I tried Haute Secure when it first came out in beta just over a month ago. It's a browser plugin /toolbar for Internet Explorer which is supposed to warn you when you attempt to visit a "bad" site laden with malware which attacks your computer the moment you land on the site, and it will even block your browser from downloading nasty smelly germy webpages.
In their words, "When the bad content attempts to load, our behavior-based profiling algorithms identify and intercept it in real-time, before it installs itself on your computer." How it works: they have algorithms that analyse, identify and stop sneaky malware downloads in real time (and send reports home), plus a database of bad sites kept constantly updated from reports etc, or as they put it: "A distributed real-time malicious link database and a scanning infrastructure that is connected to the client software". They'll also include "malicious content found by others such as security experts and hobbyists joining the fight to stop malware attacks on unsuspecting users".
It's had good write-ups. But I go by my own experience. A favourable review will get me to try something, but I won't stick with it if I don't like it. I don't often blog about things that suck because usually I've picked up enough info to know that I should just avoid them in the first place. But if I come across something that's sucky, I'll say so. Haute Secure is sucky.
In more sober terms, here's my verdict. A most excellent idea in theory, but way too blunt an instrument in practice. I had to uninstall it after a few weeks, it was making my browsing unbearable.
Why? Like I said, it's far too blunderbuss in approach. It tars (and feathers) entire domains with the same brush, without bothering to distinguish between subdomains - like, x.blogsome.com is not the same site as y.blogsome.com, and may not even be run by the same person. Yep, you'd never credit it wouldja. And if you have a script or image on your webpage that's from a supposedly "bad" domain, that'll mark out your site as bad too.
For example, go to Yahoo-owned Mybloglog.com, and you'll get a yellowy reddish brown kinda warning in the toolbar (they call it "orange" but I guess my color vision is different...):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXv4vvjxGncy_kPovNQUTZO4swd3Oea_TNvUOqNwTrbPfvRxpVxWHyj3TEn3yJKxNjWGPBEZPRC4I2B1NaJwHh3ezsHOwvxLmJ3KaHqsOx6htnUHRajbSXvLcmsGP7nG0EwPBdTg/s400/orange.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiEUPeDZZs8bdxa0N9YXTuUE79qZJTTBgkK3xlbOUG7i1IKzehueA-nTEjRfm_GiX0GQnO7PQzp2lXRRwrzpOOwnuV_xWSSlJ9V4CQIhMrxAkzpXYz99miWSiuR37cWKn2hqIZvA/s400/orange3.jpg)
Here's another well dodgy site, oooh look, see the warning on the right:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcbuEO1msraJf0QY0xYI31S_lA2fw6AllQvtD7HwI8zlKkpPJTRun9tGZjDzmKsUjdAJqEOX3kW0tmHIPpgZFDfN2Ym9nuOCs34-O7p1EhXGKlmyhy6pAhgB8rhDSw7F7EUJR8mg/s400/orange2.jpg)
And why was my blog suspect, pray? You can click on the Haute Secure toolbar then 0, 1, 2 "Blocked URLs" to check, and, hey, whaddaya know, that well known and now Google-owned purveyor of malware Feedburner (not!) was one of the chief culprits. It wasn't me guv it was that nasty malicious Feedburner:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU9SGK9UDgEbWwMA9zDjzz3awIeJObEkwnVFo7B-MRVidPTL6KUtv3AFZTyAeFdBUMAEZzL9RBhI1D_ASdqbaSoB85ppdJ0fqocR7Kj5OMOmLv7fwwGdmOT4aUMfUalBerhQu7Og/s400/orange4.jpg)
