Haute Secure 2.0
A safe Web-surfing product, Haute Secure is out of beta and available for both Internet Explorer and Firefox. Founded in 2006 by former Microsoft security engineers, Haute Secure hopes to distinguish itself in a crowded field, including Grisoft Linkscanner and Finjan SecureBrowsing. Today new Web threats come not from sites built to host malicious content, but legitimate sites that have been compromised. While we were pleased with the active threat detection within Haute Secure, newly active phishing sites without embedded malicious content did slip through. Older phishing sites were blocked. Haute Secure is free to download for home use; businesses will be charged to have their Web pages checked for malicious code. At the moment there is little technical support offered beyond a few FAQs and a users forum.
Setup and Installation
Download the 32-bit or 64-bit file from CNET Download.com and then reboot. There is no indication that anything has installed unless you stumble across the site that Haute Secure has identified as malicious. Once you do, the page is either blocked with the message within the browser, or via pop-up on the desktop.
Haute Secure provides a nominal interface where you can see the applications being monitored on your desktop and subscribe to additional block lists created by Haute Secure community members or your own.
Should you want to uninstall Haute Secure, there is an uninstall option within All Programs. After a reboot we found no traces in the Registry or our system directory.
What's different about Haute Secure is that it hooks into processes running on your Windows XP or Windows Vista machine. Most of these are related to browsers. Additional hooks are used for specific applications such as Microsoft PowerPoint, Skype, and Adobe Acrobat.
What we didn't see was an industry standard red, yellow, or green (search engine overlay), showing us before we clicked whether or not a site might host malicious content. What we did see was a blue icon for community ratings of a particular site, and a yellow icon for site recommendations (positive or negative votes). We found this confusing and rather indirect.
We tested Haute Secure on a handful of known malicious Web sites. In each case, the product blocked access, with a warning "We found Malware on this site which tried to infect a computer. Stay away from this site." Haute Secure provides no additional information.
When we downloaded and attempted to install a new application, Haute Secure immediately blocked it. We had to go to the interface panel and then type in a CAPTCHA code to unlock it. While some may appreciate the added security, for others this will become tedious.
Haute Secure did fail to identify a few recent non-exploit-related phishing sites, which surprised us. Using five sites recently reported to a reputable, independent phish-tracking site (most were active an hour or less) not one was flagged as active by Haute Secure. Perhaps that's because the pages themselves do not contain malicious code. Yet the pages do contain forms that, when filled out and sent in, could compromise your identity. Although Haute Secure uses phishing reports from Stopbadware.org and others, and will warn you of known fraudulent sites, we found that the native antiphishing protection in Internet Explorer and Firefox did a better job at flagging recently reported phishing sites.
While you can report sites to add the Haute Secure's block list, we could find no way to contact the company for technical support. On the company's Web site there is a FAQ and an active forum for discussing problems. We suspect that as the product matures, there will be some form of technical support offered.