AntiHook
From CastleCopsWiki
Product: AntiHook
Company: Info Process
Website: http://www.infoprocess.com.au/antihook.php
Support forum: http://www.sscnetwork.net/forumdisplay.php?f=15
First released:
Feature list: Main features include execution control, process modification and termination control, service/driver installation control, registry control. Full Feature list compared to other products
Various reviews and tests: http://securityonthenet.blogspot.com/2005/11/antihook-2.html , http://kareldjag.over-blog.com/4-categorie-69553.html (both for V2),Security Advisory, Nicm's test against selected "unhookers" malware
Contents |
[edit] Quick review
[edit] Screenshots for prompts
 Prompt for application starting (click to enlarge) |
 Prompt for termination of application (click to enlarge) |
 Prompt for autostart created(click to enlarge) |
 Prompt for startup dll (click to enlarge) |
 Prompt for enabling/disabling service/driver (click to enlarge) |
 Prompt for system-wide Windows hook (click to enlarge) |
[edit] Screenshot for rules
 Rules listing for processes allowed to start (click to enlarge) |
 Editing of processes allowed to start rules (click to enlarge) |
 Rules listing for processes allowed to terminate(click to enlarge) |
 Editing of processes allowed to terminate rules (click to enlarge) |
 Rules listing for processes allowed to modify other processes (click to enlarge) |
 Editing of processes allowed to modify other processes rules (click to enlarge) |
 Rules listing for processes allowed to modify registry and install drivers/services (click to enlarge) |
 Editing of processes allowed to modify registry and install drivers/services rules (click to enlarge) |
 Rules listing for processes allowed to install Windows hooks (click to enlarge) |
 Editing of processes allowed to install Windows hooks rules (click to enlarge) |
[edit] Screenshot for Misc
[edit] Weaknesses
- Needs MS .NET framework
[edit] Free version
2.6 is the last freeware version. 3.0 is now payware. Some differences
- 3.0 version no longer monitors dlls (except for startups and hooks).
- .NET Framework 2.0 is compulsory for Antihook 3.0 but is not strictly required for Antihook 2.6. Still most people will want to use the rules editor so they will need to install .NET framework 1.1.
- Antihook 3.0 supports XP fast switching also as well as 3 different configuration levels including a high security -block all mode. Antihook only has fingerprinting and normal modes.
- Antihook 3.0 has password protection of options but not 2.0.
- Antihook 3.0 has a simplified interface compared to 2.0
- Other differences
"AntiHook 3.0 is now the beginning of the HIP Enforce product line from InfoProcess that is being expanded to provide feature-rich HIPS technology for home users, small business and the enterprise. Features for larger organisations such as central administration, logging, reporting and policy implementation are coming soon.
AntiHook 3.0 has been completely redeveloped from the ground (or kernel level) up. Although it may look somewhat familiar to users of previous versions, it is essentially a completely new product.
AntiHook is now focused on its strength of detecting malicious behaviour in software, especially at low and otherwise undetected levels (by other security software) and has therefore discontinued checking of software at the user-mode level, for example the loading of DLL's. The detection of malware in this area is now gaining more protection now from the anti-virus/anti-spyware suites.
As a consequence AntiHook is now a faster, more secure and efficient product. As well the user experience is better since there will now be significantly less "noise" in terms of popup alerts, making it a more user-friendly product."