See, Haute Secure even went dramatically red on another site because of Feedburner, oooh we're really taking agin Feedburner now aren't we, bad bad bad Feedburner:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHSA4-RdvMNnjDsHJsRRO9iUxGcPAXTSF06fCMfeniSEbjwNHXWpFXqUn5S61yrTXyxi1l8XSf7pKxR3xIjbK56dqvxKGC1yxU5JHAdddR3Pf-RJC4No8xOVO8k089uLRP5KnMOw/s400/red2.jpg)
One of the few totally safe "blue flame" sites was Google:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvFgHuqlLXvD2EiEcppEHDToqhW5-yRdZxJifK9gT7gm7qeMhyphenhyphenH9Kn_vr23i1ASR08yZiExA0_gfQ4pxl2yE9K3KTUHrEmuSC_L32iLiXCeVYsSdQzkgUzgxB90qteeguF9OCOFA/s400/blue.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg083jjqH7imxNsodIsFefn_GZAc3VFow6rXEyx7JbiRDkZ683IY0M2Iv9th3v3dYqfwKk7JWg4arsIGy6nsrgYCEUvpqGSKYc53KcdvjtJPM3k5Wlgsp7SScmDn2vbVbysFa_Zkw/s400/red.jpg)
The last straw for me was when it stopped IE dead in its tracks when I tried to drop by John Tropea's site:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjVAgIIG9QYB_KlVrpQn90gWpcBK3yG1ngOF0UpGShq9JKlveLoquXd0X2J4snHbfsH-hry7Xcc5CiiOYa9CzpApyh3RrRc7LU1KN9eRjgQ30IQaGOn4GyybpW_eFRUSg_SprbkQ/s400/red3.jpg)
And why was John's site so all-fired dangerous then? (yeah yeah, can't resist those fiery puns, so poke me with a match). Because it's on naughty smackit Blogsome, is why:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjDv6-D4zrn_hdl0p7P2Oc3K6koQeqTVCyce5qtuPmBjTixGOBsp5Mrz_iIYViR47Fkn8qxPHFp0udEZXood5UuLWlJByzZqfkftP4NIxJHC95h2L85JgJqGNXL4-FCSuzB2bCvw/s400/red4.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrf0wlH93gBYHOMhaXzdg_WJgqj-PEZgCZ06n9suiqZ6s8p7nwCX3GPa4XEYW6uBEH9GEqXwEtGaxT1akji-5H52ojk-3Etq_6I62fE7KToPBqyNSYdnFu4Rf86KZP1A6wlaViJQ/s400/unblock.jpg)
It's like anti-virus or anti-spyware software which keeps coming up with too many false positives, false alarms. It wastes your time, you stop trusting it, you stop using it.
Yes, Haute Secure issued an update a couple days ago, but it sounds like it's just fixing crashes etc. Me, I've lost interest, like many other people I just haven't got the time, I'm not going to bother to try it again. Not (perhaps) unless I know for sure that they've sorted out the sub-domain and scripts etc issues. Great great idea, huge glaring gap in the execution.
Tags:
3 comments:
You have made some very good points here. I installed Haute Security on several computers and (as of now) haven't experienced quite the troubles you have seen.
Maybe 2 or 3 times have I been annoyed by obviously legit stuff that Haute "warns" me about.
But I look at this product for what it is -- BETA. I am happy that people like the folks at Haute Security are trying to make a product that protects average users from web-based malware.
I suggest we give them time to work out the bugs and minor annoyances. Surely, nobody should look at this product as a single-source of protection. I see it as just another layer.
Maybe Haute Security will show enough promise that some cash-laden Venture Capitalists will write them a big cheque. :-)
Thanks again for the review. I hope you'll continue to watch this product and keep pointing out stuff.
Willem
Houston, TX
I go with the author on Haute Secure. It does looked (looks!) promising considering its beta status, but as I write this, it has been in beta for quite a long time (Dec 2007). I uninstalled it after 2 weeks, because it would make my life difficult if I wanted to make some conscious changes to browser setting.
Now, today, I am going to reinstall it and see how it has improved over these months.
Looks like there is an update available today:
http://hautesecure.com/update.aspx
Post a Comment