Haute Secure experience so far

Hi,

Haute Secure is a so called soft sandbox/surf guard. It can be best compared with lincsanner pro, see http://hautesecure.com/howitworks.aspx

The application is in beta (final stages). Beta has not reflected in many bugs while we were using it. On their website the more or less explain the functionality of the surfguard and not of the soft sandbox. Reason for this is that it can be used right out of the box without configuraton.

When you want to play with it, you need to start the admin module from the program list (surfguard can be launched from a tray icon and a browser task bar).

Web 2.0, XML, COM, Ajax, Java/J2EE and all other zero footprint distrbuted computing facilities, are the reason that I stopped using anti executables. The code can be anywhere, so a limited user rights and policy sandbox strategy is the way the go (may be backed up by a behavioral blocker).

On Vista64 there is little freeware HIPS available. Comodo has some goodies. PRSC has a paid 64 bits compatibilty version. CFP3.0 is real 64 bits code, but most others are adapted 32 bits programs. Hautsecure also has a real 64 bits version. Because my son is a gamer, speed counts. Webbrowser protection of HauteSecure is good, but lately I also used it as a replacement for D+ and PRSC. The reduction of Vista64 startup time was remarkable.

Using global template

The admin has a global and a per program setting. Templates are default templates, which can be used for programs. When a template is valid for as certain program it becomes a profile. Idea behind it is that you have more profiles for the same program. Selecting prompt will prompt, selecting enable will block it silently. The admnin module needs structuring (e.g. devide in internal and external traffic facing programs, and within this the change of running dynamic code). For noob users it is nicely working ap, for power users the configuration needs some more refinement (to make it easier to use). When HauteSecure notices a intrusion it will pop up a warning. When you want to make it a permanent rule, you have to enter a check code (of I think 8 characters). For the power user it should be more easy to accept permanent rules.

Using LUA in quiet mode (use tweakuac freeware) to deal with punkbuster, teamspeak etc, you still have file and registry virtualisation, IE in protected mode and programs start in LUA by default, when you log-in as an admin.

LUA is a nice extra layer of protection, which was weakened by running in quiet mode. Using a global template, can reduce this without a lot of annoying LUA pop-ups.

I have encloded a picture with the options selected for a global profile. Make sure you increase your response time (options screen of admin) to 60 seconds. These setting did generate only one or two pop-ups.

As said: you do not need global rules when running full LUA, for gamers LUA in quiet mode and HauteSecure global profile will provide a very light strong defense.

At the moment only running Avast 4.8 and HauteSecure (not using VFWC 1.3 and PRSC anymore) with default Vista firewall. Son is very very content with the responsiveness of his dual core@3.2 gameing box. Off course the guys are former Microsoft employees and know the Vista architecture very well. So there speed headstart is understandable.

Regards Kees

Note the "block certain functions being called outside a module"has to do with vista architecture improvements, which are made even tighter. Pitty they do not explain what is blocked and what the effect is. Just as an example of the beta state of help info.

 

Kees1958,

Thanks for the info. I've been watching Haute Secure with interest.

How effective has it been for you at stopping malware?

 

Nice piece Kees.

Questions-

1. Are you running Avast's web guard and haute secure at the same time?
2. Do you know what scanning engine(s) haute secure uses to analyze the safety of search result url's, if any?

thanks

 

I cannot see how it protects from Malware as I have run a number of known Viruses and testing tools which haven't been detected. I'm running the program with "out of the box" settings so maybe I'm doing something wrong - Anyone have any recommended settings?

~interact

 

Interact,

Please note that you have to go to the administrator module (look for HauteSecure in your program list). There you have to go to the admin module.
Look for global and enable a profile with the settings I recommended.

While testing I found one Beta glitch: the stop create service can not always be unblocked. You have to create a program specific profile when you run into this situation (was a known bug which will be dealt with).

Haute secure is simular to Linkscanner Pro with the difference that you can use the softsandbox globally (for all programs) or can use it for specific programs other than your browser (I have also made a profile for LimeWire).

When you test it out of the box, you should test it against malicious sites. Its primary goal is to offer additional protection against drive by infections. .

Downloading software, executing malware in the out of the box settings will not trigger alerts, because your behind the browser already. Only when you define a global profile it will add to your protection.

The sandbox has not the same strength as for instance DefenseWall, the containment module (which audits single trigger behaviors like SSM/D+) is also limited.

