Cyberhawk or Dynamic Security Agent?

Looking for thoughts/recommendations of Cyberhawk (CH) versus Dynamic Security Agent (DSA) as a complement for existing AV and FW.

 

I imagine (never used/tried it) that Primary Response SafeConnect also falls in this same category (behavioural analysers)?

Has anyone ever compared / tested them all?

 

Not that many users who have tried DSA.

https://www.wilderssecurity.com/showthread.php?t=156193

https://www.wilderssecurity.com/showthread.php?t=155550

https://www.wilderssecurity.com/showthread.php?t=134114

 

I have tried both, and have been using DSA for awhile. Many people have used Cyberhawk with no problems, but it caused lot of instability on my system and slowed it down to a crawl. Another issue is the lack of user control with the latest version of CH. On the other hand, DSA only runs a little over 3MB on my system and gives the user more input, although the older versions of CH allowed a lot more user control. In the end it boils down to what security areas the user wants to cover. For me, DSA covers the areas I want protected on my computer, without all the hassle of multiple prompts indicative of other HIPS such as SSM or PG. Nothing wrong with either of those programs (in fact, I have SSM free installed but don't use it) if you are a power user and want complete control. However, with all the areas DSA covers (along with my other apps), I feel I have pretty good protection. Really a matter of preference. For me, I like the fact that DSA runs smoothly on my system without causing the conflicts that I've experienced with other HIPS programs.

 

Thanks for the info, but you weren't too happy with DSA according to the view expressed by you as per your December 1st post -see extract above.
Have matters improved since then ?

 

I should have followed up on that post, but forgot all about it. Actually, I subsequently discovered the problem was not with DSA but with another security program that was causing some conflict with both DSA & NOD32. I uninstalled DSA and the problems persisted, so boiled down to a process of elimination. I think it was mostly a matter of two similar apps fighting over the same duties. At any rate, after uninstalling the suspected problem child app I reinstalled DSA and things have run smoothly. In my haste, I assumed DSA was the problem when it was not. At this point, DSA is doing a great job and using very little resources.

 

Can you remember which apps ?
Also do you think DSA has a place in my setup - currently as follows:

Netgear Router
Mainly use Opera Browser (95%+ of the time)
NOD32
AVG Anti-Spyware, real time (formerly ewido)
SpywareBlaster (for IE)
Spybot S&D (only BHO resident, not tea-timer)
Sygate PFW (free - no longer available)
Proxomitron

and on-demand:

BitDefender (free)
a2 (free)
AdAware (free)

CPU = AMD dual core 4600+ (64 bit)
Memory = 2 Gigs.

Thanks in advance for your advice.

 

From what i have read dsa is best used on a system setup thats not going to be changed too often.

 

Process Guard (free) was the problem child. I had read that others had run multiple HIPS without problems. However, those two didn't mix at all. I have come to the conclusion that running multiple HIPS is a waste of resources and can cause more problems than it solves. The important thing is to have all your main bases covered: Firewall, scripts control, virus detection, proper browser settings, process and app control, startups, registry protection. I would also add some kind of filtering system (such as using MVPS Hosts File) to filter parasites and other crapware.

Personally, I believe if you run Opera most of the time, that's going to take care of most of your problems, especially if you're behind a router. I am not - just have plain ol' 56k dialup with software firewall, and have been fine. Need to mention also that I am a low-rick surfer. With the recent changes to NOD32, you've got a good base. I've used Proxomitron but it really slowed my browsing down and had other problems with it. I now use eDexter which performs a lot of the same duties without having to go the proxy route. Also, if you were to use a hosts file, this method will not work with a proxy - while eDexter is made to work with your Hosts file (eDexter itself uses a PAC file which you can edit to block pretty much anything you want by URL or Domain).

The one thing you seem to be missing is a program covering application and process control. DSA would take care of that for you without adding a heavy load on your system. It would also provide you with registry protection, startup control, etc, and you would have all your bases covered.

Yes, it does get a little noisy when some programs are updated and change their signatures. Like most other good HIPS, it notices when any changes are made to other programs. A lot of nasty stuff likes to piggyback on legit programs, so this kind of detection is a necessity. Of course, it can be a real pain at times, but the other HIPS or HIPS-like programs I've used all give this warning. It's one of those things we have to put up with to be secure, I guess. DSA is no noisier in that area than SSM or even Kerio's behavior blocker.

 

Correctly configured Proxomitron helps a lot. See also this from http://mywebpages.comcast.net/SupportCD/XPMyths.html

At the moment my hosts file is simply locked (read only).

Like you I am also a low risk surfer, but intend to give DSA a try, in line with your recommendation and the good reviews on, for eg., download.com.
First have to image with acronis though.

Thanks and Merry Christmas !

 

Some do, but not all. Very few if any will modify restrictive ntfs permissions on the hosts file.

You don't put IPs in the hosts file only specific domain names, and it's unlikely a valid company will be sharing the same top level domain name with a spyware pusher.

