antihook free for home users

Excellent program, light on resources, least intrusive, don't want a registry or process guard personally, I have my Kerio 2.15 set to Always Secure mode so in case of termination it would cut off the connection.

Antihook does what it promises without any surprises, overheads etc. Because it is not kernel based, it causes least amount of conflicts or problems.

Thank you Chris and Zorro for leading me to this.

 

It does work at the kernel level. So its similar to PG in this case. See what happens when I do this:

 

Nadirah, I was commenting on this response earlier in the thread. There does seem to be some confusion.

 

Nadirah,

Thanks for the correction, antihook.sys is indeed a Kernel level driver started as a service.

 

You could just redownload and reinstall Prevx everytime new version comes out. It really doesn't seem to update that often, and remember you don't really need to update it often. Maybe a pain in neck but at least you could keep Prevx, and it worth keeping imo.

So AntiHook does protect at the kernel level. I wish people wouldn't post that don't really know what they saying first.

 

Well, check out their homepage, they also sell some
Hooking SDK, details:

The HookTool SDK 3.6 offers following features:

* Provides a method for hooking of any Win32 user mode APIs
* Allows hooking to be performed for each running process as well as in all newly started processes
* Full support for Windows NT/2K/XP/2K3
* Comprehensive SDK documentation provided as CHM help file
* Provided sample code demonstrates how easy is to utilize the SDK from within a Console, regular Win32, MFC or a Windows NT Service application
* Offers a simple method for hooking and customizing IIS, ASP.NET, Winsock, WinInet, File I/O, Registry, User32, GDI etc.
* Enables the developer to implement all intercepting APIs in separate custom DLLs with ATL and/or MFC support
* Provides a solution to the well-know problem with injecting a DLL by CreateRemotThread API into address space of a suspended process
* Exposes APIs for starting and stopping the interception process


That sounds very much like normal DLL injection to me, technically.
And why would they sell a hooking library that uses DLL injection when they can do real kernel level hooking?

However, Antihook still looks interesting, I have to test it with a couple of malware.

 

Its free for home users now? Cool I can get rid of the annoying Trial Prompt!

 

Just enter your mail and name in the registration column and they will send you the serial.

 

Personally I don't see it as a competitor to PG.

I wonder if it will replace SSM though. SSM is going commercial soon, so I'm looking for a replacement.

I wasn't impressed the last time, I used Winsonar, but that's one alternative.
Is antihook another?


Of course, I already use Jetico and consider netveda, will antihook bring anything to the table?

Preventing termination of processes sounds useful..

 

If you use Jetico, this is redundant, Jetico itself has all the features and prevents DLL injection, NetVeda features DLL fingerprinting but cant' prevent DLL injection unless you make explicit rules so you can consider using Antihook there.

 

Hmm - yet another app that hooks the kernal. I'll probably go ahead and install it (I've already d/l'ed and gotten the key) just to see what it's like, but I'm getting a little antsy about all the kernal-hooking I've got going on here.

Any special instructions anyone would care to give to someone who's about to install anti-hook who already has ProcessGuard, UnHackMe, SpyBot-SD Resident and SnoopFree running resident? Pete

 

I was thinking the same when installing Tiny...conflicts and reboots

Just installed it,...it fills some gaps I can see and no prbs what so ever

we'll see

 

Hi,

***As an "aussie" program, this soft has been also mentioned and discussed by "aussie" guys : https://www.wilderssecurity.com/showthread.php?t=59068

***Spy, i used SnoopFree and others programs you had mentioned.
I just can say that it's better to disable PG protection to see if AntiHook is powerful or not.
I've already finished to test it last month and it has some weaknesses.
As it was said by someone, the IDS of A2 is a little bit similar.

***Monitoring, alert and detection have their limits.

An inovative approach of security has to prevent and almost stop threats without the user's intervention: that which is not recognized and certified is not allowed to integrate the system.
It's seems very simple but quite hard to realize (it's like solutions as ShodowUser...).
But as usual, we have to give it a chance.

