Haute Secure – Blocking drive-by malware downloads
Image 1 of 11
Read the EULA
Read the EULA
Before installing, the user is required to agree to an End User Licensing Agreement (EULA).
Requires a restart
Requires a restart
Upon installation, Haute Secure requires a Windows restart to complete the process.
The Haute Secure Toolbar
The Haute Secure Toolbar
The utility works within Internet Explorer, much like a regular toolbar. This screen shows Haute Secure living within IE 7 on Windows Vista.
The warning icon
The warning icon
When Internet Explorer browses to an unsafe Web site, the Haute Secure toolbar turns red and displays a “warning” sign.
This site is very dangerous
This site is very dangerous
On live exploit sites, Haute Secure blocks the Internet Explorer user from browsing and displays a bright red icon with a blunt “This site is very dangerous” warning.
Unblocking a site
Unblocking a site
If an Internet Explorer user wishes to unblock a site flagged as dangerous, this can be done via a few mouse-clicks.
Rootkit.com, marked as safe
Rootkit.com, marked as safe
During my testing, I browsed to some sites that host known harmful code. Haute Secure lists Rootkit.com as safe, because there is no attempt to launch a drive-by exploit.
OffensiveComputing.net, not so safe
OffensiveComputing.net, not so safe
At OffensiveComputing.net, a research-focused malware repository, Haute Secure isn’t as accomodating. rnrn
An IE user is greeted with a blinking yellow message in the toolbar, marking Offensive Computing as hosting “embedded” content.
Embedded content warning
Embedded content warning
Browsing to a known exploit site brings up another orange-colored “embedded content warning.”rnrn
EDITOR’S NOTE: Do not browse to the URL in this screenshot with an unpatched Windows machine and without adequate protection from malware files.
No search page warning
No search page warning
Unlike McAfee’s SiteAdvisor and Exploit Prevention Labs’ LinkScanner, Haute Secure does not issue a warning when search results return known bad sites.rn
In this example a search for “Lindsay Lohan screensavers” brings up a known exploit site but Haute Secure does not flag this. rnrn
See next slide to see what happens when the known site is launched…
Lindsay Lohan screensaver warning
Lindsay Lohan screensaver warning
When the user clicks on the “Lindsay Lohan screensaver” from the search result (see previous slide), Haute Secure flashes a “warning” in the Internet Explorer toolbar.
