Playing with Cyber Hawk

Yep, just filed 3 support tickets a while ago : CHservice termination, Issue with PerfectDisk and Privacy/updating concerns.

 

Yes, BTW I have disabled community participation and automatic updates until I am satisfied.
I am more concerned with the Filetr Driver they install. See the pop up in my first post in the thread. I have not seen any of software installing such driver so far. It means all my passwors etc are filtered by CH. How I can know this data is not being transferred or can,t be transferred? Anyway I will keep auto updates and community participation disabled until the matter is clear.

 

Hmmmm... also disabled and checked in Jetico that, even with the Community participation disabled, it still tries to phone home to Novatix server, at least everytime you open the control panel and does update the global counters, what for when we just do not want to participate (or even hear from it)? ... this sure sounds cheesy...

 

I disabled both and my firwall did not gave any pop up. But when I opened user interface and clicked the counters it tried to connect, but I will see if u don,t open the interface does it tries to connect or not?

 

Nope, no connections tried but on opening the user interface (which should not happen either).

 

Ooops................ As soon as I had posted this, received a notification from Jetico on CHService trying to connect...
So, not only the GUI is calling home but also the service itself as well!!!

 

No offense V C but that post is waaay out of date, & was a bit *convoluted* even at the time it was initially posted. I'm not a member of the WP cheerleader squad (my legs are too hairy) but what it does, it does fairly well. It is NOT on a par with kernel hookers such as SSM, CH, PG etc., but it is a whole hundred yards faster than a straight forward poller such as MJRegWatcher.

 

When I posted, it made all the sense, because it didn't worked well.

And I doubt that it still not use polling.

But like I said, I'm not interested on it anymore because I already found something better.

 

Checked in Jetico log: it is attempting a connection to Novatix server every 4 hours.

 

Hi, folks: This is much worse than what I originally worry about, AND this is never been revealed by vendor in their so-called Privacy Policy (very much polished). A sad downturn for them.

 

Hi, folks: You mean this is still happening after disabling Community Paticipation? It does puzzle me though, A PM from someone in their QA told me that if that feature is turned off, then none of your personal info etc will be collected. Whom do you believe now.

 

Another bad news: upon system restart, the 'Community participation' will be re-enabled (and there it goes trying to phone home at once)...

Perman, they could be connecting home when participation is disabled just to give out the up-to-date values for global counters but that should be explicitly assured!

 

Yes I noted all these too. That,s too bad. I will write some good stuff to them soon.

 

Exactly what does what I have read about CH contacting Novatix mean to any of us using CH? Is all of this implying that someones Bank Accounts can be compromised or something? I'm not saying I feel comfortable with the fact that by turning off the Community Participation it doesn't stop the phoning home, and I did notice after rebooting the services are once again enabled, but what does this prove? I'm not defending Novatix, just wondering how concerned I should be about all of this. Please don't anyone take offense with my questions, but hasn't Novatix been in business for awhile and deemed a trustworthy company? To be honest I have never checked them out, and so I really don't know. I do know that Comodo was accused of something like this not too long ago, and so far it has proved to be nothing to worry about. I guess I'm just looking for some clarity as to how concerned I should truly be about CH trying to connect to Novatix. Thanks.

 

No accusing but all these things must be optional. If I turn off updates and community participation it should remain so. Why they want to turn it on with every reboot? Not a good practice at all.

 

Excellent question!

To all those who have expressed concern about possible *dangers* of allowing CH to have internet access in order to participate in community --

I have posted a new thread at the Wilders firewall forum in order to describe the *privacy issue* involved in participating in community-based HIPS. I have also asked for advice as to how to reduce the risks of such participation without having to OPT-OUT of community participation.

You might find that thread interesting. I do hope that you will add any comments to it that you feel are appropriate.

 

Hey everyone. Just wanted to show the events from my Protection Logs in Cyberhawk from installing Starware ToolBar now, and then that way next week when CH Support checks this thread they will see them. First log reads. Browser launched (Allowed) triggered by AU_EXE. Second log reads. Explorer Bar installed (Denied). I received an alert and denied, however it still installed. After uninstalling Stareware ToolBar completely (add/remove programs, ccleaner. Installed Starware ToolBar again and got third log which reads Explorer Bar installed(Allowed). I didn't receive an alert this time though. As I said, WinPatrol Free which we acknowledged is for something like this, asked and then stopped the Toolbar from installing in IE when I hit deny, and also asked to allow or deny two dll. exe's, which I of course denied. I still had to remove Starware Toolbar from add/remove programs though, and run ccleaner again. Not sure how important this all really is as CH did well in the AV Comparitive Tests that we mentioned, but I would like to get alerts from it for any Browser changes, including FireFox which I use. Like for example when Yahoo tries to change my default settings. I understand this may not be necessary though, and wonder what anyone else has to say about this and everything else I posted here. Take care everyone. A P.S. To CH Support. I tried to P.M. you back, but I couldn't as it said something about "not being a member" Anyway, I appreciate your response to me, and I wasn't trying to imply you were ignoring me, or this particular issue.

