Cyberhawk 2.04 released

Discussion in 'other anti-malware software' started by QBgreen, May 21, 2007.

Thread Status:
Not open for further replies.
  1. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    Here's the poop on what's changed:

    * Addressed Internet Explorer slow down and performance issues experienced by some users
    * Improved malware cleanup and quarantine for more effective cleaning
    * Added incremental install capability so that going forward updates can be delivered through patches instead of requiring a full uninstall followed by reinstall
    * Fixed rootkit scanner hang issue when scanning directories with large numbers of files
    * Rootkit scan dialog now includes a ‘Select All’ option and abilitiy to ignore or remember certain hidden objects in future scan results
    * General improvements to overall protective capability
    * Fewer false positives
    * Miscellaneous other program fixes

    http://www.novatix.com/Cyberhawk/
     
  2. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    You guys/girls are fast! ...

    Enjoy it. Thanks to all the beta testers that helped out.

    Dan
     
  3. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    i try to install this to my laptop, unfortunatelyit crashed most of my program (bluetooth, etc.)

    i immidiatly un install it and its back to normal.

    is this vista compatible? i have pccillin IS 2007 and superantispyware pro installed....dont know if theres some compatablity issue too?

    thanks
     
  4. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Hope it's lighter than the last vesion.
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    I use it since a hour and seems many more light than previous build and i hope stable.

    Congrats, Novatix, i think this one is the best that i ever tried

    Regards,

    MaB
     
  6. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I'm trying it right now. Seems light and no discernable drag. Hope there aren't as mant FP's as in the last version.
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,743
    Location:
    New York City
    Version 2.0.4.34 fails the first three tests of Firewall LeakTester Anti-Keylogger Tester (AKLT). FWIW, I submitted a ticket on their website.
     
    Last edited: May 21, 2007
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Loads & runs straight & true. Nice so far.
     
  9. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Are we talking only pro version? Is the basic version also improved?
     
  10. EASTER.2010

    EASTER.2010 Guest

    Oh boy, here we go again. I always been a secret beholden loyal to CyberHawk mainly due to it's first early releases and i just been sitting on the sidelines waiting to see what improvements would finally ring out with this latest version, but if that AKLT result is true, i dunno what to think.

    Only way to find out is to try it i guess. Have to switch snapshots and give it a whirl. I like the comment by Riverrun because those issues are what we were waiting to be corrected.
     
  11. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Cyberhawk doesn't really adhere to the mantra of shooting down anything that moves - that's the job for a full-blown HIPS program. The developers aimed to flag only malicious programs, and following this idealogy, flagging the AKLT would be nothing but a false positive.
     
  12. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,743
    Location:
    New York City
    AKLT tests anti-keylogging behavior and therefore falls into the category of things Cyberhawk should protect.
     
  13. EASTER.2010

    EASTER.2010 Guest

    Thats sort of my thinking at this time too Thankful but in all fairness to Novatix & Cyberhawk i believe we should let CyberHawk Support chime in on this before we jump too far ahead of ourselves here. There is some truth to the not a full blown HIPS per say but from past experience most all even Leaktests i threw at early Cyberhawk it done reasonably well against them but thats been some time ago now.
     
  14. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,743
    Location:
    New York City
    I agree. That's why I submitted a ticket. By the way, it still slows my system down too much.
     
  15. EASTER.2010

    EASTER.2010 Guest

    I posted some time back about my finding that Cyberhawk uses, not 2, or 3, but i found 4! drivers that support this program's workings and frankly that right away explained for me why i had been experiencing sluggish behavior while Cyberhawk was running. Now that may be necessary for it to carry out it's work but theres an obvious trade-off there, and one in which was the reason once System Safety Monitor entered this scene with their flagship product that i cut all ties forever with any Anti-Viruses. They just seemed to wedge themselves into my system far too tightly for any comfort & satisfaction. I didn't like those trade-offs then and never will. Now that HIPS like SSM are here i don't need to concern myself anymore with tradeoffs like that. SSM runs squeaky clean on my XP Pro with absolutely NEVER any pressure at all on the system while at the same time offering fantastic coverage.

    Now CyberHawk! When it first hit the scene my first inclination was NOT to replace (first-come-first-serve) SSM with it but rather compliment each other and establish a dual-coverage of sorts and they done just that. In fact, Cyberhawk, whether due to it's particular positions in the SSDT Table or something else yet unbeknowns to me, it jumped up "FIRST" before SSM to intercept potential invasion behavior and CyberHawk also after blocking proceeded to TERMINATE completely the same process it was alerted to and given permission to Block by user, me.
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    And that, my friend, is the key word.

    AKLT is to real keyloggers what the Eicar test string is to real viruses. In my personal experience, from observation, Cyberhawk doesn't simply flag the GetKeyState APIs by themselves, but when combined with more complex behavior - such as requesting network access in tandem with requesting the afore-mentioned APIs - then Cyberhawk does pop up an alert. Don't quote me on this, though.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think personally I will prefer lightness and stability at the moment. Once it is stable enough and runs really light, I will keep it on my system( even if it does not detect most keyloggers). These features can be added gradually.

    BTW I agree that by behaviour, these keylogging attempts hould be detected.
    A bit OT, has anybody tried this test with latest KAV?

    Thanks
     
  18. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Cyberhawk (for me anyways) catches "GetKeyState" and "GetAsyncKeyState", the DirectX and screenshot tests will not get an alert from Cyberhawk. Also, we have seen that sometimes (vmware) the AKLT test does not capture keystrokes, and Cyberhawk will not alert on no behavior. We saw this on a few machines, hence the reason I mention this. Also, you must click out of the AKLT box, for the first two tests to produce an alert.

    DirectX is not "caught" simply because in the world there are few if any malware samples with this type of attack. The samples that use the latter attacks usually get caught before they are allowed to get to the stage of recording a screenshot.
    That being said, rules to counter these types of threats are being worked on.

    Since we have the rootkit scanner, perhaps it is just say that Cyberhawk is not "pure" HIPS, but .... every alert that you see from Cyberhawk is because a rule is triggered by a particular behavior.

    We have aimed at trying to be easier on system resources, although security software being the animal it is... will step on each others toes, to find THE combination to put on ones system is the "fountain of youth" if you will, and we too are searching for this. Hopefully we will give some sort of solution to that soon.

    OK, I am babbling.

    Dan
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sure it is lighter than before and no false positive so far, although CHservice is using a bit of CPU.
     

    Attached Files:

  20. jad123

    jad123 Registered Member

    Joined:
    Mar 1, 2007
    Posts:
    29
    Installed CH 2.04 last night on my wifes laptop. Between CHservices and CHTray it is only using about 8500K. Tried the GetKeyState" and "GetAsyncKeyState" tests and CH picks up both when I click out of the AKLT window.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What does it mean exactly? A security suite?
     
  22. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Firewall, antivirus, antispyware, packaged software like the bigger companies out there offer.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ohh... So if possible let us know pls which software brands you are going to incorporate. Components must be top noch, and still more important is their seamless integration, otherwise you are not going to get customers. Stability, stability, stability,... the most important thing for ordinary users, even if it is on behalf of a little bit less security.

    But will CH continue as standalone? It,s a big Q?
     
    Last edited: May 22, 2007
  24. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    The statement was definitely not official, and I meant that everyone (here) is searching for the "complete" package/s.

    :blink:
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    K, wait n see.
     
Loading...
Thread Status:
Not open for further replies.