antihook free for home users

I also want to test this app, but I have read a few stories in this thread that made me a bit "scared", I don´t want to screw up my PC. Can someone give me any feedback, should I stay away from this app?

It must of course not interfere with any other apps, and I don´t want to see too many popup notifcations. Also, some screenshots would be nice or doesn´t it have a GUI, I mean like PG? Btw, this is my current setup, AntiHook would be a nice addition IMO, if it works correctly of course:

https://www.wilderssecurity.com/showpost.php?p=519403&postcount=56

 

@ Rasheed187

I would say AH has improved greatly since its original release. The current version 2.5 build 12 is far more stable than eariler releases. I can't see why it would screw up your PC. If for some strange reason it doesn't work right, just simply remove it.

One thing I'm not so sure about is how to configure AH to work with Process Guard, as I assume you will have to do this, but I'm not sure because I don't run PG.

As for too many pop ups, just run it in Finger Print mode for a couple days so it can get used to your system, but make sure you run all your regular programs while it is in Finger Print mode, so you will get less pop ups later.

Overall, I think AH is a great program, and is improving all the time. It now covers some areas that even PG full doesn't cover. I would recommend you try it, and post your results so others can learn more about AH too.

 

Yes very good program. I like it very much. Thanks to Ivo Ivanov for putting out such a good program.

 

Hi thinkdeeper,

Thanks for your feedback! We’re glad you liked our AH 2.5!

Regards,

Ivo Ivanov

 

Can anybody please confirm what OS's AH works on, and if there are any particular issues with them ? I am thinking of trying it out.

Thank you.


StevieO

 

Here's a quote taken from the AntiHook FAQ page

Q: What are the Windows versions supported by current version of AntiHook?
A: At this point of time we provide full support for Windows 2000, Windows XP, Windows 2003 and related SPs.

http://www.infoprocess.com.au/AntiHook.php

 

Well i'm confused now, because on Kareldjags site it quite clearly shows a screen image of him testing ANTIHOOK V 2.5.0. build 12 09 Juillet 2005 that shows, that OS's for Windows 98 - XP can be used ?

I had a feeling it was for XP, but seeing the image made me rethink.

Is the image on his site an error, or can AH V 2.5.0. be used on any of the above OS's after all ? Hopefully someone will be able to clarify this for us.

http://kareldjag.over-blog.com/article-553678.html

Thank you,


StevieO

 

I see what your talking about, it's a screenshot where he is showing part of a program that says it's "for Win 9x/Me/2k/XP". That's a different program, not AntiHook, he is using for a memory manipulation test that he's doing on AH, it's not AntiHook itself.

AntiHook is not for 9x/Me. But there are other IDS type programs that will work with 9x/Me like WinPatrol SSM & Winsonar 2005. Hth.

 

I've been using Antihook for a few days now and am impressed.

Is there any way in AntiHook to see what is being blocked, allowed, etc. (similar to PG - which I would like to use but can't due to problems with Punkbuster)?

This way if I accidentally ok something I don't want or don't ok something I do, I can go in and change it (plus I can better understand what AH is doing).

 

Hello,

I have a question to the makers of AntiHook, or anyone else who truly knows. Can you tell me if AntiHook will stop the installation of the Hacker Defender Gold Rootkit?

Or better still would it be able to stop it after it's is already installed on your computer? But if it will only prevent the installation then that's really good enough for me.

Thanks very much for any answers to my question.

 

Hi InfinityAz,

Thanks for your feedback! I’m glad you liked our product!

You can maintain AH database through the Rules Editor where you can enable or disable particular rules. Rules Editor requires .NET Framework 1.1.

Please let me know if you have any other questions.

Thanks,

Ivo Ivanov

 

Hi trx37,

One of the attacks AH can block is installation of kernel mode rootkits (i.e. Hacker Defender Rootkit) as AH has been designed to detect and stop installation of kernel device drivers.

Let me know if you have any other questions.

Thanks,

Ivo Ivanov

 

Hey,All

Could someone help me out with this please
i am trying to install the Rules Editor but i get
this error about i need to install Netframework 1.1
sorry i think that is the name not sure now

so is there some way to work around this
i have not install that not sure how safe it is
has anyone here installed it if so how do you
feel about it.

 

One thing that disappoints me about the AntiHook Rules Editor is that it doesn't refresh itself--you need to exit it and restart it to see changes taking place in fingerprint mode.

This can be a real problem, since if you make manual changes in the Rules Editor while fingerprint mode is making its own changes in the background, you could end up saving changes that undo those of fingerprint mode. Or, so it seems to me.

I discovered this issue by enabling fingerprint mode, running the rules editor, then running an application I knew to use windows hooks, for the first time since installing AntiHook. I expected to see a new entry for this application, but it wouldn't appear until I closed and restarted the Rules Editor.

 

The AntiHook Rules Editor requires the Microsoft .NET Framework. There is no way around this requirement.

To install the .NET Framework, just visit Windows Update and select it. (If you happened to have hidden the .NET Framework selection, you will have to "show hidden updates" to see it.)

After .NET Framework installs, go back to Windows Update and check for any updates to .NET Framework. (In my experience--and as stupid as it seems--the security updates to .NET aren't shipped in the main installer. You have to install .NET, then go back for the individual update(s) to it.)

Then, you can install the Rules Editor.

