antihook free for home users

@Chuck57:

I don't use Kerio (or any PF, for that matter), but from what I can see on its web site, it doesn't do anything to block windows hooks or driver installation. There are glaring omissions in any HIPS.

@ErikAlbert:

It's marketing hype. Nothing is bulletproof. The word itself is stupid. There is always a bigger and/or faster and/or harder bullet somewhere. Just as with ProcessGuard, some things can get by AntiHook. There is a link on this site to another site, which ran a series of tests. AntiHook failed several of them.

I myself have found that PC Magazine's EndItAll can kill applications without AntiHook noticing or preventing it. If EndItAll can do it, why not malware? I hear nothing but crickets.

 

Thank you. I asked it because I'm a total newbie in HIPS softwares. You never know.

I'm glad AntiHook didn't call itself "intuitive" and "intelligent".
If security softwares were so intuitive and intelligent, why do they still report false positives sometimes ?
A knowledgeable user won't make that mistake, because he IS intuitive and intelligent.

I guess some programmers saw too many SF movies and like to call their sophisticated programming methods intuitive and intelligent.
At work, I have to convince ignorant users sometimes, that our computers aren't the same as in Star Trek.

 

Hi Pffft,

Thanks for your feedback.

I understand your disappointment and I would agree that it is quite annoying not to have AntiHook Rules Editor refreshing itself. This is a real issue that we were aware of and have already fixed for the next build of AntiHook.

Thanks,

Ivo Ivanov

 

AntiHook shouldn’t introduce any additional slowdown unless it’s been run in fingerprint mode. In fact we’ve been working on a performance improvement in “normal mode” and this will definitely improve the overall system performance in the next build.

 

AntiHook is a dual layer HIPS and as a part of the user mode protection AntiHook injects SMIHelp.dll (System Management Instrumentation Helper) to monitor some of the critical APIs being called by the user mode apps. In fact it doesn’t affect the overall system performance as the DLL is being injected to monitor API calls only. That is - it is working in passive mode without interfering process performance. However, there are a few IPC issues we’ve been working on and will be addressed with the next build.

I really hope this problem can be rectified.[/QUOTE]

 

EndItAll is a great utility. However it hasn’t been used during our QA process. We have found a few issues related to terminating processes and this will be addressed in the next build.
BTW, we really appreciate any constructive criticism! Antihook would have been what it is without QA people like you! Thanks for your help!

 

Pffft,

Thank you very much for your feedback! Your help is invaluable!

We have already fixed these issues and surely they will be part of the next release. We have scheduled the next build for beginning of September.

Thanks for your emails. Could you please let us know if you find any other issues.

Thanks,

Ivo

 

We cannot talk about marketing hype when we are discussing a free product – don’t you think so? At the end of the day we don’t even make any revenue out of AntiHook – but this is not the point. What we are trying to achieve is to deliver a real world solution that would help end-users secure their systems without paying anything. We cannot do this without your help! Thanks again for helping us out!

Thanks for all your help!

Ivo Ivanov

 

First, I think it's important to realize that NO HIPS or IDS/IDP product is going to be perfect. There will always be a way found to get around just about any protection people come up with. If a person invents it, another person can usually find a way around it, with enough time and effort. Even your AV or firewall can be bypassed. It's more a Windows fault than anything. If Windows was designed with more security in mind, we probably wouldn't have as many of these malware problems today.

And as for the tests done by Kareldjag on AntiHook, well those test were not perfect. Often the IDS programs that were tested were subjected to tests that the programs were not designed to defeat, and in ways they weren't designed to protect you. And AntiHook still got a 8 out of 10. Not bad for a free program!

The point is to use different security programs 'together' that make it more difficult for others to infect you with malware. AntiHook does this, it provides another layer of defense against malware, and a very powerful defense in many cases.

Those who are only pointing out the negative points of AntiHook, with very little evidence I might add, are simply disappointed that AH doesn't provide completely unbeatable protection in every possible way, but name a program that does.

AntiHook is not perfect, but it can be a very powerful addition to anyone's security setup. AH will block much malware that many other security programs could easily miss. I use AH with these points in mind.

If you want even more free protection use Prevx home free version along with AntiHook. The two together beat nearly all of the tests done by Kareldjag.

 

You aren't contradicting me. This is exactly why I said that using the term "bulletproof" makes no sense, and is misleading. Nothing is perfect, so don't go around claiming it is.

