Antihook and CFP only

[Guest]

[carioca]

 
Is It possible to use CFP with antihook only? I mean without antivirus scanner? Your system will be without fooprint and you get rid of hog antivirus that eats your ram memories at all. Best Regards.

 

"AntiHook is what we call a next generation security software, mainly come to add some horsepower to our weak AV, however can even (carefully) installed without any other Security software (maybe only personal firewall), the main idea behind AntiHook is that anything and everything can damage your OS, so the software basically catch every move in the system, from DLL loading, Global Hooking and even Driver installation, many things for such a small software about 1.5Mb.
Many people like to refer to this kind of software in the name HIDP, cause it can prevent intrusion attempt locally from Download files and anything that tries to resident in the computer.
Many times I have encountered such kind of programs and mostly they have the same problem, Management , is becomes a hassle to work with the computer that every time an annoying alert (popup or some kind of message) comes and ask you a question regarding some operation in the system, many times you don’t even understand what is going on.

Lets see how does AntiHook is dealing with this issue along with keeping the security level is high has possible."

[endangeredfrog]

I have used Antihook for a while but have been rather disappointed by its performance. For more info see my posts here (look for Antihook 2.6 and 3.0) : http://www.download.com/3642-2239_4-2677613.html

While HIPS are an excellent addition to your collection of security software, it can never, in my opinion, replace the AV scanner. This is because it is difficult for the user to differentiate between a malicious and legitimate application. For example, a game might load a driver / service as part of its copy protection mechanism but this could also be a rootkit.

Finally, malware can still run and cause damage even with a HIPS. This is because, a HIPS only detects elaborate actions such as loading drivers or code injection. Not all malware does this.

Lets say windowsupdate.exe is trying to start. You allow this as you think it is a legitimate windows process. Your firewall then detects it connecting to the net and you click allow because you think this is necessary for the update to work.

What you don't know is that this is in fact a malicious program. By changing its filename it can easily trick the end user. This program changes your homepage and adds a browser toolbar (something Antihook doesnt detect). Then it starts to use your pc to send out spam and functions as a backdoor for intruders). It doesn't trigger your HIPS as it doesn't install a rootkit etc.

Only an AV scanner would protect you if you made a mistake by pressing allow on one of the thousands of alerts your HIPS would give you. This is because unlike a HIPS an AV is definite, has few false positives and uses signatures not filenames to protect you.

I am back to the Comodo forums after being away for a while. Free products deserve free support from users in return!

[Tunerz]

Tricking a user is one way of malware to get through the defenses. If there's a rule added then the HIPS application will hardly detect the malicious moves being done by the malware.

As HIPS may be called a "system firewall", with wrong rules, anything can happen.

[Little Mac]

Enter CFP v3, with encrypted whitelist of known safe applications.

Gone will be the days of popup after popup from a HIPS.  If the application is on the whitelist, you won't see the alert.  If something/anything tries to change/modify/hijack the application (any application) you will get an alert.  No sneaking allowed.  It has a very detailed level of control, and information in the alerts is becoming more and more user-friendly/informative.

It's still in Alpha, but looking very good.

I'm not going to reinvent the wheel here; Melih has a number of posts about the whitelisting HIPS approach, and why it is so effective.  Please read those for more info...

LM

[MorphOS REBOL]

Even if at WildersSecurity you'll hear the contrary, I still, and probably will forever (remember, man's life is rather short) recommend DiamondCS ProcessGuard as the most reliable, non-intrusive HIPS ever being invented.

At Wilders they say: Don't use it anymore, cause....

Cause? The company maybe collapsed, but the prog is still great, as was their then revolutionary TDS3 that is no longer produces or supported.

The main site is down, but you can get them here:

http://www.diamondcs.com.au/processguard/pgsetup.exe

http://www.diamondcs.com.au/downloads/freeutilities/regprot.zip

Great oldies maybe, but very functional I guess...

Cheers

[carioca]

 
Buddy, I would agree up with you if I haven't find the prosecurity out. That's like processguard but it's really much better with a great support team and updating it all the time. But pg it's still usable but a little buggy. Best Regards.
 

[MorphOS REBOL]

Hi Carioca, obviously my statement about PG was meant, if only a little bit, ironic. Hope you didn't notice *lol*

Still, I really think anything (amongst them TDS3, Process Explorer and WormGuard) this formerly three headed Hellhound of an Australian team (Diamond CS) have ever developed, was simply great, and, in fact, PG is still great (not for Vista, I guess) imho.

I even recommend PG free to some friends, still. Not sure if I can do this by next year, of course.

