AntiHook 3.0 Released

[QBgreen]

Just noticed this release, read about it on InfoProcess' site: http://www.infoprocess.com.au/antihook.php

lets home they did something right this time . . .

[aigle]

Ya, let,s hope!!

[aigle]

So it,s paid now. Any screensshots if there?

[Rasheed187]

I have checked it out but I´m not too impressed. I´m not satisfied with the GUI and it does not always seem to remember certain rules. Also, I do not think that the registry monitor is that advanced, it does not seem to cover as many things as KAV/KIS and SSM for example.

More bad stuff: it can´t stop certain process termination attempts. The only thing that I liked was the ability to spot service/driver "startup type modification".

Some screenshots:

http://img122.imageshack.us/img122/7...shot001af5.png
http://img179.imageshack.us/img179/7...shot002wz7.png
http://img122.imageshack.us/img122/3...hot00d1mf3.png

[SystemJunkie]

The v.2.5 already was very vulnerable against attacks, it wasn´t able to block anything.. what do you think will happen in v.3`?

The genetic disease will stay, that´s my opinion.

[aigle]

Thanks Rasheed for screenshots.

[SystemJunkie]

I saw the beta and it is nice to play with but it´s not the software I would trust. Too many vulnerabilities.

[zorro zorrito]

Let's see version 3, last v2.5 and v2.6 worked fine for me, except for the sandbox problem(problems with sandboxy), I hope this one doesn't have that problem.

[kdm31091]

I cannot believe it's payware now. for some reason I lose a lot of respect when a product goes from free to pay. We need some freeware in the world, some full non crippled freeware.

[SystemJunkie]

exactly my opinion

[[suave]]

Quote:

Originally Posted by Rasheed187

I have checked it out but I´m not too impressed. I´m not satisfied with the GUI and it does not always seem to remember certain rules. Also, I do not think that the registry monitor is that advanced, it does not seem to cover as many things as KAV/KIS and SSM for example.

More bad stuff: it can´t stop certain process termination attempts. The only thing that I liked was the ability to spot service/driver "startup type modification".

Some screenshots:

http://img122.imageshack.us/img122/7...shot001af5.png
http://img179.imageshack.us/img179/7...shot002wz7.png
http://img122.imageshack.us/img122/3...hot00d1mf3.png

Thanks for posting the screenshots

I don't like the look of the GUI

[tcars]

Quote:

Originally Posted by kdm31091

I cannot believe it's payware now. for some reason I lose a lot of respect when a product goes from free to pay. We need some freeware in the world, some full non crippled freeware.

While the newer 3.0 is for sale at a modest price, 2.6 continues to be offered free to home users. We are committed to continuing to offer free and advanced versions like this, and the contributions help fund development on both versions.

AntiHook 3.0 was rewritten from the kernel level up and we believe is a more efficient and secure design. The engine is working well and as designed so far. If anyone has some specific feedback on vulnerabilities we would appreciate it, as we are committed to producing the best HIPS product possible.

In response to some other comments in this thread, we are already in design and development of a new release that will cover the following:

1) User Interface improvement - whilst 3.0 is already an improvement on the UI of 2.6 we know that there is much to be done to repaint the product and make the control center in particular easier to use.
2) There is only one advanced method of process termination that can currently stop the AH driver and while not currently a major security risk we will block this too.
3) AH 3.0 currently takes an exclusive position at the kernel, this design will be changed slightly without sacrificing security, thus allowing compatibility with products such as sandboxie.
4) Registry monitoring will be expanded, and we will provide ability for user to enter custom registry keys and values to protect.

Thanks for your feedback, any other feature suggestions would be appreciated too.

@tcars

Hello and Welcome.

Some off-topic but i have been using InfoProcess LaunchMonitor with impressive and stable results. Will your team be improve on this program or will remain proof-of-concept type demo?

As for Anti-Hook.......I have not yet even tried it yet but am curious to it's development also. Does free 2.6 perform basic coverage adequately enough to protect systems or you prefer peeps go the full route with 3.0 Safety with it's added ability?

Thanks EASTER

[SystemJunkie]

Look at this:
http://i17.tinypic.com/3ycbxjn.png

Now here is my prove that Ah3 works fine with process guard and ice sword.

http://i16.tinypic.com/4ibkdjn.png

;-) Easy thing, to put them all together, but surely will slow down the system a bit.

[Perman]

Hi, folks: I did a test drive on v.2.6, and then deleted it due to system slowdown, during that critical process(uninstallation), my computer almost got a cardiac arrest (freeze, no pluse), a penalty for abandonning it? Would v.3.0 be much polite when dealing w/ this situation? I like to try it but just can not go thru another attack. Thanks.

[SystemJunkie]

Hi Perman, forget it, Antihook3 grabs all your ressources, too many freezes...
very time consuming. Especially if you like to deal with other security apps.

[Perman]

Quote:

Originally Posted by SystemJunkie

Hi Perman, forget it, Antihook3 grabs all your ressources, too many freezes...
very time consuming. Especially if you like to deal with other security apps.

Hi, folks: Sad news for a new release. Hope someone dare enough to rebuke your comments.

[SystemJunkie]

I use FX60, so the delay is not always so problematic for me, but on slower computers, I doubt a bit.