I just know you can't be talking about me here, since my posts have already been substantiated by the author himself.

 

You mean IPS, but anyway, if someone does tests that go beyond what a product is designed to protect against, that does serve a purpose--it points out the product's flaws or limitations. That is a good thing. I mean, I'm not going to brush off the NHTSA's 40-MPH crash tests and defend the auto manufacturers by saying that the cars weren't designed to protect the occupants at such a speed.

 

You do sell the product to corporate customers. But whatever.

Please pardon me--I don't fit the typical mold of a Wilders regular. I do less shoe kissing and more truth telling. I don't mean offense, I just have a nasty addiction to reality.

 

It seems that what you are really looking for is someone to argue with about this. Why would my posts have to contradict yours? I'm simply posting my own opinion on the matter, not attempting to start flame wars as you appear to be. I don't understand why you think I would have to contradict you with my posts.

I also don't understand why you would say this, "Nothing is perfect, so don't go around claiming it is." after what I previously posted. When did I ever claim AH was perfect

I agree that tests such as Kareldjag's are good and very helpful, but they cannot really be used to show the true worth of a product. Many of the tests were done in such a way that you would never run into those exact same circumstances in real world situations. They're just tests done with test programs, and should be viewed as such. They only show and indication of the way the products would behave with real malware in the real world. So in actuality the programs being tested could do worse or better, in real world situations against actual malware.

If I like a program and find it useful I will support and recommend it. If you have found flaws in a program and report them to the authors, that's great, that's what I would do also. I don't think anyone is ass kissing here, we are just expressing our opinions about a program we like. If I find flaws in AH, I'll also report them, so far I haven't discovered any.

 

I fully agree with pffft.

 

Good for you, but it makes absolutely no sense for Pffft to make those comments to me after what I posted about AH.

 

Just look at the website :
http://www.infoprocess.com.au/ and tell me who is talking about bulletproof.

 

Sorry, there was a misunderstanding on that. I didn't mean to say that you called AntiHook "perfect"; I was making a separate point about what the vendor says--calling it "bullet-proof" and so on. (In other words, I should have said, "Nothing is perfect, so don't they shouldn't go around claiming it is.")

No flames wars here.

I should have mentioned the things I like about AntiHook, rather than just pointing out the problems I've found. In any event, the only reason I point out issues is because I do like it. I wouldn't bother if I didn't think it was worth it.

 

hi, i have downloaded AH. i downloaded it twice because i thought there might be two versions. i thought i had clicked the same things each time, but i must have done something differently because one is 630 KB and the other is 1,403 KB and they're called AntiHookProSetup25-1.msi and AntiHookProSetup25.msi respectively. which should i install? thank you.

 

iceni,
I installed the trial version (1403 KB).
So the other one must be the free version.
The title "antihook free for home users" suggests that you install the free version.

 

I'm glad you mentioned this, because I had the same exact thing happen to me. I tried over and over to download AntiHook, thinking that something was wrong with Download.com. And there must be something screwy going on with the server.

In any case, install the larger file. Or, at least that's what worked for me.

 

Hate when I submit too soon...

There is only one version, I believe. You didn't do anything wrong. The download site is whacked. And the two names you mention (AntiHookProSetup25-1.msi and AntiHookProSetup25.msi) are just the result of your browser adding the "-1" on the second attempt, to make the file name unique.

 

Hi myopinion,

Thanks for all your posts – we are happy to hear positive feedback too. This is something that keeps us motivated in our hard work on AntiHook.

Thanks!

Ivo

 

Currently AntiHook can be downloaded from download.com but as it appears sometimes there are issues with this server. AntoHook Setup is now available also for download from:
http://www.infoprocess.com.au/downloads/AntiHookProSetup25.msi

 

Does AntiHook confirm hash value of the process that is about to run like ProcessGuard?
When some applications was updated, AntiHook did say nothing about the fact that running process was modified.
It is a helpful alert to let me know modification of the process, so I hope coming AntiHook has this feature.

[Add August 19th, 2005]
I am terribly sorry to say such a silly words.

 

Hi, I have used AntiHook for a lot of time, and it has worked very very well for me, but in this moment I have a problem: when I want to use sandboxie 2.0 to open another program to protect it, let´s say e-mule or just a browser ( firefox, opera, IE ), AntiHook doesn´t let me run it with that protection, so that I have to uninstall AntiHook if I want to use the kind of protection that sandboxie gives to this programs. I don´t know what it could be. Where are you Ivo?