You see, many people now do recommend Appdefend and Regdefend in the first place, just take a visit over at wilderssecurity.
I am not sure if everyone has noticed both proggies are obviously true descendants of PG and RP?

Jason Annice of Appdefend and Regdefend fame was one of the DiamondCS trio.

Gavin Coe has joined Trojan Hunter (Mischel Internet security) some time ago as a primary definition hunter....
You can find his personal website here, if interested:

http://www.anyspyware.com/about.html

And, as you can read here:
He still regards PG as "essential" (and seems to still be selling the full version, of course) whilst calling Regdefend by his former software developing mate only "very valuable".

http://www.anyspyware.com/software.html

I just don't know anything about the actual whereabouts of Wayne Langlois, though, who maybe was the former chief of the other two guys.

He seems to have been lost somewhere in space since some earlier legal threats were being made by some truly ungrateful and evil customers (yeah, customers can really be evil sometimes, you might believe me)

Maybe he's now at the stuff at InfoProcess (who do Antihook?), they're located in the same town at least... I don't really know.

I would love to recommend Antihook if it wasn't depending on the despisable .NET framework by Micros**t.

Enter "HI" for the variables here.

It's at version 3 now I heard?

Never needed it. Never liked Paint.net either, so I don't want .NET to create an additional account on my ol' horse, ye knowe?

Never really tested Prosecurity. Is it really so much better? Others tell about SSM and swear by it.
I never swear by any piece of software.

I always think the more thoroughly a HIPS is equipped, the more it will interfere with other security apps, because they tend to overlap in functions.

So, if having a firewall with extreme HIPS and registry implementations, it wouldn't be fine to additionaly have a good standalone HIPS and an exquisitely capable registry shield, right?...

So some may say: THIS is the best HIPS, use IT! But then again, if you have to disable crucial parts of your firewall to use THIS, THIS (whatever THIS is) may not be the best choice at all...

Hope I did not confuse anyone here *lol*

[carioca]

 
 I got it when you said to me "obviously my statement about PG was meant, if only a little bit, ironic. Hope you didn't notice *lol*" because I was using pg normally without any trouble, but I gave it up when I moved to PS.PS is What PG might have become if it had kept developed on.The PS forum administrator (global moderator) explained to me as follows:"PS support more functions than PG, such as file protection, registry protection and so on. These protections may cause more warning box, but I suggest you keep them enabled for a better protection. But anyhow if you only want a basic protection for simple using, you can disable them from Left menu "Privileges" -> Enabled protections." I advise you to use the freeware or the beta version first, but if you ask them they will give a big discount something around 50% roughly. Just send a copy of a registered sofware like pg or whatever or ask a PS beta as a beta tester. Go to PS homepage at http://www.proactive-hips.com and I also advise to call on its forum at the http://www.proactive-hips.com/forum. FYI I use the PS with sandboxie, nod32,lookn'stop fw,a-squared antimalware, superantispyware pro, SSM and returnil without any conflicts.Good trial! it was a good swap. I recommend it. Best Regards.
 
PS: Let me know later on your opinion after trialing it on.

[MorphOS REBOL]

At the moment I don't think it's time to change.

Ever heard about the old wisdom? : Never change a running system.

Now, I really think there's some truth about it.

But I will take a look at PS in the near future, and test it on my second pc.

Thanks for your information about PS, though [at] carioca.

[aladinonl]

 FYI I use the PS with sandboxie, nod32,lookn'stop fw,a-squared antimalware, superantispyware pro, SSM and returnil without any conflicts.Good trial! it was a good swap. I recommend it. Best Regards.
 
PS: Let me know later on your opinion after trialing it on.

uhmm, u use PS and SSM together? a2 antimalware and SAS pro together? if not conflict then overlap and resource wasting.

and by the way, u dun use any Comodo app?!

[carioca]

 

uhmm, u use PS and SSM together? a2 antimalware and SAS pro together? if not conflict then overlap and resource wasting.

and by the way, u dun use any Comodo app?!

I use nod32+ look'n'stop+ssm + ps+comodo boclean one of my machines. The seconde one I use Zone Alarm Internet security + ps + comodo boclean. I had to choose which antispyware I used with a real time in order to avoid overlap and resource wasting. As regarding CFP, I am not using at this moment but I will shift to it definitely when will be released the CFP 3.0 final version. I used the CFP 3.0 alpha which I liked it best. Best Regards.
 

[MorphOS REBOL]

No more trusting:

Please refer to this message:

http://forums.comodo.com/hips_host_intrusion_prevention_systems/the_dcs_processguard_is_a_dying_company-t7515.0.html;msg94338#msg94338

[Tags:]