Haute Secure (HIPS)

Discussion in 'other anti-malware software' started by Rasheed187, Jul 11, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Have you used it Rasheed187?..install in VM and tell us if it is or not :D

    Apparently has a good pedigree.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Since Im using Firefox I guess this does nothing for me.

    Browsing the forums gives more info: How does Haute Secure protect me from malware?
     
  4. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    actually, its an interesting concept reading from the website, it sounds awfully similar to linkscanner pro.

    edit: anyway, if it is a HIPS it seems to be limited to internet based only - not things like cd-roms maybe.
     
  5. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    They have a 64bit version as well.

    EDIT: Only works on Vista64, not XP x64.
     
    Last edited: Jul 13, 2007
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Okay downloaded Haute Secure. 2.53Mb

    Interesting, playing with it now.
     

    Attached Files:

    • hs1.JPG
      hs1.JPG
      File size:
      178.6 KB
      Views:
      32
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Site & content blocking.

    Haute Secure knows what I do about this site. Content is blocked when continued to the page.
     

    Attached Files:

  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Last edited: Jul 12, 2007
  9. xuesisi

    xuesisi Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    71
    LinkScannerPro is better than it
     
  10. interstate ron

    interstate ron Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    65
    Location:
    over the hill from West "By God"
    I kinda like it so far and it's not a "pro" with a dollar sign.
     
  11. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
  12. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    What's a good site to test this software? Preferably something benign.

    It's a shame it doesn't work with IE shells like Sleipnir/Maxthon/etc.
     
  13. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I tried this one a few days ago but it messed up my machine, so take care.
    That said I don't blame Haute Secure for that, could be my setup as well.

    Gerard
     
  14. silat

    silat Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    190
    Actually when I used Maxthon I got the Haute warnings but had no way to disable as the Haute Toolbar doesnt appear in Maxthon:)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    I checked it out on my VM and I really don´t see what´s so special about this tool. When it comes to the HIPS part, a tool like SSM for example does the except same job, and I have never been a fan of the approach taken by a tool like LinkScanner. Also, it might have been a conflict or something but the GUI was very sluggish, I really don´t see why these obviously smart and talented guys couldn´t come up with something better. o_O
     
    Last edited: Jul 18, 2007
  16. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    It's not meant to compete with SSM Pro.

    A closer but not perfect fit would be comparing it with DefenseWall and Sandboxie maybe plus site blocking like SiteAdvisor. It's meant for more ordinary users seeking reasonable security than people like you Rasheed187 seeking to protect themselves from elite hackers. Remember only 0.01% of users are computer geeks.

    Most of today's safe browsing security products either focus on advising the user when a bad website is visited, or filtering bad content using signatures. In Web 2.0, we do not consider that sufficient. Any site could be an amalgamation of content from numerous dynamic sources. And polymorphic exploit code and unannounced 0-day vulnerabilities mean sometimes signatures are too slow. That is why Haute Secure takes a multi-layer approach that includes signature-less protection against malware installation.

    Haute Secure’s initial beta release is first and foremost a behavior-based malware filter. Haute Secure is capable of identifying and blocking the installation of malware that is delivered through exploitation of a vulnerability in the user’s browser or a browser plug-in. This is what we term “active protection.” Secondarily, it provides URL blocking services for known bad sites. We call this “passive protection.”

    Active Protection

    Haute Secure’s active protection uses a “soft sandbox” to identify malware installation attempts. (More information is available here: http://community.hautesecure.com/forums/t/29.aspx.) This is different than a traditional sandbox primarily in that it focuses only on trapping certain violations of a behavior rule set, rather than a strict quarantine policy. Soft sandboxing allows most normal actions during browsing to occur without interruption. The behavior rule set triggers when behavior consistent with a transparent installation of software is observed. While the actual rules are a bit more complicated, Haute Secure essentially looks for executable code to be installed on the computer without user consent. Hence, if a user with Haute Secure installs an ActiveX control, this will occur without interruption. If a user downloads and runs a program, this will occur without interruption. However, if the user navigates to a site and the site serves exploit code to the browser that it is not properly patched again, and that exploit code tries to install malware, this will be blocked. Haute Secure uses context clues to determine the difference between intentional and unintentional code installation.


    http://community.hautesecure.com/blogs/company/default.aspx
     
  17. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I just tried Maxthon and got no warning when I went to a crack site that is blocked in IE. o_O
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    @ LUSHER

    I agree, if it can stop drive by attacks it is indeed a very useful tool for non-geeks. I wish some expert could take this tool for a testdrive, to see how it actually performs against attacks. I also wonder if it might do a better job in protecting your browser than a regular HIPS. So far I´ve only gotten a couple of strange alerts for no apparent reason.

    And I don´t believe it´s crap, but I do hope that they will make the GUI a bit more handy to use and easier to understand. Also, I´m not sure but I think it might conflict a bit with a couple of HIPS, so I don´t think I will install it on my box anytime soon. But still, I will keep my eye on this tool, because it sure looks interesting.
     
    Last edited: Jul 23, 2007
  19. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Anyone notice that CtUrlHistoryCatalog.ctlog in the C:\WINDOWS\Ct\ folder has ballooned to a large size? It was over 100MB on my sister's computer. She's been complaing of IE slowdowns and Haute Secure appears to be the culprit so I ditched it.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Expresso,

    Noticed this to. When you have opted for the feedback program, it will collect all sites you visit. So you allow HauteSecure to spy on you. But there is away to work around this by using autoruns:
    1. Unselect the items marked in the attached images.
    2. Reboot.
    3. Copy the files CtUrlHistoryCatelog.Ctlog and CtUrlHistoryCatelog.Ctlog.ctidx from a location after you just fresh installed HauteSecure (so they will be ste back to their initial value of a few kliobytes)
    4. Select the in step 1 unselected items
    5. Reboot

    And hautesecure is trimmed sown again.

    Not the procedure one would imagine user friendly, but runningVista64 itis the onlly strong protection offered on IE
    Go to auto
    Thx
     

    Attached Files:

    Last edited: Aug 30, 2007
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Got a reply from the developers. Haute secure only tracks 5 days of URL history. In future the numbe rof days can be set by the configuration util.

    Experiences so far:
    Soft Sandbox feature:
    Does not seem to slow doen the system, has not yet kicked in. Has the great advantage that it is the only containment offered on Vista64 at the moment.

    URL protection
    Although only a limited number of users are feeding the central engine, it kicks in at the usual suspect sites (warez etc).

    No freeby nag screens or other Beta hassles, so for the time being it is a keeper.

    Regards Kees
     
  22. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    Antivir Premium gave me a warning when I installed this on my machine.
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Okay,

    A year ago a dll of Dynamic Security Agent was also flagged by Antivir. Do not install when you don't trust it.

    Regards Kees
     
  24. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: This puzzles me:Haute Secure Has flagged Wilders site as warning level1, bronze colour. o_O
     
  25. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    I had the (AntiVir) heuristics on high so that might be the problem!
     
Loading...
Thread Status:
Not open for further replies.