Regards

 

Interesting. Thanks for pointing this one out
I haven`t got PG running here yet (waiting to see what TDS-3 -4 upgrade options become available), so it looks like a good option for me.
I`d like to see some kind of comparatives with this type of program.
What does ProcessGuard offer that the A² IDS or SSM or indeed AntiHook doesn`t?
Will these programs help of hinder each other? Are they covering the same bases?

Trev.
____________________
Useful Links:
Anti-virus:
NOD32 Anti-virus ... Avast Anti-virus (Free) ... AVG Anti-virus (Free) ... Housecall (Online Scan)
Firewall:
LooknStop Firewall ... Sygate Personal Firewall (Free)
Anti-trojan:
TDS-3 ... Trojan Hunter ... A² (Personal & Free) ... BOClean
Anti-Spyware:
AdAware SE ... Spybot S&D 1.3 ... HijackThis! ... SpywareBlaster ... DialerWatcher
Misc:
System Safety Monitor ... Proxomitron ... Firefox ... SysMetrix ... Rainlender

 

I am also interested in reading opinion on how this compares with PG as I am thinking of purchasing it. This is free but I doubt that will remain the case for long. With PG you pay once and that's it as far as I can see.

 

Thanks to everyone that answered my questions.

I was just about to try it, after I registered with them and got the registration code - very long one, ... errmm ... then I realised I didn't manage to find the link to download the Free AntiHook Home version. Their link only download AntiHook Pro ...

Could someone direct me to that link please?

At Download.com it only gave me AntiHook Pro.exe ... Pro and has a trial period which I don't want.

Cheers

Chew

 

There's a link to the home version just below the pro download: http://www.infoprocess.biz/register.aspx

 

Had a bad moment after the re-start following the install, but it seems to be working now.

Had to do a hard shut-down because it locked during the re-start. On the following re-start, I left up the screen that was asking for the registration until after everything else loaded, then opened the anti-hook program from the Program menu and put it into "Fingerprint" mode and entered the registration.

Turned PG back on and had to give antihook.exe "Modify" rights (?).

We'll see how it goes. Pete

 

AShaR

Thanks for the link.

But sorry I still couldn't find it and which ever link I clicked I just kept getting this ... AntiHookProSetup20.msi. Or is this the correct download?

Could you provide screen shot for me please?

Cheers

Chew

 

I think the pro version download takes the home version number, it did around here.

First thing I noticed is the rule editor needs .Net to run. Since I don't have anything else that needs that 70MB mish mosh from Microsoft, I did not look at the rule editor.

Next it complained about IE doing some rather routine things. Funny, all these sand box apps act like that. It has a fingerprint or learn mode, but i predict it would take a while to try everything and even then it would complain on occasion.

Kareldjag said it all, about getting the job done without user intervention. these things should not require a learn mode. Known harmless things need to be excluded by design or white list, and similarly for a black list. It has got to be as good as a good AV. Very few false alarms and never miss a known virus or trojan. Of course the assumption here is your AV missed it, and the user was not sharp enough to spot that something was wrong. At the current state of the art, that user will not know what to do wih an alert from any of these sand box apps.

Finally, you are probably about 100 times more likely to have your personal data stolen from someone else's computer these days, and sad that is.

 

Most appz that do simialr work say something like this. Do a clean windows install while not connected to the net and then install security appz.

Hope this helps,

Chris

 

Hi Chris,

would that mean formatting the hard drive or could I re-install Windows without doing that? I have a lot of specialised business software on my pc and don't really want to format unless it's a critical situation. Getting it all up and running again would be a pain I could do without.

Thanks for your help regardless.

 

Diver,

.NET is around 34mb if I am not mistaken and quite a few good and free programs on the net are being written with it, not a bad idea to install it.

Antihook is free and far less PITA than Jetico, Kerio 4.13 and Tiny, combine it with Kerio 2.15+BZ, harden your TCP/IP layer with Harden-It, and run Nuzzler IDS which is snort based and also free and you are on your way to a relatively secure system and all for free.

 

22mb if you get the .net framework 1.1

 

Yes, it is 22mb, wrongly added the 3, technically, MS should start incorporating it in its OS.