haute secure - a new add on dedicated to fighting malware sites
How can I best describe Haute Secure, a yet to be released toolbar for Internet Explorer (x86 and x64). Well, we all know how successful the Phishing Filter has been at protecting web surfers from phishing sites - a big part of the success of the Phishing Filter has been the data sharing that happens - whether it be data sharing between Microsoft and various corporate data providers, or IE7 users sharing their phishing site discoveries with Microsoft.
The developers of Haute Secure are very aware of the new risks associated with Web 2.0, whether it be social networking, blogs, search engines, widgets or banner ads. Regular readers of my blog will know that such risks are a primary focus and interest for me as well - I've been right in the thick of the fight to get malware out of the various advertising networks and trying to shut down compromised web sites, and heaven knows I'm sick of having to carefully check blog comments just in case the URL of the poster is a malware or compromised Web site.
Haute Secure is a step towards using the same sort of communal mind-share that is the foundation stone of the Phishing Filter's success, but this time the target is malware. Users are protected as follows:
- Bad sites are blocked before they can load.
- Even if the site has not been encountered before, Haute Secure can stop sites from downloading malware via the use of behaviour based algorithms.
- Every time the software blocks a malware download, the incident is reported to Haute Secure's malicious link database. What was once an unknown bad site becomes a known bad site, protecting future visitors to the site who are using Haute Secure.
As you'll see from the screenshot below, Haute Secure installs a toolbar in IE7. It looks small, but it is kind of eye catching - the toolbar changes color, moving from a gray tone to red, and back again. BTW, the Find toolbar you can see in the screenshot is "Find As You Type", available at www.enhanceie.com.
CAVEAT: Please bear in mind that I am running a pre-release build of Haute Secure - the look and behavior of the product could, and likely will, change a lot between now and later builds
Haute Secure is not yet available to the general public. The home page is live, but there is not much to see.
Known bad sites are blocked:
False positives can be reported:
Clicking on "Let us know" brings you to this page:
Clicking on the toolbar when an alert is triggered gives us various options - you can continue to the site if you wish, and even add the site to an ignore list.
The more info screen:
There is a lot still to be learned about Haute Secure - for example, exactly how does it work and how often is the database updated - is information transmitted encrypted - is it a fullly dynamic service or is information stored locally - what classes as malware - does the site have to actually attempt to install software to be blocked, or is a known download site for fraudware (such as sites used by the Winfixer family of fraudware) also blocked - how will it handle malicious banner advertisements or pop-ups - will it go down the "all adverts are bad" route taken by the popular protective HOSTS files, or will it try to differentiate between good ads and bad ads (which is going to be a real technical challenge).
I'll post again once a build is available to the public and as I learn more.