I noticed that CH fails agiainst some common malware behaviour.

- Zilla.exe( Browsezilla) trojan-/ worm- CH gives a warning but fails to stop is from copying itself in C:\. It needs to be fixed.
- XP Killer trojan- CH fails to stop this trojan completely and the trojan deletes System restore, Windows update and FireWall services.
- Qucan IM worrm- CH fails to stop it from disabling Task Manager and RegEdit. It adds a start up entery in but CH doesn,t detect it.
- KillDisk virus- I did not try as it,s very nasty. This virus corrupts partition table and system becomes unbootable. I wonder if CH can stop it?
- Prueba malware, discussed here

http://www.wilderssecurity.com/showthread.php?t=179003&highlight=ssm

CH does not detect any malicious action of this malware. It,s totally blind to it.

I can send all these malware to you if u PM me.

I have some suggestions too.

First thing that I want to suggest that this popup( see Pic) by CH might need to be modified a bit. I have seen this pop up from CH when a malware tries to write into another process memory/ modify other process memory, create remote thread etc. I think there should be addition of in "an unusual way" at the end, just to make it more prominant.

Secondly have suggestion to change the layout of popup.I have shown a sample layout in the pic.

Lastly, an option to add Exceptions( like your security software etc) so that they will not be monitored by CH, it might decrease conflicts, resources usage of CH and possible false positives( though I am not sure, developers can know it better).

Hi Shaheen--

Thanks for the comments and suggestions--we really appreciate your diligence in tracking those items down and forwarding them to us.

We are actually aware of all of the malware samples you describe, and rest assured, we're constantly working on improving Cyberhawk's protective capabilities. We've just been very focused lately on getting our new version ready for public beta (coming very soon!) so that's why you haven't heard much from us lately. The new version will actually be a completely re-branded version of the product, and going forward we'll move ahead solely with the new product.

And while you'll see some significant changes for this initial release we actually are well on our way to planning for the subsequent updates. In future updates we are planning some major improvements to the alerts so that they provide better guidance in making a decision and also provide more details about just what's happening. That again won't be in the initial public beta, but will follow shortly after that--stay tuned!

To explain how it will work initially, we'll have 3 color-coded alerts:

Red--known malware, automatically quarantined
Yellow--potenial malware where you must decide to allow or quarantine
Gray--potentially unwanted application, which includes "grayware" items such as adware or system admin tools where you may or may not wish to quarantine, but they may not be specifically malware

Please know that we have been taking all user suggestions into account as we design the new product, so please keep the feedback coming!

Kind regards,

Thanks for the reply. Looking forward for next version.:p
If u can remember, I am aigle from Wilders.

All the best

Hi aigle/Shaheen--

I thought it was you! :)

Glad to see you over here, too!

Thanks.:)
Good wishes and all the best to you and your software.

Not sure if it should be detected or not by CH, but I noticed that CH does not detect execution of SQL slammer worm on XP Home SP2.

Hi
Have you tried the new ThreatFire BETA? It boasts better protection than CyberHawk.

Ya, I have already installed it yesterday, but still I did not get any times to run some tests on it.
I was thinking it,s mainly rebranding with some tweaks.

By the way, one very good thing with TF beta is that so far I have not seen off and on CPU spikes from its service( especially on launch of applications), Ch used to give such spikes with sometimes slow downs etc. It,s a nice improvement.

It,s a bit OT but one user at wilders have reported that it "calls home" at reboot even with updates & community protection disabled. I can,t confirm it as I have no outound FW on my system ATM. Is it true?

Hi
Im not too sure about that. Cyberhawk used to contact quite a bit, I automatically allow TF access and let it get on with its stuff!

Running CH without any spikes or slowdowns, but would love to try TF. How stable is it though?

It,s a bit OT but one user at wilders have reported that it "calls home" at reboot even with updates & community protection disabled. I can,t confirm it as I have no outound FW on my system ATM. Is it true?
I don't understand why people get so paranoid whenever they see a program trying to connect. With the level of permissions the TF drivers have over the OS, I doubt any malicious activity would be so visible, if that's indeed what they were trying to do.

We have tried to replicate this behavior, monitoring network activity, but have not seen this "calling home". And it should not, if Automatic Updates are off, and Community Protection is off.

Thanks for clearing the matter.