Cyberhawk Security Software - public beta

Discussion in 'other anti-malware software' started by wilbertnl, Jan 30, 2006.

Thread Status:
Not open for further replies.
  1. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I got the impression that WehnTrust is focused on vulnerabilties of the binaries, like buffer overflows. It does not monitor changes of startup entries in the registry, for example.
    Maybe you shouldn't compare these two products.
     
  2. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    It seems on the outside that Cyberhawk is much more advanced . And very different . I agree ! They should not be compared
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,127
    Location:
    The Netherlands
    Looks like a nice app, I like the GUI. I agree with some other posters that it is important to have absolute control over what the app exactly does. Btw, is there any news on conflicts with other apps, so far? At the moment I run ZA Pro and PG free, TIA for any info. :)
     
  4. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    It doesn't conflict with PG, but there's a little bit overlap between them: CH does detect thread and data injection into processes.

    I've not got any conflicts so far (just recursive popups for some events, there was something wrong, but that proved CH is stable, because it didn't crash when I've suspended its protection, while popups were continueous).

    Cheers,
    nicM
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    My thoughts on such products can be found HERE. If you put a sniffer on it, it looks like it's just sending a CRC hash of the file, which isn't real strong, and won't catch polymorphic code the way Prevx1 can (I asked during the beta when I had some concerns on the matter). I wouldn't expect it to stay the way it is now if they really have a focus on usability, though. It's probably worth noting/repeating that Prevx moved away from this kind of app after finding out that it simply wasn't working, and put a lot more focus on the community aspect. Not bad for what it does, though :)

    It seems strange, as I do more reading and listening to security podcasts, I'm hearing a lot more about the need for proactive apps, but that HIPS aren't reccomended due to usability issues, and that they need to mature.. as this becomes more prevalant, it seems like more plain behavior blockers are coming about. I do look forward to seeing how it progresses, though, and seeing who can offer a real solution for the average user.
     
  6. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    As I have yet to try Cyberhawk , I must say I cannot really comment . However , I thought CyberHawk and Prevx overlapped . NOT that Cyberhawk is using a separate technology .
    Very interesting . I will still try it out but , I like Prevx . I will also watch the progress of this .
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    I think both programs aren't so different on this point, since CH's "Community Protection" seems comparable to PrevX paws; it's described as follows: "any time a suspect rule is triggered in CyberHawk, information related to this event is automatically reported to Novatix for analysis through a secure and anonymous protection [...] allowing CyberHawk to create new rules which block this threat [...]" (in CH GUI).

    I've seen somewhere (don't remember where) that it's aim is to create new rules for threats, but to decrease the prompts users will get too, by preventing "false positives". Then usability is not put aside.

    I did try to run some leaktests, to see what CH is able to intercept, and if it didn't block all code/thread injections, it did block most of theses. But that's just one side of CH protection, since there's no description of all its features yet, there's more to discover I guess :) .

    Cheers,
    nicM
     
  8. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    has anyone else had problems with the gui tabs (like rule settings) not working? I heard from another thread that this might be due to mshtml.exe being blocked, but I don't see why it would be blocked on my pc.
     
  9. controler

    controler Guest

    Hello

    I would also like to see a way to save the event log.

    So far it has denied the creation of DivXsm.exe in my system32 folder
    and denied the altering of LSPS triggered by googledesktopsearchsetup_EN.exe
    while installing WinDVD 7.0 trial.

    controler
     
  10. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,304
    Is this a program that the average user could install and generally forget, or is there enough tweaking needed that it is not for average Joe at this time?

    Thanks,
    Jerry
     
  11. Heco

    Heco Registered Member

    Joined:
    Mar 8, 2003
    Posts:
    264
    Location:
    Provence, France
    After having run Cyberhawk for nearly 3 weeks now, i have noticed the following:
    - CH conflicts with DefenseWall. No possiblity with CH installed to run any untrusted applications in the trusted mode.
    - The booting time is significantly increased.
    - CH conflicts with the scheduled startup of any screensavers, with a BSOD as a result.
    - Some icons often disappear in the task bar near the clock.... especially the one of NOD32.
    - Incompatibility with imaging softwares (RollBack or Deepfreeze) or sandboxies.
    Maybe this report is specific to my system...
    Has anybody else encountered the same problems that are completely solved once Ch is uninstalled?
    Cheers,
    Herve:)
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Salut Heco :)

    I don't have this problem at all here. More generally, I've not noticed any slowdown since I've installed it.


    No problems with logon.scr neither.


    I run it with TI 9 and BufferZone: nothing special here too.

    It could be caused by a conflict with some of your other software o_O


    According to what developpers said, I would say it's a HIPS but on the "easy side", user-friendly. It's up to you to add your rules, default protection is working "out of the box".


    Did you add a rule to protect System 32, or .exe creation in system32 was prompted by default?

    Cheers,
    nicM
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,127
    Location:
    The Netherlands
    I´ve installed CH and it didn´t seem to do anything, maybe I should have rebooted first? But anyway, I also do not like the GUI (important to me) and I might try it again some time but first impression (another important thing) was not positive. :cautious:
     
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    Funny, I must have tryed it half a dozen times, but all i get is a error on page. Is beta limited to a certain area or something?
     

