Haute Secure - Blocking drive-by malware downloads

Security

Haute Secure – Blocking drive-by malware downloads

By ryan naraine July 17, 2007, 3:21 AM PDT

Image
1
of 11

Haute Secure – Blocking drive-by malware downloads

Read the EULA

Before installing, the user is required to agree to an End User Licensing Agreement (EULA).

Requires a restart

Upon installation, Haute Secure requires a Windows restart to complete the process.

The Haute Secure Toolbar

The utility works within Internet Explorer, much like a regular toolbar. This screen shows Haute Secure living within IE 7 on Windows Vista.

The warning icon

When Internet Explorer browses to an unsafe Web site, the Haute Secure toolbar turns red and displays a “warning” sign.

This site is very dangerous

On live exploit sites, Haute Secure blocks the Internet Explorer user from browsing and displays a bright red icon with a blunt “This site is very dangerous” warning.

Unblocking a site

If an Internet Explorer user wishes to unblock a site flagged as dangerous, this can be done via a few mouse-clicks.

Rootkit.com, marked as safe

During my testing, I browsed to some sites that host known harmful code. Haute Secure lists Rootkit.com as safe, because there is no attempt to launch a drive-by exploit.

OffensiveComputing.net, not so safe

At OffensiveComputing.net, a research-focused malware repository, Haute Secure isn’t as accomodating. rnrn

An IE user is greeted with a blinking yellow message in the toolbar, marking Offensive Computing as hosting “embedded” content.

Embedded content warning

Browsing to a known exploit site brings up another orange-colored “embedded content warning.”rnrn

EDITOR’S NOTE: Do not browse to the URL in this screenshot with an unpatched Windows machine and without adequate protection from malware files.

No search page warning

Unlike McAfee’s SiteAdvisor and Exploit Prevention Labs’ LinkScanner, Haute Secure does not issue a warning when search results return known bad sites.rn

In this example a search for “Lindsay Lohan screensavers” brings up a known exploit site but Haute Secure does not flag this. rnrn

See next slide to see what happens when the known site is launched…

Lindsay Lohan screensaver warning

When the user clicks on the “Lindsay Lohan screensaver” from the search result (see previous slide), Haute Secure flashes a “warning” in the Internet Explorer toolbar.

By ryan naraine

Account Information

Contact ryan naraine

Your message has been sent
|
See all of ryan's content

Keeping all the various moving parts of a business running smoothly and on time requires a well-organized individual who can see the final goal of a project, develop a path to reach that goal and communicate the path that must be followed to all the individuals and teams working to bring that final goal to ...

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers. The purpose of this SSL Certificate Best Practices Policy from TechRepublic ...

Mobile devices are a way of life in both the consumer and business realms — and business interests must be protected where the two converge. This policy from TechRepublic Premium provides guidelines for the safe and productive use of mobile devices (laptop computers, tablets, smartphones, etc.) by employees. It includes stipulations for company and employee-owned ...