 

Another thing that disappoints me is how much AntiHook seems to slow down my system. Every little thing is much slower than before--from opening the properties of a file, to using an Explorer shell extension, to running applications in general. Even initiating a screen capture in Paint Shop Pro 7 (which used to be seemingly instantaneous) now takes a couple seconds. That's a pretty drastic performance hit.

I hold hope that this is somehow due to my use of fingerprint mode, but I rather highly doubt it.

 

I noticed that the .NET Framework is already on my Windows XP install cd. Check to see if it's on yours. This can be of great help for those with dial up. Then you'll only have to download the few updates for it, which will be far quicker than if you had to download the entire .NET Framework, plus the updates.

 

Hey,To all

@pffft

Thanks for the reply & info but how safe is this
NetFrameWork or would i need to add one more
prog to keep this safe.

& would like to add when you install Anti-Hook
did you shutdown Unplug Cable/DSL if using
then restart close all running Programs
install reboot.

that has been the only time i have had my friends
come back at me with a problem from Anti-Hook
so had them uninstall then reinstall as i had said
above sorry if this is not what you did.

@AHUser

Thanks for the tip i will have a look at my CD again
how safe is it to install & use will i need to do anying
to make it safe if it is not so.

Thank you all

 

I would recommend using Windows Update or the Microsoft.com site to install the .NET Framework, since that way you know you are getting the latest version. I suspect that the version on your Windows CD will be 1.0, which is outdated, and will not include any security updates.

Microsoft .NET Framework Version 1.1 (23,698 KB)
http://www.microsoft.com/downloads/...e3-f589-4842-8157-034d1e7cf3a3&displaylang=en

Microsoft .NET Framework 1.1 Service Pack 1 (10,453 KB)
http://www.microsoft.com/downloads/...4f-088e-40b2-bbdb-a83353618b38&displaylang=en

Yes, they are large downloads, but if you don't want to download them, your only other option is to use an outdated version from your Windows CD, or order a CD with just the .NET Framework on it.

As far as security issues related to the .NET Framework goes, I can't say much about it. There have been some security issues (hence the service pack), just as there are with every other bit of software under the sun. I don't think there is anything "special" you need to do to address them, outside the usual advice: Keep the .NET Framework updated by using Windows Update (or Microsoft Update), and use your security software and most of all, computing sense.

I don't advise avoiding .NET. Plenty of nice software is written around it, and I know of no horror stories that spring from it.

 

hallo, I just downloaded antihook, but don't know how it works.
Anybody that can help me?

 

I've gained a little (very little) bit of insight into what is going on with the performance hit I've experienced. It seems that AntiHook injects a thread into every process on the system, using SMIHelp.dll (System Management Instrumentation Helper). Whenever I'd try to do something (yes, just about anything, even browsing the Start Menu), these threads would consume CPU in every process, and the system would slow to an absolute, unbearable crawl.

The more processes that are running, the worse the performance hit. And trust me, I witnessed a severe performance hit. It was so bad that I found myself running applications, then seeing nothing happen, and so much time passed before the window for the application would appear, I'd forget what application I had run! Just running Microsoft Update and initiating a scan took several agonizing minutes. I'm talking unbearable slowdowns here.

I really hope this problem can be rectified.

 

I'm not sure that the aforementioned thread affects all processes, but in any case, on my system, it seems to affect enough that my system is unusable when fingerprint mode is in use. The problem also seems not to exist in normal mode, which is a relief.

On another note entirely, I've found that PC Magazine's EndItAll utility sneaks right by AntiHook 2.5. Using EndItAll, I can kill any application, without any alert. And to be clear, this is in normal mode, not fingerprint mode. When I look in the Rules Editor, there is no entry for enditall.exe.

Does this sound familiar?

Let's hope that the AntiHook people don't lie and deny as [cough] some others have.

 

I've also found a few other problems:

* Some settings aren't remembered.

* When programs are launched from batch files (.CMD), AntiHook gets confused over what program is being launched. I've seen many, many alerts telling me that a program was launching another, when the program supposedly being launched was actually one that had run long ago, but wasn't currently running at all. This problem has to do with AntiHook screwing up PIDs. (This issue was the big deal-breaker for me, since I use .CMD files extensively.)

* AntiHook doesn't realize that LFN and SFN can resolve to the same process. The way Firefox and Thunderbird work, for example, is using SFN in the registry. But the Firefox and Thunderbird shortcuts use LFN. Because of this, I had to create duplicates of every rule I had for Firefox and Thunderbird (and any application interacting with them). A real pain.

* I had at least one spontaneous reboot. I was actually coming back to my PC to remove AntiHook, when I found it in the middle of a boot process. Not only have I never seen this happen before, it wasn't a simple BSOD, because my system is not configured to reboot automatically after a BSOD occurs. Very odd, and very annoying.

I did send email messages about these issues, but I just can't keep using AntiHook at this time.

 

OK, I'm about to show my stupidity. I'm running and love the latest Kerio 4.2 free, which includes Network Intrusion Prevention and Application Behavior Blocking.

Does AH more or less take the place of the HIPS feature in Kerio, Host Intrusion and Prevention, which stops attacks on vulnerable apps by blocking incorrect behaviour of those applications?

If so, I think Kerio free and AH might be an ideal combination, or still an ideal combination even if there is overlap with the two features above that kerio includes in the free version, if AH takes care of the HIPS feature.

 

Source : http://www.infoprocess.com.au/

Is that true ... ultimate ... complete bullet-proof ... or is it exaggerated ?