antihook free for home users

This is from the developers.

"Hello Chris,

I'm really happy to see more and more people using AntiHook.

Just a minor clarification regarding AntiHook's design as some people are
confused how it works:
AntiHook uses a kernel mode NT driver to ensure that all necessary native
calls will be detected and optionally stopped. The driver is responsible for
detecting and preventing execution of remote threads, writing to the memory
of an external process and other low-level calls.
The user mode DLL is used to detect suspicious system-wide hooks and
ActiveX/COM components.

We're preparing an installation guide and it will be available
today/tomorrow on our Web site. Will send you the link later on.

We have scheduled to release the new version 2.1 within two weeks time.
These are some of the enhancements:
1. Monitor registry calls and loading of kernel mode rootkits
2. Detect and prevent starting and terminating processes - integration with
Launch Monitor.
3. Centralize administration for AntiHook rules and provide ability to load
and backup rules
4. Some UI enhancements"

Hope this helps,

Chris

 

Well really you should reformat but if you're absolutely positively sure your secure than you could just install it. I'm sure many people don't reformat as they should but it is really up to how secure you want to be.

Hope this helps,

Chris

 

Thanks for the news Chris, looks like Antihook is just getting better and better, hope it doesn't go paid.

 

Thanks for posting that news about AntiHook Chris, good news all the way around.

I agree Arup, it does seem like the product is improving fast. It sounds like they may be moving towards a paid product though, let's hope not. *fingers crossed*

 

Thanks for the frank response, it's a big help. I am pretty sure that my pc is clean, it runs great and there's no reason for me to be supicious. All things considered, formatting would be a last resort for me for reasons already mentioned.

Antihook is very attractive right now but if it goes paid obviously it will have to measure up against PG, in which case I don't think it would look quite such a good proposition. Does Antihook offer the same protection to applications for example? Is this what is referred to here:

2. Detect and prevent starting and terminating processes - integration with
Launch Monitor.

ALSO: would it be a good idea to run Prevx as well, as Antihook doesn't monitor the registry? A good free combo perhaps?

 

As far as I know yes. This is a new feature coming in 2.1 and I have not even tested yet. When it is safe to say I will let you know

Maybe we will have to start a new thread for launch monitor...It is payware though. But passes all firewall leaktests running with antihook by showing what is trying to start and sneak out.

EDIT: Maybe I should say leaktests from http://www.firewallleaktester.com instead of all. Please let me know how they go for you if you test them.

Hope this helps,

Chris

 

I was quite surprised at how many alerts I got from AntiHook when trying to do an AdAware scan.

Seems like AdAware wants to "modify" nearly everything it touches. It (AntiHook) also lengthened the scan time for AA a lot - although perhaps now that will change since AA can "modify" away . Pete

 

I uninstalled it Pete, cause it isn't anything for me, it gives nothing extra that should be concerned about imho.

and not worth a posible war between the kernel programs
very true what you said...cannot be good for the system imo.

I will not let myself carry away anymore....for today

cheers

 

Did you have some problem with it? Can you tell me what you mean can not be good for the system? Did you have conflcits? Can you please explain more.

Thanks,

Chris

 

That is just a theory I have and probably stated by many others (I first addressed this in the firewall area regarding New Tiny Firewall)

the prob lies here:

I have still the longest install of Windows at the moment (took me some months now without formatting) and in the meantime I installed a lot of kernel applications and removed a lot too. I feel that whenever I install a new security program that works in kernel mode, that my system cripples and I receive errors like never before.

I had in this case some lockups and uninstalled it. that means in one week I tried tiny, safe n sec and antihook and all are uninstalled. that is just one week...therefore I don't expect any other thing then problems and issues.

that's it

bummer cause I understand I'll have to format soon...

cheers

 

I have been trying to install for three days, I keep getting "invalid or corrupted registration store' and it locks up my comp on XP start up. I have to reset and go to safe mode and do a system restore.
My comp;
XP Pro, F-Secure 5.0, Kerio 2.1.5.

Also does this on my main comp- XP Home, Arcavir 2005, Kerio 2.1.5

Any Suggestions?

 

Hello everyone, nice find on this software. I was looking for a nice freeware AT to compliment NOD32 nicely (BOClean is definetely on my possibility list) and this looks to do just what I wanted. I also use Kerio PF 2.1.5 are really admire rule-based software in comparison.

I'm running XP Home Edition SP2 v2600 with no problems.
I did a clean install yesterday so this was a welcomed addition to my security setup. I believe more in running light and common sense/safe hex being at least 50% of the safety.

The only real problems I have with the program are:
> .NET Framework for the Rule Editor
> Usually requiring four "Yes" clicks to be able to launch an applicaiton with all notices the same - while I believe it is good safety procedure, it also can become very annoying.
> Rule Editor is very basic.
- There is no "reload rules" options for new rules.
- No ability to import/export settings (have not checked for any files the rules are stored in at present)
- Interface is a little clunky.
- I also didn't like how being able to launch/spawn a process was titled "modify target program" - I would have thought this would be the case if it could alter/replace/update certain files not simply launch them.

I have not had any problems nor crashes. I am running it in normal mode so I can get notices about certain events. I did notice there is no checksum verification of files, is this not a feature of the program? I can quite easily modify executables and have not recieved any notices (I even altered the main "antihook" program file and did not recieve any notification it had taken place - I wouldn't see this as self-secure protection, especally if a malicious program altered the code for a detrimental gateway)

All in all, it is a decent freeware application. I'll keep testing it out over the weekend.

