Pages

Thursday, 23 August 2007

Haute Secure review: browser security plugin






I tried Haute Secure when it first came out in beta just over a month ago. It's a browser plugin /toolbar for Internet Explorer which is supposed to warn you when you attempt to visit a "bad" site laden with malware which attacks your computer the moment you land on the site, and it will even block your browser from downloading nasty smelly germy webpages.

In their words, "When the bad content attempts to load, our behavior-based profiling algorithms identify and intercept it in real-time, before it installs itself on your computer." How it works: they have algorithms that analyse, identify and stop sneaky malware downloads in real time (and send reports home), plus a database of bad sites kept constantly updated from reports etc, or as they put it: "A distributed real-time malicious link database and a scanning infrastructure that is connected to the client software". They'll also include "malicious content found by others such as security experts and hobbyists joining the fight to stop malware attacks on unsuspecting users".

It's had good write-ups. But I go by my own experience. A favourable review will get me to try something, but I won't stick with it if I don't like it. I don't often blog about things that suck because usually I've picked up enough info to know that I should just avoid them in the first place. But if I come across something that's sucky, I'll say so. Haute Secure is sucky.

In more sober terms, here's my verdict. A most excellent idea in theory, but way too blunt an instrument in practice. I had to uninstall it after a few weeks, it was making my browsing unbearable.

Why? Like I said, it's far too blunderbuss in approach. It tars (and feathers) entire domains with the same brush, without bothering to distinguish between subdomains - like, x.blogsome.com is not the same site as y.blogsome.com, and may not even be run by the same person. Yep, you'd never credit it wouldja. And if you have a script or image on your webpage that's from a supposedly "bad" domain, that'll mark out your site as bad too.

For example, go to Yahoo-owned Mybloglog.com, and you'll get a yellowy reddish brown kinda warning in the toolbar (they call it "orange" but I guess my color vision is different...):

Or a messageboard where someone's posted pics from Photobucket:


Here's another well dodgy site, oooh look, see the warning on the right:


And why was my blog suspect, pray? You can click on the Haute Secure toolbar then 0, 1, 2 "Blocked URLs" to check, and, hey, whaddaya know, that well known and now Google-owned purveyor of malware Feedburner (not!) was one of the chief culprits. It wasn't me guv it was that nasty malicious Feedburner:


See, Haute Secure even went dramatically red on another site because of Feedburner, oooh we're really taking agin Feedburner now aren't we, bad bad bad Feedburner:


One of the few totally safe "blue flame" sites was Google:

But Google didn't escape entirely. Not all Google domains were considered non-evil, oh no - there's that suspicious dirty mac-donning googlesyndication.com, fer instance:


The last straw for me was when it stopped IE dead in its tracks when I tried to drop by John Tropea's site:


And why was John's site so all-fired dangerous then? (yeah yeah, can't resist those fiery puns, so poke me with a match). Because it's on naughty smackit Blogsome, is why:

At that point I completely had it (though I didn't quite lose it), and uninstalled Haute Secure. Sure, you can choose "Continue" to visit red sites anyway, or unblock a site it's decided to kill:

But really, why should you have to? Are Haute Secure having a laugh or what? Just because some bad guys have set up malware-ridden sites using Blogspot.com or Blogsome.com addresses, just because some of them burn their feeds using Feedburner, why should legitimate bloggers on one of those "tainted" domains (or who have incorporated pics or scripts from a tainted domain) be given a bad name and hung too? What on earth were Haute Secure thinking? My fingers are tired enough from constant typing thank you, why should I keep having to manually choose to continue to or unblock perfectly safe sites?

It's like anti-virus or anti-spyware software which keeps coming up with too many false positives, false alarms. It wastes your time, you stop trusting it, you stop using it.

Yes, Haute Secure issued an update a couple days ago, but it sounds like it's just fixing crashes etc. Me, I've lost interest, like many other people I just haven't got the time, I'm not going to bother to try it again. Not (perhaps) unless I know for sure that they've sorted out the sub-domain and scripts etc issues. Great great idea, huge glaring gap in the execution.

3 comments:

Anonymous said...

You have made some very good points here. I installed Haute Security on several computers and (as of now) haven't experienced quite the troubles you have seen.

Maybe 2 or 3 times have I been annoyed by obviously legit stuff that Haute "warns" me about.

But I look at this product for what it is -- BETA. I am happy that people like the folks at Haute Security are trying to make a product that protects average users from web-based malware.

I suggest we give them time to work out the bugs and minor annoyances. Surely, nobody should look at this product as a single-source of protection. I see it as just another layer.

Maybe Haute Security will show enough promise that some cash-laden Venture Capitalists will write them a big cheque. :-)

Thanks again for the review. I hope you'll continue to watch this product and keep pointing out stuff.

Willem
Houston, TX

அருண் குமார் said...

I go with the author on Haute Secure. It does looked (looks!) promising considering its beta status, but as I write this, it has been in beta for quite a long time (Dec 2007). I uninstalled it after 2 weeks, because it would make my life difficult if I wanted to make some conscious changes to browser setting.

Now, today, I am going to reinstall it and see how it has improved over these months.

Anonymous said...

Looks like there is an update available today:

http://hautesecure.com/update.aspx