (e.g. DefenseWall-SafeSpace).
    For Vista32 users, who use a freeware AV (AVG, Avira, Avast), HauteSecure will give you the same Linkscanner Pro benefits for free while in Beta.


    Regards Kees
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    1. Yes side by side
    2. They have their own and use published sources. Am behind a different PC now, have a look at this http://blog.hautesecure.com/ look for new and changed features in the new beta
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    thanks for the info- good stuff
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    That is really hard to say.

    My son was able to crash the harddisk using Vista64 with Lua in quiet mode, VistaFireWallControl,Avira free, Primary SafeConnect paid within one and half month.

    Problem he was surfing game sites for cracks/unlocks to cheat with gaming. I threathened to put Comodo, Avira, PRSC on his deskptop, with onlu LUA access. He promised to use Avast, HS with global profile and do not surf to sites with a warning from HS. So to him it is a balance of changed behaviour and security which is tolerable and still very fast on his gaming rig.

    Since my first post on HS the system is still running nicely. I really can not tell how much HS / changed usage behavior/ sheer luck has contributed to this. :cautious:

    Only I notice is that the guys have a competitive advantage to others (except Comodo) by offering a true 64 bits IDS layer, the global profile with regsitry protection and driver load/service creation is the ideal add-on when running LUA in quiet mode. The HauteSecure/linkscanner pro concept works (HS was our choice because of Vista64) and it is fast.
     
  9. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    Kees1958,

    Many thanks for your feedback I will investigate further.

    ~interact

     
  10. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Kees,
    How about an update on HauteSecure? Have you found any tweaks for IE in Admin that you can share with us? I'm trying HauteSecure at present and am interested in securing it and IE as well. How much of a sandbox is HauteSecure on a 1 to 10 scale in your opinion?

    Running Vista 32 bit with IE8 Beta.

    Thank you.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Trespasser,

    At the moment my son runs only LUA in quiet mode, HauteSecure and Avast 4.8.

    Haute Secure global profile (with inheritance) (prompt)
    Registry
    - block run registry key
    - ditto runonce key
    - runonceex
    - runservices
    - runservicesonce
    - explorer run
    - winlogon
    - winlogon notify
    - appinit dll's
    - shell execute hook
    - shell service
    - shared task
    - load registry key
    - active setup
    - winsock lsp protocol
    - winsock namespace
    - shell .bat open
    - shell .com
    - shell .exe
    - shell .hta
    - shell .pif
    - shell .txt
    - DCOM enable
    - Explorer startup
    - Keyboard filter
    - Service binary

    Containment
    - Block create service
    - Block running cmd.exe
    - ditto msh.exe
    - cscript.exe
    - wscript.exe
    - regedit.exe
    - reg.exe
    - ftp.exe
    - tftp.exe
    - regsrvr32.exe
    - mshta.exe
    - block dll loads from network path
    - ditto exe loads
    - block opening non-child processes
    - block certain functions from being called outside of a module
    - block driver loading
    - block writing to user start folder

    IEXPLORER
    Above prompts set to enable block (without prompt), plus

    Prompts for (Registry)
    - IE HTML filter
    - IE BHO
    - IE Toolbar
    - IE extensions
    - IE search URL
    - IE Search hooks
    - IE about URL
    - IE main registry
    - IE search key
    - IE internet zone registry key
    - IE namespace

    Prompts for (containment)
    - Block open service
    - Block allow written file isolation

    LimeWire limited in the same way, some games, teamspeak, Xfire and punkbuster etc allowed for certain intrusions.

    I only use default reputation lists

    For Vista64 the only soft sandbox available. For Vista32 I think DefenseWall is better. The combo (soft sandbox plus reputation list warning) I would give an 8, I think it is great (gr:cool:

    Gr. Kees
     
  12. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Kees,
    I can see you put a lot of effort into this so I wanted to let you know that I really appreciate it. Thanks. :).
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    HS has a good FAQ section to get acquinted with the advanced functions.

    On our Vista64 box I installed AVG 8 (has more 64 bits code than Avast and much more than Avira). When you go to IE extra, programs and disable the BHO objects of AVG, you tamed LinkScanner.

    HauteSecures block list are much faster than AVG's webshield/old linkscanner.

    In this way the AVG icon keeps normal, but functionality is disabled (not through the control center, but via IE extra menu).

    HauteSecure's concept of local blocklist synchronized like AV black list data base clearly shows its speed advantage compared to central blocklists.
     
    Last edited: May 7, 2008
Loading...
Thread Status:
Not open for further replies.