AntiHook 3.0 Released

Discussion in 'other anti-malware software' started by QBgreen, Nov 9, 2006.

Thread Status:
Not open for further replies.
  1. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
  2. TECHWG

    TECHWG Guest

    lets home they did something right this time . . .
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, let,s hope!!:)
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So it,s paid now. Any screensshots if there?
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I have checked it out but I´m not too impressed. I´m not satisfied with the GUI and it does not always seem to remember certain rules. Also, I do not think that the registry monitor is that advanced, it does not seem to cover as many things as KAV/KIS and SSM for example.

    More bad stuff: it can´t stop certain process termination attempts. The only thing that I liked was the ability to spot service/driver "startup type modification". :)

    Some screenshots:

    http://img122.imageshack.us/img122/7999/screenshot001af5.png
    http://img179.imageshack.us/img179/708/screenshot002wz7.png
    http://img122.imageshack.us/img122/3470/screenshot00d1mf3.png
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    The v.2.5 already was very vulnerable against attacks, it wasn´t able to block anything.. what do you think will happen in v.3`?

    The genetic disease will stay, that´s my opinion.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Rasheed for screenshots.
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I saw the beta and it is nice to play with but it´s not the software I would trust. Too many vulnerabilities.
     
  9. zorro zorrito

    zorro zorrito Registered Member

    Joined:
    Feb 19, 2006
    Posts:
    149
    Let's see version 3, last v2.5 and v2.6 worked fine for me, except for the sandbox problem(problems with sandboxy), I hope this one doesn't have that problem.
     
  10. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    I cannot believe it's payware now. for some reason I lose a lot of respect when a product goes from free to pay. We need some freeware in the world, some full non crippled freeware.
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    exactly my opinion
     
  12. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Thanks for posting the screenshots :thumb:

    I don't like the look of the GUI :ouch:
     
  13. tcars

    tcars Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    8
    Location:
    Sydney, Australia
    While the newer 3.0 is for sale at a modest price, 2.6 continues to be offered free to home users. We are committed to continuing to offer free and advanced versions like this, and the contributions help fund development on both versions.

    AntiHook 3.0 was rewritten from the kernel level up and we believe is a more efficient and secure design. The engine is working well and as designed so far. If anyone has some specific feedback on vulnerabilities we would appreciate it, as we are committed to producing the best HIPS product possible.

    In response to some other comments in this thread, we are already in design and development of a new release that will cover the following:

    1) User Interface improvement - whilst 3.0 is already an improvement on the UI of 2.6 we know that there is much to be done to repaint the product and make the control center in particular easier to use.
    2) There is only one advanced method of process termination that can currently stop the AH driver and while not currently a major security risk we will block this too.
    3) AH 3.0 currently takes an exclusive position at the kernel, this design will be changed slightly without sacrificing security, thus allowing compatibility with products such as sandboxie.
    4) Registry monitoring will be expanded, and we will provide ability for user to enter custom registry keys and values to protect.

    Thanks for your feedback, any other feature suggestions would be appreciated too.
     
  14. EASTER.2010

    EASTER.2010 Guest

    @tcars

    Hello and Welcome.

    Some off-topic but i have been using InfoProcess LaunchMonitor with impressive and stable results. Will your team be improve on this program or will remain proof-of-concept type demo?

    As for Anti-Hook.......I have not yet even tried it yet but am curious to it's development also. Does free 2.6 perform basic coverage adequately enough to protect systems or you prefer peeps go the full route with 3.0 Safety with it's added ability?

    Thanks EASTER
     
  15. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
  16. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I did a test drive on v.2.6, and then deleted it due to system slowdown, during that critical process(uninstallation), my computer almost got a cardiac arrest (freeze, no pluse), a penalty for abandonning it? Would v.3.0 be much polite when dealing w/ this situation? I like to try it but just can not go thru another attack. Thanks.o_O
     
  17. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Hi Perman, forget it, Antihook3 grabs all your ressources, too many freezes...
    very time consuming. Especially if you like to deal with other security apps.
     
    Last edited: Dec 8, 2006
  18. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Sad news for a new release. Hope someone dare enough to rebuke your comments.:-*
     
  19. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I use FX60, so the delay is not always so problematic for me, but on slower computers, I doubt a bit.