    Attached Files:

    Last edited by a moderator: Feb 7, 2006
  15. monsunami

    monsunami Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    29
    Location:
    USA
    Tried it. Feels like alpha more than beta to me. After install, system went down the drain. Slowed my computer to a crawl. Even made taskbar non-responsive. Had to wait to do anything. Even tried to start a program then I get BSOD. I rebooted and startup takes ages. The Cyberhawk software icon appears on taskbar but disappears soon after. Looking at the taskmanager, I found out one of its processes immediately shuts itself off. After another reboot it had a dialogue box asking for permission for the program itself to run. It labeled, logged, and sent info that itself was a suspicious activity :rolleyes:

    This was the worst HIPS program to run on my computer. I tried PG, prevx, anti-malware, and few others and never had this many problems.
     
  16. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    CyberHawk beta 1 has now be updated to beta 2.
     
  17. melvin clark

    melvin clark Registered Member

    Joined:
    Feb 12, 2006
    Posts:
    1
    never know it is installed.runs with firefox,thunderbird,zone alarm,[free],avg,ms spyware, i think it is great. no problems at all. thank you melvin
     
  18. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    Process Guard doesn't like Cyberhawk. I put PG in learning mode, I get pop-up saying hawktask.exe was blocked from reading proguard.exe, I disable PG I still get pop-ups saying hawktask was blocked from reading proguard.exe Then I disable Cyberhawk too. I still get pop-ups saying hawktask.exe was blocked from reading proguard.exe. 6676 error messages and still going. Until this is remedied I have to remove cyberhawk. :mad:
     
    Last edited: Feb 13, 2006
  19. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Carver, just add Hawksvc.exe and Hawktask.exe in your Protection list, and give Hawktask.exe Terminate, and install Global Hooks flags, over the default flags: all should be fine then :) .

    Cheers,
    nicM
     
  20. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    Ok, done. Interesting, I no longer get the pop-up hawktask.exe was blocked from reading proguard.exe . Now I can't access the application and it blocks my net connection and breaks my wireless bluetooth keyboard conection.
     
  21. EASTER.2010

    EASTER.2010 Guest

    Hmm, interesting that i haven't YET experienced any serious issues that i would normally grouch about. I hope i don't discover any after encountering what i have with some others.

    So far as basic hook injecting system-wide directly into any random process CH intercepted things pretty well, this also goes for simple Trojan Simulation tests and the ole zapass injection technique on my machines (XP Pro), however it certainly didn't cover injecting a new service, SSM picked up on that one in my tests.

    Also CyberHawk jumped up again on attempted DLL injections. I had to allow SSM to allow CH to terminate which it done so with dispatch & courtesy. LoL

    What i find strikingly odd is that CoreForce in all it's power even failed the first line of GhostSecurity Regtest for me even after i had applied a new rule to "ask" first.
    CyberHawk jumped up a stink the second i even clicked on it! After allowing it's easy pickings but still CH alerts yet again at the tail end of those 5 reg lines modifications.

    I'm also pretty pleased with the fact that Cyberhawk done an excellent job at Thread Injection prompting too, that is when something malicious tries to slip a thread into another working process.

    I guess what i admire most with CyberHawk so far is that under severe bombardments it didn't crash on me like say CoreForce did or stall like Sandboxie done and some others. I don't know for certain what "Powered by Novatix's patent-pending ActiveDefense™ technology" is supposed to mean, but on average at least in my testings so far it's proven worth the time and effort to check out and perhaps even keep?

    It's worth noting that SSM and CH work alongside one another comfortably with no system impacts on resources or otherwise,.....that is so far.
    Just to add in reply to this, another item which was encouraging to me anyway was that the install didn't require a reboot to set itself. Now to me that's something worth some points in the plus range too.

    What IS missing in this program is a FULL Directory Tree List! It seems you can only drill down to under some Programs and not various sections such as in my case desktop programs. Still i give this one a thumbs up and a welcome relief over my other testings when it comes to reacting to threats. At least the ones i placed on it.
    Maybe perhaps adding a right-click context selection is in order for choosing those favorite applications to apply those rules on.
     
    Last edited by a moderator: Feb 13, 2006
  22. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,107
    Location:
    South Texas, USA
    Has anyone installed cyberhawk and then have a BSOD right away after you click finish, then windows not booting up. I can't seem to get this program to work even on a saved image with no other security apps installed. Anyone know if this is a known issue. Even in the article in PC World about cyberhawk, the comments show the same error I am getting while installing. On my current setup, when I tried to install it along side my security lineup, before the BSOD, I saw svchost.exe crashed, don't know if that helps any.

    dja2k
     
  23. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    i cant help with the reason why this is happening to your pc however I do not have any issues with cyberhawk. Iv loaded it and unloaded it from time to time with no hassles. have you contacted them about this? as they are real keen to hear about any issues .
     
  24. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,107
    Location:
    South Texas, USA
    Just got back a response from Support at Novatix and it so happens that the problem I was having was due to Online Armor AV+ KLIF.SYS file which doesn't work with cyberhawk at the moment. He was able to reproduce the same exact problem I had. So I am guessing for now, any kaspersky based AV will not work along side Cyberhawk.

    dja2k
     
  25. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Just for the avoidance of doubt: I have nothing against Novatix (apart from their advertising ;-) but CyberHawk simply does not properly work yet.

    http://img287.imageshack.us/img287/2520/cbh9nr.png

    The problem is caused by the rules of the IDS. You may THINK that they are great & sophisticated. In fact they are VERY BASIC. Too basic. But this will hopefully change.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.