I've had spyware/adware maybe once or twice in the past 4-5 years so it's nothing that concerns me but I do use a hosts file, mainly for ad blocking.

 

After encountering some problems with DSA, I felt the need to update and retract some of my previous compliments for the product. I don't believe these are system bugs per se, but it is the lack of control over the program itself that is frustrating me. A couple of examples:

After every boot, DSA gives me an alert that Firefox has changed. This is due to the updating features within Firefox. I have checked Firefox's update logs, and there is nothing amiss. Yet DSA gives the same alert on every boot.

Tonight I was receiving a constant message that a certain program (that was downloading an update) was using 3.6mb processor, departing from a previous use of 3.4% (detected as a system anomoly). It gave me three options, one of which was 'ignore,' which I selected multiple times. Yet, the same popup would resurface every few minutes - would click 'ignore' again, to no avail.

I realize that DSA is simply doing what it is designed to do, but the lack of rules, menus and application control is driving me nuts. While SSM is much more difficult to understand, at least it gives me the option of adding specific rules and control over my applications - and, in the end, more control over the amount of annoying messages I receive. For the time being, I have gone back to SSM, as well as have switched firewalls due to some other reasons that are irrelevant to this thread.

 

I would favour CyberHawk as add on to AV and FW, because you add a reasonable strong HIPS which is easy to use

When you want strong protection with the hassle that comes with it, best choices would be ProSecurity or SSM. DSA is like ProcessGuard a much simpler HIPS. DSA is a kind off add on to your FW. I for instance use DefenseWall as HIPS, use an inbound NAT-router firewall and use DSA as a simple, low resource process monitor, outbound traffic initiation controller. I choose DSA in stead of a classical HIPS or software firewall because DefenseWall is such a strong HIPS. I have used DefenseWall with SSM (works okay) and ProSecurity (1.0 relase gave a BSOD, should be fixed now). PS and SSM are 'better' process controllers than DSA, Comodo also is a better software FW than DSA with its simple TCP initiation control. DSA simply fills in some white spots of DefenseWall (because DW is a HIPS not a FW). The less overlap you have the less resources are used and lowest chance of incompatibility.

The choice should be made in the context of your other security aps and the level/effort of configuration you are willing to put in your security.

Hope this helps

 

Oh Boy ! This is a merry-go-round Glad then that I have not yet installed. M/B wait to test Cyberhawk's next final.

Go well in 2007 !

 

Hi, folks: Allow me to jump in. If DSA gives too many unnecessary popups and SSM is a bit complex for average joe to navigate, then, according to my own experiences, why not give ProSecurity a good try. Its free version may be just a right stuff for you. Good luck.

 

I tried ProSecurity. Was an absolute nightmare for me. Possibly a conflict with other software, I don't know. Gave me popup after popup and froze my system. It hosed my add/remove programs - added a bunch of stuff that wasn't there before, removed the "Remove" buttons from the Control Panel menus, so I now have to go into Windows Explorer and try to find an uninstaller for installed programs, since the add/remove options in control panel no longer exist.... I would never again load that program on my system. SSM is tough to learn, but at least you can control it, so think I'll stay with that.

Yea, you're right, and I'm getting rather tired of going around in circles. It just seems that as soon as I give a good review to a piece of software, it then starts behaving badly. I'm getting rather burnt out trying all of these different softwares in attempting to find the best combo. I think I've reached the point where I am just going to go with what has worked for me in the past, and forget all this other stuff. I haven't had any infections or even a tracking cookie for well over a year, so am just going with the basics again (with the exception of SSM). Am tired of all the reviews, hype & marketing balony. I have my bases covered, so am going to stick with it. Besides, if someone really wants to get into your computer, there isn't any security software out there that can keep them out. The new strains of malware can get through anything (including a sandbox), so smart surfing is still the best defense, regardless of what software is used.

 

I'm no expert, but don't you think your exaggerating just a bit? How many people do you know who can get past even your set up of ZA free, NOD32 and SSM? I think it's far more difficult than you suppose. If you have a fully functioning firewall alone, how is this super hacker supposed to find you?

While you may be correct that there is now malware that can get through a sandbox, I would think it's still very rare. I wouldn't mind seeing any links you can provide to back up this claim though on info about this super malware that can break through any sandbox or any other anti-malware defenses, that would be a very interesting read.

 

A little program from Nirsoft called MyUninstaller is what I use. It's much faster than the control panel and gives you more info.

http://www.nirsoft.net/utils/myuninst.html

 

.

I wholeheartily agree with that fact. CyberHawk was so exciting in the beginning and did a very effective job at intercepting and terminating intrusions but somewhere along the line of their improvements they have reduced confidence in it for many like myself. If i could get an older version i would confidently rely on it but not these latest releases that weigh down the system and remove control from the end user that used to be a helpful feature.

I', new to Dynamic Security Agent and enjoy what i find in it's abilities and likely will keep it part of the protection arsenal for the foreseeable future.

