Start-up unveils anti-malware browsing add-on

Start-up unveils anti-malware browsing add-on

The malware blocker for XP, Vista goes up against major players

Gregg Keizer

July 11, 2007 (Computerworld) — A start-up founded by four former Microsoft Corp. employees has released a beta of a real-time malware-blocking tool that also bars malicious content from reaching PCs.

Seattle-based Haute Secure’s eponymous malware/site blocker enters a
market crowded with the likes of McAfee Inc.’s SiteAdvisor, Symantec Corp.’s AntiBot, Exploit Prevention Labs’ LinkScanner and even offerings from Google Inc.. Haute Secure, however, is counting on a multilayer strategy to see it past rivals.

The first layer, said Steve Anderson, who heads the company’s product
strategy, is a kernel-level driver that looks for and stops executables
coming out of the browser. By monitoring multiple Windows processes and
services — nearly six dozen in total — the tool watches for malicious
behavior, then blocks execution when it sniffs something

dangerous. "We’re hooking API [application programming interface]
calls to the kernel and watching for malicious behavior coming from the
browser," said Anderson.

A second layer blocks the links from which malware is
delivered, he added. That tactic is probably more familiar to end
users, since it’s the technique used by Google’s blacklisting efforts, which will be the foundation of a new feature in the upcoming Firefox 3.0. "We’re blocking at the site and the page level," said Anderson, noting that many domains have multiple malicious URLs.

Haute Secure, which is currently ready only for Internet Explorer
users — a Firefox version will roll into beta next month, and one for
Apple Inc.’s Safari is due out sometime after that — stores the
malicious site/page blacklist locally to avoid performance problems,
and it updates blacklists several times daily.

The software also can accept multiple blacklist feeds, a
characteristic Haute Secure is counting on to deliver revenue down the
road. "The way the system is designed, we can take numerous feeds from
multiple sources," said Anderson. "In August, we’ll [integrate] Google’s
antiphishing antimalware API, for example. The bigger idea is that we
want to be the trusted platform between the Internet and users or

A bank, for instance, that already collects the addresses of sites
spoofing its legitimate online service, could add its feed to Haute
Secure to guarantee that customers who use the tool would be protected.

Haute Secure will remain free to download and use while it is
in beta testing, a process that will run into September. After that,
Anderson said, plans are less clear. "We may charge for using the
malware-blocking feature, since we think link scanning will be more and
more commoditized." Under that plan, the blacklist-based layer would be
provided free. Another revenue possibility, said Anderson, is to sell a
malware-scanning service to companies that fear that their legitimate
sites may be hacked at some point and start spewing malicious code.
"That’s an interesting model, too," said Anderson.

Haute Secure’s other principals include Iain Mulholland, a
former manager of the Microsoft Security Response Center; Frank
Swiderski, a security researcher and developer who once worked at
Microsoft, @Stake and the U.S. Department of Defense; and Rob Vucic, a
former Microsoft security researcher who was cited by the FBI for his
help investigating the long-running and wide-ranging Zotob/Mytob worm
attacks of 2005.

The Internet Explorer add-on, which runs on Windows XP and
Vista — including the 64-bit version of the latter — can be
downloaded from the Haute Secure site.



Leave a Reply