Cyberhawk -- is it for the birds?

I think you are confusing the duties of a firewall with that of a full system firewall.

The job of the firewall is not to prevent dll injection which isn't a network related event.

After all dll injection can occur for other reasons (some primative security programs do that!) and as long as the process does not try to create a network connection it isn't the business of a firewall to stop it.

But the firewall does notice if this altered process tries to do a network connection and offers to block it...... Which is exactly what a good firewall should do.

But of course these days most people are blinded by leak tests and can't tell the difference at all.

In any case, DSA covers dll injections more than adequately.

Well so much for cyberhawk.

There are other reasons to stop dll injections of course, but doing so to beat leak tests doesn't seem to be one of them if you are using comodo.

 

My reason for wanting some general protection against dll-injection is not to prevent leak tests, but having a setup which protects against smart malware. I said when a malware is able to pass application monitoring and dll-injection prevention it is problably able to break out most firewalls

As for my confusedness:

Well I read the posts on this board because I am confused about security. Now I got a lot more information, but am still as confused as I was before.

 

Well most people here probably get *more* confused as they read more. So if you are merely *as confused*, you are ahead of the game.

 

Okay,

I much valued your input on the security setup of a girl friend anyway. Nothing wrong with a good discussion.

Regards Kees

 

personally i found DSA agent another app that will confuse many users with its pop ups . where as cyberhawk is able to implimement this into its listings on a daily basis ( this is what i would refer to as intelligent) which is fine for most users . I have been running soley on this pc with only a firewall and cyberhawk off an on ( mostly on) and have not encountered one instance of spyware/malware etc over the last 5 or 6 months. albeit i am a safe surfer generally. one area that DSA concerned me was their lack of answer to a question regarding the ability of DSA to not load up conflicting drivers if another firewall is already loaded onto the system and if that first firewall is uninstalled will this make DSA vulnerable without that driver.

 

Yeah, I remember now why I don't like it

 

Several apps have been discussed in this thread. Ergo, what is the antecedent of "it" in your statement "I don't like it" -- DSA or... ?

 

OT: What is "Ergo"?
I've seen that word quite a few times around here.

 

Cogito Ergo Sum is a Latin phrase that is commonly quoted. It means "I think, therefore I am". The Ergo in this instance means "therefore".

http://en.wikipedia.org/wiki/Cogito_ergo_sum

 

Based on this other thread, I believe this post was a duplication of the other discussion, but this is only a guess.

https://www.wilderssecurity.com/showthread.php?t=149485&page=2

 

This appears plausible based on the description that the company representative provided about the program. Since it will not install conflicting drivers should there be already a firewall present, then taking out the firewall might expose the program to attacks. I guess in this case, you should install the program with either a firewall that you will never uninstall, or install this program first and see if a later firewall has any problems when it is installed.

 

Thanks!

 

I have come to believe that Spyware Terminator and AVG Free 7.5 used with Cyberhawk for added insurance will be enough protection for my personal usage. Because of that belief I went back to using Windows Firewall and uninstalled although a bit reluctantly my Comodo Firewall. I will miss this fine piece of software, but I must admit I do notice that surfing is a little bit faster now, as is start up and logging on and off as well. I know some may say I'm sacrificing security now without a third party Firewall installed, but the fact that there wasn't any Malware phoning home and the overall speed of my PC is the way I like it, I'll take my chances that by using ST, AVG Free, and CH for added protection, along with FireFox 2.0 and McAfee SiteAdvisor that my Windows XP Firewall will do just fine to also help keep things out. I'm not trying to be arrogant, but with all the AV and AS software I've used over the past year, I don't remember it ever needing to prevent anything, or finding anything. (Antivir did find a Trojan in my System Restore once awhile back while scanning with Ewido at the time) I just feel confident that AVG has improved a lot, ST is improving, and Cyberhawk will do what it says it does if it's ever needed. I also have read many posts from people using Windows XP Firewall, and their claims that they never get any malware only adds to this confidence.

 

I too have come to the conclusion that perhaps less is more, when it comes to the balance between security and speed. Over the last week or so, I have tried out many of the anti-spyware applications mentioned in this lengthy thread, following a scare after using XoftSpy, which claimed to find 110 'bad' items in my registry, despite my continuously running KIS and Spyware Blaster, and never having had a problem on that scale before. It brought into question my faith in KIS, which did not find these items, but neither did any of the other spyware scanners I tried, so I have concluded that XoftSpy was telling porkies. Having found CyberHawk to be slowing down my system, and difficult to uninstall, I then tried CounterSpy, SpywareTerminator, SAS (Free), SpywareSweeper (which doesn't work properly), and AVGAS in my effort to secure my system, but I found that most of these had a detrimental effect on performance, to varying degrees. As I have never had a significant problem with spyware or viruses, and generally practise 'safe surfing', I have now decided to strip down my defences, and have decided to stick to KIS and SpywareBlaster. I still have SAS to use as an occasional on demand scanner, but in reducing my running processes, I am now back to the swift startup and unhindered surfing I was enjoying before XoftSpy threw the spanner in the works, and I feel perfectly safe, although I would be happier still, if SB updated more frequently.

 

It takes CH awhile to Analyze all the events and then protect programs, but on my 512MB RAM PC it doesn't slow it down, or seem to at any rate. This is with AVG Free and Spyware Terminator running as well. I'm not saying it didn't slow down yours, and maybe KIS which is very good just didn't run well with CH or vice versa. It doesn't matter however, as you seem happy now and that is at the heart of what we are saying. I uninstalled Spyware Blaster,but may add it back. Just wanted to see if there was any difference in FireFox without it, but i don't notice any. I was just never really sure how effective SB was.