Works with SSM, Launch Monitor, and SuperAntiSpyware programs nicely. XP Pro SP1 box.

 

Yes, I have that program also. However, most of installed programs (including those pre-installed when I purchased my computer) don't show up in any add/remove menu, including My Uninstaller, CCleaner, etc. I have no idea what happened. The only thing I can think of is that something happened to the registry that altered it in some way. All of the programs are still on my computer and work fine - they simply aren't listed in any add/remove menu, period. The only programs that appear in any add/remove menu are those I have installed or reinstalled since uninstalling ProSecurity. Really strange.

 

Yes, it may be difficult, but far from impossible. You or I may not be experts, but there ARE a lot of experts in the malware business, and it IS a money issue for a lot of these businesses who make their living off of successful malware installation. There are a lot of people who make big bucks for developing crapware that gets through system security defenses. I have seen malware easily get through a system running exactly what I run and quickly destroy the firewall, AV and other security software files, rendering all of the security apps totally useless. This happened to a person who has never visited what we would call a "bad" site. The culprit? - an email worm that entered via webnail, without even opening an attachment.

I will try to provide you with some links, which are from some security journals and newsletters I subscribe to. Of course, as with any malware, those who surf the web wisely will most likely never come close to encountering this kind of scumware. However, those who are haphazard in their habits and visit crack sites and other bad places run the greatest risk. Also, this kind of malware is really just starting to surface. You can bet that the more success hackers have, the more of this kind of garbage you're going to see. It is a cat n' mouse game for a lot of hackers. Security software is developed, and a way to get through it is developed shortly afterward. Just look at how many Microsoft security flaws we are told about on Patch Tuesday every month. That is just the ones the good guys have discovered. How many more exist that the good guys are totally unaware of? Take a look at how many security updates Microsoft has issued in the last year, with each one being a new avenue that can be exploited by malicious people and software. It just goes on and on, every month. Do you know how much money these companies spend simply on research on methods to compromise security defenses? Millions! I wish I could remember the reference, but there is twice the money being poured into malware development than there is into security development. Why? Because a heck of a lot more money can be made through thievery than by selling security apps. Yeah, it's not right, but it's the way things are. And I know from working at a high level of law enforcement that there are far too many gullible people out there who are totally unaware of the dangers inherent in a world-wide communications system. The truth is, there is no such thing as a secure system, regardless of the software used. The best we can do is attempt to be as careful as we can.

 

As an aside and somewhat off-topic, have you tried a small app. called Erunt ? http://www.larshederer.homepage.t-online.de/erunt/
It will backup and restore your registry even when Windows doesn't load. Before trying out new software, I always backup the registry first with Erunt, then if things go wrong I uninstall the offending prog. and restore the registry. If you can't boot into Windows or safe mode you can restore the registry using the recovery console on the XP CD. Have you tried a system restore to get the Add/Remove stuff back ?

 

Excellent Reg Backup Program! Have mine set to Auto-Backup in the Start-Up Folder each time the machine resets. Thanks for the tip on recovery console even though so far not had to resort to that yet but is good to know it can be reached to restore a good reg in case something fouls up matters as can be the case.

 

Presumably these 'businesses' earn more the more machines they infect.

If that is the case why would they bash their brains trying to break through the defenses of a ~snipped~ wilders member, when they can easily infect millions of other easier prey? How likely are they going to create specific counter measures just to get through some obscure security feature
used by used obscure HIPS (like SSM) ?

True, and there are really skilled hackers who are for hire against really high value targets. The average Joe isn't likely to draw his attention unless he is really unlucky....

unnecessary personal remark removed - forum staff

 

Hello,

KDNeese, going in like a horde of Cossacks might not be the best idea. If you disable all security software on a victim's comp, he might get a little suspicious, won't he? Sounds much better to infiltrate sneaky-sneaky-like and slowly leech the resources. That's my criminal slice of mind at work here.

Secure system? Yes you can have it. It's the matter of perception. What is a secure system? One that allows you to do what you want. As simple as that. And apropos 100% security - even in life, you can end up dead from a brick falling off a building as you walk the street. Chance of that happening? Very very tiny. Does anyone go with helmet against such a chance? Of course not.

So 100% security means security against reasonable scenarios. And unlike in life, you can always: reformat, reinstall, even buy a new computer. At most, it is a temporary matter of time and money. So in a way, you do always get a second chance at computers - unlike real life.

So why should you go crazy over computers? Security? A reasonable setup, a bit of education and common sense. That's what will keep you within the reason limits happy and safe.

You want to go to extreme? A stranger might enter your house while you're at work, boot from CD and infect your PC locally. How about that? How many people have their machines protected from local abuse? Can that happen? Sure! Why not! There's no 100% security!

It is possible to record the EM from your screen or bug your Internet line. How do you protect against these? After all, they are possible. No 100% security. And so on.

Just enjoy the computers.

Mrk