High Security? New free malware trapper
A new anti-malware tool is on offer from recent US start-up Haute Secure. The eponymous tool is described as offering a two-pronged technical defence against malware attempting to install itself via the user's web browser. Its first line of defence is apparently a heuristic mechanism using what the company describes as "behavior-based profiling algorithms" that are asserted to identify even previously unencountered malware on the fly by observing its attempts to penetrate the system.
The second line of defence is said to be a non-local database of recognised malware to which users' Haute Secure clients report their findings. This is described as "distributed", but no further information is given. A third notional line of defence described as a "unique community approach" apparently includes contributions from other sources in addition to users' clients, including "security experts and hobbyists", and the Haute Secure web site hosts a user forum in which the named directors participate. According to Haute Secure their software hooks around 70 system functions to monitor the web browser's behavior, effectively putting it into a sandbox. If it encounters suspect behavior it stops the apparent intruder before sending a report to the Haute Secure servers.
The company itself, launched in 2006, is of more than passing interest. Its board consists of four senior Microsoft veterans, three of whom were responsible for security there, and is lead by Iain Mulholland, the apparent architect of "Patch Tuesday".
Of course it remains to be seen how effective this tool will prove. Previous attempts to detect malware on the fly have met with only moderate long-term success as malware writers have rapidly come to terms with the limitations of successive detection methods. This has been highlighted recently by attacks triggered from legitimate web sites via inserted iframes which are capable of delivering rapidly changing malicious code. The combination of behaviour analysis and online databases seems like a promising concept to combat this -- provided of course that it turns out to be robust and you can accept the potential privacy implications. The Haute Secure client for IE under Windows, including a version for Vista64, is available for free download, and a Firefox version is promised "soon".