 

You are just using Spyware blaster?

Well it's possible to be safe, but I doubt SB is contributing much.

 

DSA.

But just personal opinion, I didn't do all the heavy duty testing (leak tests !!) everyone here does....

Or can i seriously doubt the effectiveness of cyberhawk. it acts way too late.

 

Devil's Advogate

I stopped smoking and trying leaktest. Devil made me see

 

SB and KIS. Actually, tell a lie, I also have Ad Aware installed, which I forgot about, but it's only the basic version for scanning. The only other one I might consider again is AVGAS. It does slow down boot up time, and sometimes my desktop takes a while to rebuild with AVGAS loaded, but it's the only one which doesn't seem to slow down basic Windows navigation through files and folders, or surfing. Before I found KIS, I used Norton Internet Security for years, but the 2006 version had such poor reviews, I decided it was time for a change. I have never suffered with any serious spyware, or viruses that my security apps haven't caught, and the only 'live' spyware protection I had before all this (apart from NIS then KIS) was SB. Admittedly, as I said above, it doesn't update very frequently, which is why I still might consider a 'proper' 'resident shield' type app. Perhaps I have just been lucky over the last 6 years of Internet use?

While these forums are an extremely useful resource, the more one reads, the more paranoid one can get. I don't believe there is an evil undercurrent of the web, just waiting to pull in and infect casual surfers. The day to day surfer will usually use mainstream websites, where there is little danger of attack, and I am of the opinion, perhaps cynically, perhaps naively, that 'spyware' and other such dangers are over-rated, and I would even go as far as to suggest, in my own personal opinion, that some of the 'nasties' are created by the spyware / virus protection vendors themselves, in order to scare people into purchasing their products, or at least, to validate the existence of such products. How many times have we seen a piece of spyware, that only 'such-and-such spyware blitzer' claims to be able to remove? Doesn't anyone else think this is slightly suspect, or is it just me?

 

A little more about Cyberhawk would help please but as you made the effort you are correct it is your personal opinion.

I suggest abit more. Dont get me wrong this is no flame.

 

Sorry, my last post probably shouldn't have been in this thread, but the discussion had already broadened from purely Cyberhawk. I was merely suggesting that, like reading medical books, if you read enough about some awful disease, you can end up convicing yourself that you have it, and it certainly isn't beyond the realms of possibility that *some* spyware is a scam to get you to purchase the means to dispose of it.

 

Hi Duke1959,
I will throw in my two cents worth regarding yoru summary. Since you have bounced around Comodo, AOL AVS, Antivir, etc. etc. etc. Thanks for the feedback that you provided concerning how they ran on your PC. As for your current setup, I cannot verify nor denigrate the combination of what you are using at this point. I have read pros and cons concerning all of the programs that you have used and reviewed. I still have the Windows XP firewall in use on a laptop and have not yet tried a replacement firewall nor have tried any HIPS/Sandbox, nor even a real time antisypyware program. So far since over 2 years of use, there has only been one "serious" infection by an adware trojan program (note that some vendors even considered this particular trojan as "nuisanceware" and not malware). At the time of the infection, I was using an outdated version of Norton Antivirus on the machine with only the XP firewall and no antispyware programs at all. I have since used several antispyware scanner programs as well as replaced Norton with Antivir (oddly, the two programs ran side by side without any problems before I changed my startup to block out Norton). With this current setup, I haven't gotten any other serious problem. I have been looking over other firewall and HIPS/Sandbox applications (and even some replacement antivirus/antispyware/suite applications). I am sure it is better to add proactive defenses to a system, but I guess the one thing that I makes me hesitant to add programs is the clutter that is generated by so many registry and file additions. Also as you add/replace things, conflicts and slowdowns may invariably start to show up. I work on a mainframe at work and you always have to be cognizant of system resources and memory allocations of your applications because source code tends to increase and programs keep getting bigger all of the time. The programs can only run faster if they are small, are lesser in numbers and require less resources. I don't do any heavy downloading nor surf to suspicious websites so by avoiding the possibility of being attacked and being vigilant of how you use the PC is probably the best defense than a gauntlet of programs (other than not using the PC at all).

 

Xoftspy was previously linked to some other promotional sites and I believe that they were accused of sending false positives results in order to induce people to buy their software. Several rogue companies employ this tactic. The recent status of the company says that they cleared up the previous problems regarding their software. When you add several software on a machine, unless you have a super computer, you will ultimately see an effect on performance. People say I got a ton of memory and fast CPU, but when multiple applications compete for that memory and CPU time, wait states and resource control eventually enter the picture. On my Windows 98 machine, I have McAfee and Zone Alarm which take "forever" to come up on the system tray. I put up with the slow boot up only because they have proven their worth in blocking out intruders and viruses.

 

I think the "problem" with SB is that it doesn't tell you whether it blocked something or not. Since the program is a browser inoculator, it is not active on the system tray. I think that there should be something like a block log in SB to help users know what malware was encountered during surfing. But since it is freeware, beggars can't be choosers.

 

Agreed. But then almost every manufacturer of a product does the same thing. They have to sell their product to buyers otherwise the existence of the company will not endure. Sometimes you wonder who is creating all of these viruses, trojans, rootkits, keyloggers, etc.