HauteSecure – Good idea, bad implementation
July 11th, 2007
Via TechCrunch I found out about a new service called ‘Haute Secure’. The idea is this — install a nice browser plugin that watches for embedded content (e.g. bad ads?) and blocks them if they are found unsafe. In theory I think this is a great idea — consumers need some level of protection from the scams I’ve documented prior on this blog propagated by companies such as Errorsafe & Winfixer.
Sadly this service is seriously flawed right now. Check this out:
and
Yeah — so great in theory, but when you flag feedburner.com as unsafe and errorsafe.com as safe then there are some serious issues with the service. Some more examples:
Unsafe
- googlesyndication.com
- myspace.com
- photobucket.com
- yieldmanager.com
- cpxinteractive.com
Some Safe URLS:
- winfixer.com
- drivecleaner.com
- workhomecenter.com
- mysurvey4u.com
I firmly believe that url blacklists aren’t going to be able to provide much an answer. In certain cases such as errorsafe.com or mysurvey4u.com it makes total sense, but the challenge arises when legitimate domains are used to serve illegitimate content. For example, what if “akamai.com” was put as a banned url? Haute Secure has the right idea, but it needs some work. I hope they’re working on some more robust techniques. If I were them I would work on analyzing actionscript and javascript before allowing the browser to execute the code.