Orbitech

Could incorporate these features?:On Execution Scanner,On Execution Scan blocks malicious executable files from launching. The user will be prompted to either delete the infected file or to add it to the Exclusion list.
Registry Shield,It prevents changes in the registry value of Windows AppInit DLLs. It contains the list of DLL files that are loaded at the startup time.
Process Shield,If the running process has got an infection then this shield will pop-up to prompt that a malicious file is trying to get executed on your system.
Windows Shield,

This shield monitors any changes made to the Windows Host file. The Host file is used as a first means of locating the address of a system, before accessing the Internet domain name system. It also prevents changes in the settings of Win logon Shell Registry which is used to load user profile on logon. It is the easiest target for spyware. They can modify its memory usage and function.
Startup Shield,

Any change in the Startup list is checked immediately if it contains any reference to the registry files.
Browser Shield

Browser Helper Objects are programs that can be executed inside Internet Explorer. They enter the system without the user's knowledge. This shield monitors any addition made to Internet Explorer Browser Helper Objects.
Kernel-level active protection. This system offers signature, behavioral and heuristic-based real-time blocking of threats.
including advanced behavioral detection to stay ahead of spyware attacks and remove malware.
FirstScan, a new scan and remove to detect and remove the most deeply embedded malware.
prevents the installation of rootkits.
controls the windows API.
support startup scans.
protection anti bot.

Hazard Shield's real-time protection already does block malicious executables from starting. I will look into adding options to deleting/quarantining/ignoring the detected exe.


Hazard Shield's real-time protection also has a registry monitor. AppInit DLLs are on the todo list of keys/values to watch.


In the Winlogon key Hazard Shield does watch the Shell value (as well as Userinit). To detect changes to the HOSTS file, we would need to implement a file system filter driver, which goes beyond the scope of Hazard Shield. Hazard Shield's scanner does detect suspicious entries in the hosts file though.


I'm not quite sure what you mean by this. Hazard Shield does monitor several startup locations in the registry if that answers your question.


BHOs are in the todo list of registry keys to monitor.


Hazard Shield has a kernel driver that handles blocking threats, but the signatures/heuristic checking is done in the service.


I have thought about an SSDT hook on ZwLoadDriver for rootkits on 32-bit systems, I'm not sure if it will ever be done though. As for controlling Windows APIs, we only use one hook on 32-bit systems for self-protection (basic SSDT hook on ZwOpenProcess). All other methods are callbacks. See here for startup scan. I'm not sure what you mean by protection anti bot. Could you elaborate?

AntiBot: preventing the connection to botnets, provides a simple way to actively monitor the processes running on your computer in order to quarantine or delete malware items. The program doesn't require an active scan--once protection is enabled, it is monitoring your system in real time.
aimed to provide software Also features startup manager,you control all programs that start.

I can look into something like that, but Hazard Shield currently doesn't monitor any internet/network traffic, so something like this would be on the list of possible features for the future.