 

Please tell me what you think needs to be more advanced in the rule editor.

Do you mean that a reset to default option?

I will mention to the developer about the checksum verification which is a great idea I agree. The UI will have some enhancements as seen by my post earlier in this thread which may or may not address the wording issue you mentioned.

Please either submit any other ideas to the InfoProcess at info@infoprocess.biz or post here and I will relay the ideas. Whichever is better for you.

Thanks,

Chris

 

Earlier I posted that I was concerned that .net was required for the rules editor, but .net installed on my test box without incident. Let's face it, .net applications are proliferating, so I now think this is a non issue.

The good part is the fingerprint or learn mode. It makes setup easier.

The bad part is I installed an application that installs a communications driver and antihook did not complain about it one bit. That was with fingerprint turned off, for the sake of clarity. A communications driver once installed allows a complete two way bypass of a firewall to the network. This very possibility is often cited by experts as the reason why outbound application control and leak testing is futile.

Having the factory reset button right there on the first interface is not a great idea IMO. Just one careless click and the whole config is gone.

From what I can see antihook seems to focus on IE and windows explorer. Probably because it is really focused on leak tests, not preventing the installation of keyloggers and the like.

 

OMG another kernel mode driver?

See me kringing?

It all boils down to one thing here.

Which kernel mode drive are you going to stick with in the end?

more then one is too much.

Bruce

 

Interesting... any details?
mesa waiting....

 

Speaking of Windows installation, mine is almost 21/2 years old and have been through many different firewall install/uninstall as well as various other programs.

Antihook works on my system with my expectations for a free software, it is nice to see that they are adding more.

 

Arup-

If you can go 2.5 yrs on a windows install, you are some kind of special guy. For me 6 months is a bunch, and by then all sorts of things are going wrong. I have traced some of the problems down. Unfortunately, they are usually due to drivers installed by various programs, some of which are from big publishers. Watch out for most system utilities, AV's, firewalls, and CD/DVD burining software.

 

From the website "AntiHook's key goal is to dynamically protect your privacy and applications from Spyware, Code injection, Trojans and Keyloggers."

Can you please tell me more about this. If not here than in a pm.

Great suggestion. I will mention this to the developer as well and see what can be done.

Thanks,

Chris

 

Hello again. By the reload rules, I meant an option to "refresh" all rules. I mainly stated this as I had the rule editer open while in the background fingerprint mode was creating additional rules which were not refreshed/added to the editer while I was modifying other rules in real time.

Another feature that would be nice is changing the default double-click action with the tray icon, at the moment (for me, at least) it opens the about box. I would rather - when installed - have the rules editer to jump up into play to make it easier to access. But this is a minor nitpick.

One other feature (yes, I am a great fan of KPF 2.1.5) would be to add a log for the entire program and additional set rules. I believe this always helps in tracking down problems and tightning security with configurations.

I'll probably try a few installs that do relay kernel drivers which could be seen as malicious to test out AntiHook. Most of the time I've found with installations is I am prompted prior to the install occuring, but while the install is taking place I get no prompts even when I have not created rules to specify against it.

One last featuer I thought might be useful - especially since it is aimed at the later NT-based platforms - would be balloon tips for the system tray which could incoporated into a "silent mode" where inplace of screen pop-ups of notices, you simply get a small notification displaying what is happening. This would also compliment a log nicely as a real-time way of alerts.

I am impressed with this software so far as it is the best one I have used which is free (SSM is good, but I often found it causing slowdowns in areas with program-based protection enabled). Great work InfoProcess.

 

Diver,

I am a lazy guy, not special and too old to go through multiple installs, I use Inctrl to monitor every file and registry changes done by an installation, then I am a big fan of registry cleaners and use couple of good ones, all this has kept my Windows in good shape so far.

 

Is anyone running both TDS-3 and Anti-Hook? I can't seem to be able to get TDS-3 to open whether I have AH in "Fingerprint running system mode" or "Normal mode". (TDS-3 stays hung up on the memory scan). Pete

 

Can anyone tell me which is better:: ProcessGuard Free or AntiHook Home?
Please enlighten me!

Abhishek

 

I can't help thinking that ProcessGuard Free + Prevx + Antihook would be a near impregnable IPS system and all for free

Even so I think I'll just keep Prevx and upgrade PG to the full product. PG is stable, it's well tested and I'm not happy about having so many apps hooked into the kernel, not to mention running in resident. With PG you pay once and that's it. If you are running it on more than one machine like me, I think it's a very fair price. Not to mention there's no indication whether AntiHook will remain free, or how well it will work with other programmes. But if you don't have PG this looks a great option.

 

http://img38.exs.cx/img38/5236/antihookrulebasededitor7vz.th.png

I've been getting this error lately with the rule-based editer. This was one reason I was not very fond of the dotNET framework attachment. The above error keeps popping up when I try to apply any alterations I have made to any rules (namely delete unused/old ones). I really do believe the rule editer to be very basic. I really hope this does get improved as it is currently the only issue I have against using it as a long term solution.

"Continue" just ignores all changes made and returns back to the editor, while "Quit" just closes the editor down.

Has anyone experienced a similar problem? If not, I'll try reinstalling the editer.