ProcessGuard Vs. AntiHook

Hi guys.

I am going crazy reading on this forum. I've read so much and I don't even know where to begin.

Two products that I have read about here that caught my attention is ProcessGuard and AntiHook.

Now, I definitely want to use one of them. But is there a difference between the two?

What can one do that the other can't? Or what does one do better than the other?

Is there some sort of feature comparison I can look at?

I know ProcessGuard costs money and AntiHook is free... but thats about all I know about that

I don't mind paying for ProcessGuard if it is indeed better.

So can anyone help me out and let me know the differences?

 

well the following is a list of features in PG, as u can see it does more than just block hooks:

Control Application execution
Protect applications from termination
Protect applications from modification
Protect applications from viewing
Block new and changed programs
Protect physical memory
Block Global Hooks
Block unwanted rootkit/driver/service installation
Block registry DLL injection (CoolWebSearch)
Secure Message Handling
Interface Lock

edit: i just visited the antihook site and now i have the same question. there is quite a bit of overlap between the two apps.

features of antihook:

1. Launching of malicious applications and processes.
2. Termination or killing of your critical security applications (e.g. Firewall, Anti-virus, and Anti-spyware software).
3. Loading of suspicious DLLs (e.g. IE Browser Helper Objects, ActiveX components, COM objects).
4. Execution of code in a remote program (e.g. Trojans or Malware modifying the memory space of an external application and executing malicious code).
5. Remote injection of code through standard Win32 API calls to the CreateRemoteThread() API or other native APIs called from within Rootkits.
6. Installation of Kernel Device Drivers (Kernel Rootkits) that integrate and then maliciously alter the Windows operating system.
7. Registration of programs for loading on PC start-up or when the user logs on to the system.
8. Registration of Initialisation DLLs that load each time a new application starts.
9. Installation of system-wide Windows hooks by using standard Win32 APIs or native APIs.
10. Attaching a debugger to another process.

also see the antihook thread.

 

I like the combination of Prevx home free and AntiHook. But some people have reported problems when using more than one HIPS program that operate at the kernel level. This is a Process Guard forum so I would expect the opinions to weighted in favor of PG. Just something to keep in mind.

 

Hi, I use antihook with jetico (I disable process attack table in jetico). They work very fine, and pass every leak test. Both of them are good (process guard and antihook) and I don´t see a great diference bitween them.

 

[suave] - i guess u better try both and decide which one u like better (tho pg doesnt have a trial but rather a free version without the global protection enabled (hooks, services etc)

 

I purchased PG prior to AntiHook becoming available, so I haven't had a chance to look deeply into AntiHook. It appears that PG provides a bit more granularity, but the primary reason I continue to purchase DCS products is because I know the company. Something like kernal-level protection is just too critical (because of what this program can do), to just allow any company to do it on my system.

For me, it has nothing to do with features per se, but the pedigree of the company and whether I feel I can trust the company. Because I have dealt with DCS for so many years, I feel I can allow PG to have access to and control of the the kernal level hooks. But this whole issue, to my mind, is pretty tricky - i.e. Who do you Trust?

Rich

 

Interesting statements, in light of your posts about the TDS-3 Fiasco.

 

I appreciate the replies guys, but unfortunately nobody was able to answer my question.

I am trying to figure out the exact differences between these two programs (feature-wise)

What can one do that the other cant?
What can one do better than the other?

you know, things like that.

 

Their feature set is practically the same. With Antihook having a bit more.

But I don't think that's an important consideration for a noob.

 

anti hook has not had so many uptodates and everything it does is free for the home use
processguard could keep going or stay still in the water nobody knows

try antihook while the waiting for processguard to prove themselves again