Playing with Cyber Hawk

I just ried keylogger test from sysssafety. CH blocked all 4 methods of keylogging.( OT- GW blocked all 4 as well).

 

I agree with you aigle, and I'm sure WP Free would not have detected the Keylogger test. I did mention though, that WP asked if I wanted to allow the two dll's that I imagine were needed for the Starware ToolBar to install, and CH didn't pop up an alert. This simply just made me wonder if CH should have also detected them. It must detect some IE changes though, because remember it alerted me to something being triggered by IE after the Explorer Bar was installed and i was fooling around in IE, and once before when I originally found it through an AVG Anti-Spyware scan and Quarantined it. I'm just curious about the whole thing, that's all.

 

Hi, folks: hi, aigle, you are absolutely correct about the comparision. I really can not compare apples w/ oranges. Indeed there is a need for BOTH to stay together. I would assume that one is local sheriff's break-in squad, while the other is FBI's major crime division. Upto this day, I still feel very uneasy about Novatix's policy regarding this: No participation of community, no sharing of privileged info. Since CH is a behaviorial blocker, not a signature based, why would they require users's info input(or should say users's voluntary participation), for info profiling or habit analysis ? Think about this: If, only if, KAV or NOD32 would ever ask your participation of this sort, what would be your prompt reaction and subsequent action? IMO, folks at Navatix do owe us a fair explanation.

 

Hi Perman, I hope this clears the issue of what and why we collect the information that Cyberhawk does.


http://www.novatix.com/Privacy.aspx

 

Hi, folks: To whom this may concern( just because no name has been inserted in your reply!). I read before and just read again. What you are doing upto now does remind me of my home 's security firm; they want to know every move I have made to trigger that false alarm, I mean every move.Just to strengen your signature base. forgive me, in your polished privacy policy, you never mention a word about "behavior". We, on this forum are lead to believe CH is a behaviorial blocker, and nothing else. You know better well than I do, trust is the core essence of doing good business. Best regards,

 

National Guard? More like a troop of Cub Scouts, perhaps.

WP might spot an exploit developed by a script kiddie, but its process-watcher is rather easily fooled for it lacks hashes (AFAIK) etc. Still, I agree that WP is a whole bunch better than nothing.

By the way, whereas WP's free version mainly uses polling, its Plus Version does not. It uses hooks (of a sorts) that aren't equivalent to a kernel hook but still enable WP Plus to respond MUCH faster than a polling app.

 

Hi, folks: hi, bellgamin; thanks for the clarification. We do agree on one front; WP plus does have its true value to be around.

 

CH is not designed for that!? So it's designed for what!?

I believe that new services could not be detected (that it's very bad), but it should detect the rest for sure!

 

WinPatrol Plus doesn't use polling!?

Since that version!?

 

I don,t think it should detect all new services.

 

Hey everybody. I first want to say that I really believe Cyberhawk to be a fine and improving software, and will keep using it. I also understand the comparison between it and Arovax Shield or Winpatrol is apples and oranges. Remember also that I am using AVG Internet Security Suite 7.5 which only found the ToolBar in a scan and not in RealTime, but maybe like some are saying about Cyberhawk, it isn't suppose too. The thing is that, CH did pop up an alert at various times about IE triggering something (I can't check what it was, as I'm not on my PC right now) when I was either Quarantining the Starware Adware, or opening up IE and clicking on the ToolBar for a search or something. If it did then, then why didn't it when I tried to install it? Am I making sense here? It alerted me a total of 5 times about IE triggering something, after it had already been installed, but nothing before. Apparently it has some kind of capabilities for Browser changes right? I have now asked at least twice about this, and I haven't seen a response from CH Support yet, with at least some questions for me to help them with something that I believe should be detected by CH. Time will tell I suppose.

 

U should post on their site, at support tickets.

 

I am also somewhat concerned about exactly what data Novatix is gathering and when ...
Cyberhawk 'Security Status' permanently shows us worldwide counters for 'Events' and 'Programs' examined ...
On the other hand, why on earth is update checking disabled if we choose not to participate in that mysterious 'Secure Community Protection??

I remember I read on another topic someone complaining about CH slowing the system to a crawl.
Well, I have found one nasty interaction: when PDEngine service (Raxco's Perfect Disk Engine) is running, CH jumps to 15-25% CPU usage with peaks up to 70% every minute or so.

Has anybody else noticed this as well?

Another unpleasant issue with CH is that there is no way to stop/disable its service, only by uninstalling the whole product!!!
There should really be an option to do it!
Now, if I want to run Perfect Disk without hassle I will have to uninstall Cyberhawk first??

 

have you tried right click on Cyberhawk icon > suspend .

 

Yep, it does not stop the service... and it keeps interacting with PDEngine.

 

Just want to say that, CH Support has contacted me and their resident Malware Expert is going to get back to me about the Browser change detection.

 

Here is the site that explains about the changes which invoked real-time monitoring in the WP Plus version...
http://www.winpatrol.com/whyplus.html?index

WP's new real-time monitor has the acronym "R.I.D." for "Real-time Infiltration Detection."

Below is a PARTIAL quote from that page. For more details, I suggest you visit their site...

Below is a screenshot of one of WP's configuration panels. Notice that it enables you to use polling if you wish (upper part of the panel) and to specify the interval between polls. OR it optionally allows you to select real-time polling, if desired (lower part of the panel). Each of WP's module's has a similar conguration option.

 

bellgamin,

if WinPatrol PLUS doesn't have polling, why it not immediately alert you about a new item?

You can also have a another reference by just have the startup items feature enabled and check the CPU usage of WP.

You should also read the Topic that I started, on WP forum, about that and see what Bill said...

 

VC, can you post the link to the discussion? thanks

 

about WinPatrol CPU usage

I don't remember if I already tested the v10, but I'm not interested in it...

 

I also think it should be optional. Anyway if some one is concerned, he can stop the updates and new versions can be downloaded and installed manually. I think there are no rules updates so far. Am I right?

This is another point to notice. BTW did u report this to them?

 

Cyberhawk and Winpatrol Free has been running fine together along with AVG Internet Suite. I'm not not sure I would need much else for protection. Maybe System Safety Monitor Free to protect them all, but I'm not sure that would necessarily be needed if CH would alert me to anything that would try to shut them down. Hey, does anyone know how to reset the Suspicious Activities Detection and Malware Blocked count? Maybe if I clear my Protection Log and reboot it will do it?

 

This feature is absent in free version but u can get this thing by PG free.

 

Thanks aigle, I wasn't aware of that. I wonder then, if I would need Process Guard Free with Cyberhawk for my safe surfing habits and with the other protection I have? Also, I wonder how CH would run with PG Free.

 

That,s a personal choice whether u choose SSM or PG. Also u have to find if both go along welll or not? May be someone using both can tell u.