But you know this is a core problem of Kernelhooking, it slows down your system to hell after a while, the more hooks you allow, maybe this phenomenon has an end with windows vista. Except if Symantec reach to force Microsoft giving access to their source code. (ha ha ha)

[bellgamin]

Quote:

Originally Posted by SystemJunkie

But you know this is a core problem of Kernelhooking, it slows down your system to hell after a while

I'm running SSM (it hooks the kernel) & my box is very speedy. I discern NO perceptible slow-down.

@Perman- For testing AH, I recommend making an image prior to doing it. If you decide you don't like AH, you can readily uninstall it simply by restoring the image.

[Perman]

Hi,folks: Hi, bellgamin: Does AH require reboot after installation. If it does not, then I can test it in Frozen state of DF.

[bellgamin]

Quote:

Originally Posted by Perman

Hi,folks: Hi, bellgamin: Does AH require reboot after installation. If it does not, then I can test it in Frozen state of DF.

The previous versions of AH needed reboot, as I recall. I haven't tried 3.0. Hopefully someone else will answer your question.

I wish I could afford the price of ShadowUser -- with that one, you can handle the programs that require reboot (or so I have been told).

I'm presently using ShadowSurfer, which has capabilities similar to DF. I loved DF, but switched from DF's trial copy to a licensed version of SS when I managed to get a free copy of SS at THIS link.

[SystemJunkie]

Ah Perman you are a deep freeze user, maybe you know how to remove their cmos code.. because it destroyed my floppy bootblock, damn bad software.

Antihook asks soo many questions, this is where process guard has a main advantage.

Antihook should include a function to save all rulesets in one, and not one by one. Time wasting things..

[Ivo]

Hi folks,

Quote:

Originally Posted by SystemJunkie

Look at this:
Now here is my prove that Ah3 works fine with process guard and ice sword.

;-) Easy thing, to put them all together, but surely will slow down the system a bit.

I don’t know how I can stress more that combining multiple HIPS products may only give you a false sense of a more secure system because it is more likely that only one of the products will be in charge and all the rest will be not operating or partially functioning even though they are running just fine. It is not impossible to run side by side AH30 with those two products, but this doesn’t mean that the machine will be better protected. Worse – the user may experience a significant slowdown and crashes. PG and IceSword are two great products but finding a way to run them side by side with AH doesn’t add any value because we know that only AH’s system call filters are actually working and being able to detect and stop suspicious activity. Again some number of the PG and IceSword functions may be still partially working or just enough to give you a wrong impression.

Quote:

Originally Posted by SystemJunkie

Hi Perman, forget it, Antihook3 grabs all your ressources, too many freezes...
very time consuming. Especially if you like to deal with other security apps.

As some of you have noticed we have completely rewritten the kernel driver and the user mode portion of the system. All user mode apps have been redesigned to allow better extensibility and this is why we decided to use .NET as a platform.
Just like SystemJunkie many users are quite surprised by the high memory usage that typically Task Manager reports for running .NET applications. In fact .NET apps including the user mode apps of AH don’t really use that much RAM – Windows will give it back if other apps need it. Surely .NET applications really do have a high memory footprint relative to most native code application (i.e. native Win32 apps). In fact most of the diagnostic tools like Task Manager are showing the amount of the Working Set being used by a process. It is important to note that part of the Working Set may be shared with other processes as well as the .NET runtime which is part of each .NET app. The figure reported by Task Manager and alike may be overstated and quite misleading.

In terms of performance it AH30 has shown pretty good results due to the fact that we have removed the overhead of one of the user mode monitoring DLLs and moved all filters down to the kernel driver.

Some of the key system calls which AH filters are a process creation, process termination and modifying an external process memory. Normally this is not something that happens very often (typically less than 100/sec) unless there is a piece of malware/rootkit or poorly written software running on the PC. For more details on how expensive process creation is peek at Microsoft Windows Internals by Mark E. Russinovich, David A. Solomon.
Another reason to experience a significant slow down it is usually caused by a wild mixture of different security apps. As I mentioned before it is important to utilise complementary solutions as opposed to products with overlapping functionality. That’s it – AH is not a firewall and it is not an AV – it is a compelementary solution and you do need a firewall and AV but adding an extra HIPS product may introduce only additional overhead and significant performance degradation.

Your feedback is highly appreciated!

Thanks,

[ccsito]

Quote:

Originally Posted by Ivo

Hi folks,



I don’t know how I can stress more that combining multiple HIPS products may only give you a false sense of a more secure system because it is more likely that only one of the products will be in charge and all the rest will be not operating or partially functioning even though they are running just fine.


Another reason to experience a significant slow down it is usually caused by a wild mixture of different security apps. As I mentioned before it is important to utilize complimentary solutions as opposed to products with overlapping functionality. That’s it – AH is not a firewall and it is not an AV – it is a complimentary solution and you do need a firewall and AV but adding an extra HIPS product may introduce only additional overhead and significant performance degradation.

Your feedback is highly appreciated!

Thanks,

(spelling edited)
Amen to that. Overlapping functionality and multiple resident programs may or may not run smoothly. When you have "so many hands in the jar" some kind of problem usually pops up at a specific memory location or system register. Getting malware is bad enough, but when you have to work on a slow or hiccuping PC that just compounds it.