March 2008

Haute Secure Protects From Malicious Websites

Obtained from author with the author's permission for publication by APCUG member groups.

There are millions of websites hosting dangerous content. I am not referring to objectionable material, but in this context I am referring to websites that can load malware onto your computer by simply opening a webpage, or which contain fraudulent content. Many of the internet security suites provide some protection from browser vectored malware and dangerous content, but almost all of the security suites lack comprehensive protection. Fortunately for us web surfers, there is a free product that provides the comprehensive protection lacking in the internet security suites, that product being Haute Secure.

Haute Secure ( www.hautesecure.com ), currently in beta, works with both Firefox (my preferred browser) and Internet Explorer, to provide protection from nefarious websites, by blocking access to websites that contain malware, identity stealing phishing websites, and a variety of web borne adware. According to the Haute Secure website, “The most popular content on the internet today is also the most dangerous. Flash videos, widgets, blogs, RSS feeds, and even ads are loaded with dangerous malware that is too sophisticated to be detected by anti-virus and anti-spyware software." Created by some former Microsoft software security engineers, and financed by venture capitalists, Haute Secure integrates the security and malware databases and blocklists of Google’s Safe Browsing API project (code.google.com/apis/safebrowsing), the Spamhaus Project (www.spamhaus.org/organization/index.lasso), and the anti-phishing service Phish Tank (www.phishtank.com/about.php). In addition to these commercial malware databases and services, Haute Secure also utilizes a “community” approach whereby users can voluntarily report suspicious websites to Haute Secure, which will then incorporate the information into its continuously updated lists. While Haute Secure is free software, its business model generates revenue by selling its verification services to web hosts and web masters.

There has been a recent spate of malware spreading websites that have maliciously seeded their way in to the top rankings of the major websites. Unsuspecting individuals searching for countless search terms have been inadvertently directed to malware containing websites surreptitiously placed high in the search engine rankings. One of many such recent events was the appearance of the MonaRonaDona virus which infected countless visitors to infected websites. MonaRonaDona took control of Internet Explorer, and blocked several popular programs from running, including Microsoft Office components. MonaRonaDona was in a class of virus known as extortion ware, where for a fee, it could be removed from the system. In a well plan and executed attack, the authors of MonaRonaDona also created a bogus antivirus program to remove the infection, seeded the search engines with multiple references to the bogus program to move it to the top of the search engines, and even posted bogus reviews of the malignant antivirus program on legitimate review sites. Users of computers which were infected with MonaRonaDona (the virus posted a popup with the virus name and a message) who then executed a search on any major search engine was directed to the bogus antivirus program, which for a fee of $30, would remove the MonaRonaDona, but then leave the computer otherwise unprotected and vulnerable to later attack. Users of Haute Secure were unlikely to fall victim to this scam as Haute Secure would have warned the user about the malicious content on the contaminated websites, and displayed a bold warning about the bogus antivirus website, alerting the user of the potential for a scam. Any search engine results displayed would have been labeled as legitimate or dangerous, again protecting the user from illicit websites.

Haute Secure integrates with some of the major search engines, including Google and Yahoo!, and displays a series of icons adjacent to the listings displayed. One icon, which appears as a cartoon style balloon, displays the community tagging rating; if the icon is blue, the linked site is likely safe to visit; if it is a red flame, the site is dangerous and should not be opened. If the user chooses to open the site despite the warning, Haute Secure will intercept the page, and display a full-screen warning explaining the threat. If the user still wants to live dangerously and bypass the warning screen, he may do so by simply clicking on a link “Continue to site”. On many sites there may be a second icon, displaying two human looking objects; mousing over this icon displays the results of votes by Haute Secure users rating the safety of the site. By taking advantage of the safety ratings of a website displayed by a search engine, the user can reasonably be assured that the site is safe to visit.

Phishing, the use of spoofed websites to ensnare the user to disclose personal information for the purposes of identity theft, is a major problem stealing billions of dollars annually from unsuspecting victims. Haute Secure provides substantial protection from phishing websites by blocking access to them, and utilizes the comprehensive phishing databases of such resources as Phish Tank, and Stopbadware.org. If the user is tricked into clicking on a purloined link to a phishing website, Haute Secure will typically display a full screen warning rather than the malicious website.

Haute Secure also provides protection from many of the forms of adware and internet tracking. When I access my email using webmail, a window occasionally appears on the bottom right corner of my screen telling me that Haute Secure has blocked an unseen advertising product that tracks my internet usage.

As I type this, clicking on the Haute Secure icon adjacent to my clock indicates that it has a database of reputation information on 2,897,750 websites, and was last updated just 23 minutes ago. Haute Secure claims to offer database updates at least hourly, a good faith attempt to keep it up to date.

Haute Secure is loaded when the computer is booted, and automatically provides protection in real time while surfing the web, reading email, instant messaging, or participating in almost any other internet activity. By default, it adds a small, three item toolbar in Firefox and Internet Explorer, which can be turned off if desired by clicking on View – Toolbars, and unchecking Haute Secure. The icons displayed on the toolbar provide for site information on the site opened, and a “thumbs up” or “thumbs down” rating on the open website that will be reported to the community, and added to the site ratings when a website is displayed on a participating search engine.

I found Haute Secure to be a valuable adjunct to my existing suite of internet security software, as it fills some of the vulnerability gaps of that software. While it is not a unique product, and has some competitors, it offers more features than those competitors, which mostly only provide a site rating service. Personally, I give Haute Secure a “thumbs up” and can recommend it to all internet users.

Click here to view more articles that may interest you.