Point is that with Vista64 and LUA, I reduced oour protection by running LUA in quiet mode (very few admin elevation prompts when logged in as admin).
For those situations HauteSecure Global profile is a great add-on to compensate this.

On Vista32 there are more intelligent behavior blockers (e.g. ThreatFire, Mamutu) and better sandboxes (e.g. DefenseWall-SafeSpace).
For Vista32 users, who use a freeware AV (AVG, Avira, Avast), HauteSecure will give you the same Linkscanner Pro benefits for free while in Beta.


Regards Kees

 

1. Yes side by side
2. They have their own and use published sources. Am behind a different PC now, have a look at this http://blog.hautesecure.com/ look for new and changed features in the new beta

 

thanks for the info- good stuff

 

That is really hard to say.

My son was able to crash the harddisk using Vista64 with Lua in quiet mode, VistaFireWallControl,Avira free, Primary SafeConnect paid within one and half month.

Problem he was surfing game sites for cracks/unlocks to cheat with gaming. I threathened to put Comodo, Avira, PRSC on his deskptop, with onlu LUA access. He promised to use Avast, HS with global profile and do not surf to sites with a warning from HS. So to him it is a balance of changed behaviour and security which is tolerable and still very fast on his gaming rig.

Since my first post on HS the system is still running nicely. I really can not tell how much HS / changed usage behavior/ sheer luck has contributed to this.

Only I notice is that the guys have a competitive advantage to others (except Comodo) by offering a true 64 bits IDS layer, the global profile with regsitry protection and driver load/service creation is the ideal add-on when running LUA in quiet mode. The HauteSecure/linkscanner pro concept works (HS was our choice because of Vista64) and it is fast.

 

Kees1958,

Many thanks for your feedback I will investigate further.

~interact

 

Kees,
How about an update on HauteSecure? Have you found any tweaks for IE in Admin that you can share with us? I'm trying HauteSecure at present and am interested in securing it and IE as well. How much of a sandbox is HauteSecure on a 1 to 10 scale in your opinion?

Running Vista 32 bit with IE8 Beta.

Thank you.

 

Trespasser,

At the moment my son runs only LUA in quiet mode, HauteSecure and Avast 4.8.

Haute Secure global profile (with inheritance) (prompt)
Registry
- block run registry key
- ditto runonce key
- runonceex
- runservices
- runservicesonce
- explorer run
- winlogon
- winlogon notify
- appinit dll's
- shell execute hook
- shell service
- shared task
- load registry key
- active setup
- winsock lsp protocol
- winsock namespace
- shell .bat open
- shell .com
- shell .exe
- shell .hta
- shell .pif
- shell .txt
- DCOM enable
- Explorer startup
- Keyboard filter
- Service binary

Containment
- Block create service
- Block running cmd.exe
- ditto msh.exe
- cscript.exe
- wscript.exe
- regedit.exe
- reg.exe
- ftp.exe
- tftp.exe
- regsrvr32.exe
- mshta.exe
- block dll loads from network path
- ditto exe loads
- block opening non-child processes
- block certain functions from being called outside of a module
- block driver loading
- block writing to user start folder

IEXPLORER
Above prompts set to enable block (without prompt), plus

Prompts for (Registry)
- IE HTML filter
- IE BHO
- IE Toolbar
- IE extensions
- IE search URL
- IE Search hooks
- IE about URL
- IE main registry
- IE search key
- IE internet zone registry key
- IE namespace

Prompts for (containment)
- Block open service
- Block allow written file isolation

LimeWire limited in the same way, some games, teamspeak, Xfire and punkbuster etc allowed for certain intrusions.

I only use default reputation lists

For Vista64 the only soft sandbox available. For Vista32 I think DefenseWall is better. The combo (soft sandbox plus reputation list warning) I would give an 8, I think it is great (gr

Gr. Kees

 

Kees,
I can see you put a lot of effort into this so I wanted to let you know that I really appreciate it. Thanks. .

 

HS has a good FAQ section to get acquinted with the advanced functions.

On our Vista64 box I installed AVG 8 (has more 64 bits code than Avast and much more than Avira). When you go to IE extra, programs and disable the BHO objects of AVG, you tamed LinkScanner.

HauteSecures block list are much faster than AVG's webshield/old linkscanner.

In this way the AVG icon keeps normal, but functionality is disabled (not through the control center, but via IE extra menu).

HauteSecure's concept of local blocklist synchronized like AV black list data base clearly shows its speed advantage compared to central blocklists.