Discussion in 'other anti-malware software' started by aigle, Mar 16, 2007.
Released on 14-03-2007
Installed it, running OK so far. Seems lighter than previous version.
I had some reservations about this to even considering removing other security apps to make room, but out of complete surprise i find it co-exists fabulously. And most of you know just how many othe programs i keep running resident, like KIS6, ST, SSM, Snoopfree, AVG "guard" Plus SAS "Guard" that i knew something would surely choke at some point.
Nothing doing, Cyberhawk (newest Version) is doing a fine work minus the previous bugs before, Good work this time around.
I challenge you bold souls to throw even some leaktests at Cyberhawk along with trojan simulators and report your results.
It will take me having ti fire up Power Shadow to unleash the more clever real-life hitters but thats my next step in seeing how far along CH is progressing in it's interception capabilities but so far it seems to breeze thru most the simulators at this time.
This is where the metal really meets the bone for authentic confidence in a design like this one is claiming to accomplish.
Let's give it a once over and see if it has any blind spots, whatta ya say?
For honesty sakes i let (allow) ST (first) then SSM (second) pass the malicious entry to system for Cyberhawk review.
Easter, you must have a great computer
Dual core at least, lots of ram too.
Do all those programs run together? I assume not, but it's always best to ask.
Someone, i will be perfectly honest with you ok? I can only hope when i visit Evansville Indiana again soon i can gather up newer more fashionably stable motherboards, rams etc. to really piece a nice computer together.
As it stands, all this you see and read about from my testings of these reports are only on a single core DURON 1250 of all things with a mere 512 MB RAM that the best i could muster would be to add another 512 to the On-Board 256 stock version of a PCChips boards. It does contain an alternate windows 98 dual drive for strorage purposes and thats the bottom line period. Really.
I defrag this drive Maxtor 30GB almost daily after wiping it with Restoration to keep performance tolerable and reg clean it religiously daily because i move files continuously.
If anything is to be said for all this it has to be the security products themselves because they function well or they get dismissed, purely put.
And to answer honestly YES, they "ALL" run together smoothly with the only exception that i occasionally use KIS6 On-Demand because there is plenty enough HIPS to fill in the SDT Table for now. And believe me staying with Serice Pack SP1 has saved me a lot of grief on this XP pro unit.
Easter, did u try some actual malware against it?
Yes i have "BUT" with Power Shadow enabled just in case because theres no recourse, no even system restore that could recover a severe hit like some malware are designed to totally disable or erase points, I hit it with Haxdor and Rustock a plus some other hair raising malwares where one of them BSOD'd my screen, a really vital protection mechanism builtin into PS that makes it invaluble indeed is when you suffer from a severe hit that knocks out your screen fully inoperable or BSOD's you, Power Shadow completely restores the previous setup saving you a ton of possible misfortune. That mystery app is indeed a true life preserver for a system, at least where my testings are concerned, because once a malware snags your kernel in an unfashioned attacked meant to take your system completely down, Power Shadow rescues you from certain frustration.
I just experienced that event first hand and am now glad i didn;t take chances on depending on something else to bail it out of certain malfunction.
I think Easter's strategy is to cover at least every handle in the SDT table and he does not mind overlapping functionality.
Indeed and i have no fear of it either as long as no two hookers vie for a single instruction line which doesn't seem to happen. I'm no code specialist in that Table but from actual experience i've not once encountered an overlapp where competing apps disagree over the same hooks which could possibly force a BSOD or other. I can't expalin why but i know there are some code experts here educated enough in this type of code section who could offer a reasonable explaination to that type of mixing of HIPS/Hooks apps. I imagine it would be of some interest to many of us for a better detailed reason why they can cover alongside each other while still protecting those vital areas of potential misuse.
BTW, Cyberhawk seems to have returned to it's former self and intercepts instantly when both System Safety Monitor and Spyware Terminator are allowed passage of malware, not all, just the ones i been able to form an initial opinion on so far.
I wish i could attach .csv logs because they are so much neater in appearance to review but have to settle for .log format. These are my results from the same collections. Hope they make some sense for you. The first is with AVG 7.5 followed by SAS but the format is horrible and probaby not interesting to read.
Don't take my other post wrong, i'm really amazed. You got some pc management skills
I'm curious about another thing: SSM is the one that alerts first?
Is it always one of them that alerts first, or it appears to be random?
Actually I am running KIS, Avira, NOD32, Outpost, A-squared, AVG AS, SAS, DW, Sandboxie, SSM all in realtime. They don't crash or hang the machine but I am not sure whether there are any "unseen" conflicts or not. Maybe I will give CH a try too.
I am going to find time to study this hopefully at some point to better clarify that behavior, on this unit anyway XP Pro SP!, Spyware Terminator is "first" to alert followed by "System Safety Monitor" when testing demo malwares. That needs to be clarified because real malware might be picked up differently from another source like CH, or SSM. Theres never enough time to do it all because i have to sleep at least a few hours
But that's the order of motion i found so far, ST,SSM, then Cyberhawk, which by the way seems very good now compared to previous versions and i do run all 3 "resident" HIPS, i don't think you could do that safely with an AntiVirus because they have more activities to have to work thru such as unpacking and signature matching.
Oh, Cyberhawk's community sig matching capabilities still are accurate enough and seem up to task when whisking away to quarantine some match.
Again! I wan running Opera USB ( version 8.54 build 7730) when I received the alert from CH that Opera is logging keystrokes.
I think they again broke something that was fixed in last vesion.
There seems to be a conflict with SnoopFree with this new version which I wasn't having with the old one
Each one is trying to reconfigure or terminate the other. In the meanwhile ProcessGuard is stopping this from happening
Kerio was behaving suspicious too. My firewall!
I also use Snoopfree too with no problems whatsoever. Different configs behave differently depending on which security programs are compatible or not. That much is been made clear to all of us by now.
I got no ther issues so far with all my setup in the sig.
One more Keylogging alert for VirualBox!
Overkill. You only need one AV/AT/AS in real-time and even that trio can be too much. Try disabling some of the running Monitors and see your computer speed up!
Back on topic; I found the new version of CH causing freezes so uninstalled it.
Anyone using BOClean with this version? Do they get along?
Seeing BlackCats post this is exactly the type of thing I don't want to see, which is why I have been so cautious about installing CH
lu_chin? I admire your guts and the courage to push the envelope as far as possible as the system can handle.
Still with all the assorted programs for security when i go bot hunting i use Power Shadow. Right now i don't have the stomach to encounter some new snake that might bite the wires off my only machine. The other machines won't be available untill April, then i can loosen the grips some.
Now on the other hand you take a fcutdat who goes headlong naked as a jaybird into a nest of bots and thinks it's hilarious to pick up all those pieces. Gotta hand it to him, he's definitely a champ in bot hunting bare bones.
I will the day i don't depend on a single machine for all my important duties.
I will like to know if anyother person is also getting false positive keylogging alerts with this version.
The latest version (2.03) flagged Outpost Pro 3.51 as a keylogger on my wife's machine.
Separate names with a comma.