    But you know this is a core problem of Kernelhooking, it slows down your system to hell after a while, the more hooks you allow, maybe this phenomenon has an end with windows vista. Except if Symantec reach to force Microsoft giving access to their source code. (ha ha ha)
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I'm running SSM (it hooks the kernel) & my box is very speedy. I discern NO perceptible slow-down.

    @Perman- For testing AH, I recommend making an image prior to doing it. If you decide you don't like AH, you can readily uninstall it simply by restoring the image.
     
  21. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Hi, bellgamin: Does AH require reboot after installation. If it does not, then I can test it in Frozen state of DF.:rolleyes:
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    The previous versions of AH needed reboot, as I recall. I haven't tried 3.0. Hopefully someone else will answer your question.

    I wish I could afford the price of ShadowUser -- with that one, you can handle the programs that require reboot (or so I have been told).

    I'm presently using ShadowSurfer, which has capabilities similar to DF. I loved DF, but switched from DF's trial copy to a licensed version of SS when I managed to get a free copy of SS at THIS link.
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Ah Perman you are a deep freeze user, maybe you know how to remove their cmos code.. because it destroyed my floppy bootblock, damn bad software. :mad: :mad:

    Antihook asks soo many questions, this is where process guard has a main advantage.

    Antihook should include a function to save all rulesets in one, and not one by one. Time wasting things..
     
  24. Ivo

    Ivo Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    31
    Location:
    Sydney, Australia
    Hi folks,

    I don’t know how I can stress more that combining multiple HIPS products may only give you a false sense of a more secure system because it is more likely that only one of the products will be in charge and all the rest will be not operating or partially functioning even though they are running just fine. It is not impossible to run side by side AH30 with those two products, but this doesn’t mean that the machine will be better protected. Worse – the user may experience a significant slowdown and crashes. PG and IceSword are two great products but finding a way to run them side by side with AH doesn’t add any value because we know that only AH’s system call filters are actually working and being able to detect and stop suspicious activity. Again some number of the PG and IceSword functions may be still partially working or just enough to give you a wrong impression.

    As some of you have noticed we have completely rewritten the kernel driver and the user mode portion of the system. All user mode apps have been redesigned to allow better extensibility and this is why we decided to use .NET as a platform.
    Just like SystemJunkie many users are quite surprised by the high memory usage that typically Task Manager reports for running .NET applications. In fact .NET apps including the user mode apps of AH don’t really use that much RAM – Windows will give it back if other apps need it. Surely .NET applications really do have a high memory footprint relative to most native code application (i.e. native Win32 apps). In fact most of the diagnostic tools like Task Manager are showing the amount of the Working Set being used by a process. It is important to note that part of the Working Set may be shared with other processes as well as the .NET runtime which is part of each .NET app. The figure reported by Task Manager and alike may be overstated and quite misleading.

    In terms of performance it AH30 has shown pretty good results due to the fact that we have removed the overhead of one of the user mode monitoring DLLs and moved all filters down to the kernel driver.

    Some of the key system calls which AH filters are a process creation, process termination and modifying an external process memory. Normally this is not something that happens very often (typically less than 100/sec) unless there is a piece of malware/rootkit or poorly written software running on the PC. For more details on how expensive process creation is peek at Microsoft Windows Internals by Mark E. Russinovich, David A. Solomon.
    Another reason to experience a significant slow down it is usually caused by a wild mixture of different security apps. As I mentioned before it is important to utilise complementary solutions as opposed to products with overlapping functionality. That’s it – AH is not a firewall and it is not an AV – it is a compelementary solution and you do need a firewall and AV but adding an extra HIPS product may introduce only additional overhead and significant performance degradation.

    Your feedback is highly appreciated!

    Thanks,
     
    Last edited: Dec 11, 2006
  25. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    (spelling edited)
    Amen to that. :thumb: Overlapping functionality and multiple resident programs may or may not run smoothly. When you have "so many hands in the jar" some kind of problem usually pops up at a specific memory location or system register. Getting malware is bad enough, but when you have to work on a slow or hiccuping PC that just compounds it.
     
Loading...
Thread Status:
Not open for further replies.