 

I've found that running a scan with Antivir makes it ping CH such that my processor is running at 100%.

As I can't make antivir an exception, I removed CH.

I'll wait til the paid one arrives and if it is cheap I'll try it.

Advice please: I am running LnS, Antivir free, WP Plus, and Snoopfree. Anything else I should consider that's free/cheap and light. I like behaviour-blockers that kick-in when something is happening as I don't want to try changing the kids' PC behaviour.

Thanks
Ian

 

I got an email from CH support yesterday saying that there was a new version that should fix the issue I had when I tried it way back late in July I think it was. Support suggested I try this version and let them know if it did fix the issue. So I installed it a few hours ago. It does fix the issue I had which was an incomplete GUI due to my using 120 dpi. I couldn't use that early version at all since I could not interact with the GUI. This latest version 1.2.0.39 has a very nice GUI that I enjoyed interacting with.

I, of course, unchecked those boxes about community participation. I assumed that was it...no spying/calling home if I unchecked those boxes. I am really disappointed to read on the last page of this long thread that CH apparently has serious privacy issues. I don't have Process Guard installed on this virtual machine or I would have detected it calling home. I made a snapshot just before installing it. I'm going to revert now to the snapshot. It is very sad to see an application that has such great potential (especially for average users for whom I would have recommended it..I didn't want it for myself...just wanted to test it) shoot itself in the foot over privacy! I won't wait for any official imput on this as I am very unforgiving when it comes to my privacy. I will not recommend this to anyone and it will be a long time, if ever, that I try it again.

 

Has there been any answers to the privacy issues with CyberHawk?
Seems like this is a heavy topic and I dont see any responses from the support group of CH like I did earlier in this thread or is this a private matter ( no pun intended)

 

not but im interested in their response to the posters observations about privacy. if theres any thing to it. im not crying wolf at the mo . i would like to hear more.

 

I have sent a PM to CH support( Kurt) with these points with reference to the thread.

1- Why it is necessary to turn on community participation to get updates?

2- What is this filter driver installed by CH? It means all my passwords and secret data in passed through this driver. How I can be sure it is not leaked?

3- Why is that if I turn off updates and community participation, even then CH tries to phone home.

4- Even if I turn off Updates and community participation, on next reboot they are turned on again. Is it something that I should expect? Why the decision is not in my hands.

If u people want to add, u can post here ur points. I hope they will reply.

Thanks

 

I'm also interested in hearing about this issue.
In my opinion it seems as though the CH support team was quick to respond to the other issues in this thread but with the privacy issue they are not so fast to respond which, again in my opinion, makes me second guess CH.
Maybe this is something that shouldn't be openly discussed and thats why they havent responded, who knows, but this is a very interesting subject that has been brought to everyones attention.

 

I have uninstalled CyberHawk for the time being, until further proper clarifications are made by Novatix.
Before removing it, I looked at and kept a few mysterious files saved by CH at /Documents and Settings/Application Data/Novatix/Cyberhawk, and here is a brief list of what they look like inside:
- Component.db : an exhaustive list of .exe and .dll files from Program Files and Windows folders....
- Counters.dat : hexadecimal content appearing to be the values for the counters showed on the GUI
- General.dat: looking like a table for error / troubleshooting messages and parameters... inside found this odd whole new concept:

S t u p i d F i l e s � T h e s e a r e s t u p i d f i l e s t h a t s h o u l d n ' t b e o n y o u r m a c h i n e t o b e g i n w i t h !

LOLLLLLL

- Ip.dat : list of .exe files, that have run (since system started??)
- Originator.db : list of files (created?) and program originating (creation?)
- Specific.dat : apparently empty or binary
- StartMenu.db : another list of .exe files, including many from Windows/Installer folder
- Uninstall.db : list of installed programs - apparently incomplete, only office and .Net framework v. 2 listed from Microsoft, maybe only from msiexec install shield...

 

Hi, folks: CH is a privacy invader? Facts and evidences compiled so far do indicate so. But why on earth not a single AV,AS app has singled it out? Why? and why? Are they also a member of that secret Community?