Rootkit Hook Analyzer and Antihook - comparison?

Discussion in 'other security issues & news' started by xylophone, Dec 4, 2005.

Thread Status:
Not open for further replies.
  1. xylophone

    xylophone Registered Member

    Joined:
    Nov 27, 2004
    Posts:
    10
    Both are free and both are eulogised according to websites you visit. How do they compare? Is one better than the other, and why?
     
  2. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    I like antihook more.
     
  3. xylophone

    xylophone Registered Member

    Joined:
    Nov 27, 2004
    Posts:
    10
    Why is that, Fernando?
     
  4. tunnelvision

    tunnelvision Guest

    RHA just scans for a kernel hooks that could be the indication of some rootkits/malware. AH does far more, it blocks the install of rootkits and other malware, e.g. blocks the install of kernel drivers, blocks dll injection, prevents the shutdown of your other security programs (firewall, antivirus) etc etc.

    I would go with AH myself, if I had to choose just one. But AH is an advanced tool for security geeks mostly, and not the mom and pop (newbie) friendly tool like your antivirus is. You really have to know what your doing with either program to gain any real benefits. Too bad, because it would be great if such tools were more newbie friendly.
     
  5. xylophone

    xylophone Registered Member

    Joined:
    Nov 27, 2004
    Posts:
    10
    Thaks for this. Just what I wanted to know.

    I run XP Home, Outlook Pro, NAV 2005, Spybot S&S, SpywareBlaster, Spywareguard, Ad-aware, Microsft Antispyware and Antihook.

    I understand the 3 S's and Ad-aware desal with stuff that is already on my PC, whereas Antihook stops it getting there (if you respond appropriately to its warnings) Is that a fair resume?

    Are any of the above simply duplicating the others. E.g. Nav 2005 contains a real-time protection, as does MS Antispyware, to the extent that they should be discarded. It is normally the case that you are advised to keep a number of malware/spyware/anti-trojan applications running, as they can overlap. My concern is that they might start falling over each other's toes, and causing or raising the possibility of conflicts. Your comments on these matters?
     
  6. tunnelvision

    tunnelvision Guest

    Yes. That's correct. Because if you allow something through AH, your other scanners are your last line of defense. So with most HIPS type programs, I feel other scanners are still necessary at this time.


    Too much protection can be a bad thing, I agree, but it doesn't look like your too overloaded. The genaral rule is only run one realtime scanner for each category, e.g. run one anti-virus realtime, one anti-trojan realtime, one Anti-spyware realtime etc...but some overlap is ok and many of these programs still can cover areas others don't, even if they're both in the AS category. But you can still have more than one of each scanner type on your system, just don't run them together realtime.

    You could shut down Spybot's tea timer, if you are running MSAS realtime, because there is a lot of overlap there. I'm not a big fan of SpywareGuard anymore, it needs an update badly, and with the other programs you have, you don't really need it anymore. With AntiHook you don't really need much in the way of antispyware scanners running realtime. But I still like to run MSAS on my system along with AH.

    One thing i'm not totally sure of is the exact areas of the registry AH protects against, but it is minimal, so you may want to consider some type of reg protection. MSAS and tea timer do have some basic reg protection too, but depending on your degree of paranoia, you may want to look into something more comprehensive. RegDefend is one possible program, but it's not a freebie. A good flexible free program is MJ Registry Watcher. Of course a new version of AH is due out soon, or so we're told, so it may cover more in this area. Best of luck.
     
  7. xylophone

    xylophone Registered Member

    Joined:
    Nov 27, 2004
    Posts:
    10
    Thanks again. This is the first time I've had the benefit of such comprehensive advice re what I have on my PC. You answer my questions (how many respondents do that!) and authoritatively. Wilders and Castlecops are wonderful sources of information.
     
Loading...
Thread Status:
Not open for further replies.