I found this, which Im sure many of you know about already:

http://firewallleaktester.com/aklt.htm

I have ProcessGuard - full version installed running with the highest security settings enabled and yet, the above test captures keystrokes and screenshots. (I have learning mode disabled, but allowed the test to run)

How can I protect against the vulnerabilities either using PG? Is it possible, or will I need another application?

Cheers,

ChrisP

I've seen may posts here about AntiKeyloggers. They all seem to degenerate into talk about other software :(

I mean, the antivirus section has a few regular and generally well thought of apps, eg NOD. Same with HIPS, firewalls etc

What we really need is a good answer / test of current anti Keylooger specific software to see which is better. From an old topic here I am using Snoopfree atm, but would really like to have a good, solid, well thought of (by the knowledgable folks here) Anti Keylogger specific software !!

http://wiki.castlecops.com/Lists_of_freeware_antikeyloggers

PSM is good imo. I like it better than Snoopfree.
{QUOTE-> These two anti-keyloggers are designed to detect hook based keyloggers. PSM (#1) unlike Snoopfree (#2) works on Win 98 as well as Win2K, XP. The former also monitors GetAsyncState , something not done by the later. On the other hand Snoopfree (#2) warns you of attempts to capture screen but PSM Antikeylogger does not. <-QUOTE}

My suggestion is not to even think about installing PSM. After a bunch of BSOD's I managed to get into safe mode . I think I got this app off my computer & its working again. At least I can now boot normally thanks to last good configuration.I almost got a chance to see if Paragon Drive backup would rescue my computer. You apparently can push the security envelope too far.

{QUOTE-> How can I protect against the vulnerabilities either using PG? Is it possible, or will I need another application? <-QUOTE}

I tell you all a secret: AAK+Outpost Pro = winning team against all above mentioned keylogg recording methods.

Forget PG. Use it as anti-injection/anti-firewall-bypass protection, because it´s the only thing that process guard is useful for. [The Master has spoken.. :D:D:D]

Process Guard is a bifrost killer (keep that in mind) use it to be the joy killer for chasenet (and their eternal try to generate a sophisticated remote tool that already loses against PG). :D:D:D:D:D

{QUOTE-> My suggestion is not to even think about installing PSM. After a bunch of BSOD's I managed to get into safe mode . I think I got this app off my computer & its working again. At least I can now boot normally thanks to last good configuration.I almost got a chance to see if Paragon Drive backup would rescue my computer. You apparently can push the security envelope too far. <-QUOTE}
Good that you share that. But i didn't have any problems. Best to advise then to use backups!

I am thinking that Before you install anything you should make a backup or at least have a fairly recent one. As for me I always know that you can crash & burn at anytime using programs like these. Also another user might never even have any problems. It depends on what is on the computer.

I once tested Martin's and found it took a combo of EQSecure + Snoopfree to PASS it's test successfully. I know other combos would do the same and like the above mentioned just a single program to PASS it's test.

I was afraid of keyloggers until my bank changed the login-procedure of the online-banking in a very difficult one, so that keyloggers are useless, even when they were permanently installed on my harddisk.
These keyloggers can still read and send my password, but that password changes all the time and is only valid for one login/logout session. Even when I'm inside and make a money transfert, I have to sign with another password.
Quite annoying and with a time limit, but very safe. Since then I don't login that much anymore, because it is so annoying.

So I don't really have an Anti-Keylogger software on my computer, but I remove all of them anyway during each reboot.
The difference with other users is that when a keylogger isn't detected on their computer, it remains on their computer, while on my computer one reboot is enough to get rid of ANY keylogger, even when the keylogger is unknown. I hope that Anti-Executable and DefenseWall are enough to keep my computer ALMOST keylogger-free during 4-8 hours. If they don't catch it, my reboot will catch it. :)

{QUOTE-> I found this, which Im sure many of you know about already:

http://firewallleaktester.com/aklt.htm

I have ProcessGuard - full version installed running with the highest security settings enabled and yet, the above test captures keystrokes and screenshots. (I have learning mode disabled, but allowed the test to run)

How can I protect against the vulnerabilities either using PG? Is it possible, or will I need another application?

Cheers,

ChrisP <-QUOTE}
Hi, there are many options.

SSM Pro( SSM free partially covers it).
PS pro
GeSWall free and pro
DefenceWall
CyberHawk
Primary Response Safe Connect( by Sana Security).
OnlineArmor 2( not checked myself)

Your enthusiasm in many ways mirrors my own Erik, and in some respects it even far surpasses them, like for example your unending satisfactions resulting from nothing but OUTSTANDING! results with FD-ISR :)

It's more than enough to turn the head of the most skeptical of skeptics although it didn't really take that much convincing for me after i reviewed enough of your posts regarding FD successes. LoL

Any keylogger is also an executable/process that requires sharp stealth to succeed and some clever coding to succeed with exploiting a guarded system, but that aside there still remains web scriptings concerns to deal with whenever visiting any site & right there is where my own suspicions hit a peak and not any malware per say which tries to enter my machine. I guess in that then, it's most important to choose a secure web browser that's designed well enough to prevent any private data from being exposed to lines of passage that might could become intercepted on screen entries from the keyboard. Therein again is where a solid firewall comes into play for safe private interactions.

Whew! Boy there sure is a lot of ground to cover when determining just how safe it is to interact and/or transact on the internet and many other points in-between to focus on.

I have SSM Pro - and I cant see that it does anything to protect against this keylogger

It sure detects all three tyes of keylogging.
See some example screen shots from Pro and Free SSM and PS Pro.

Hmm, how do I set it up to do that?

More here.
Can u describe in detail how u r testing it with SSM?

{QUOTE->
Any keylogger is also an executable/process that requires sharp stealth to succeed and some clever coding to succeed with exploiting a guarded system, but that aside there still remains web scriptings concerns to deal with whenever visiting any site & right there is where my own suspicions hit a peak and not any malware per say which tries to enter my machine. I guess in that then, it's most important to choose a secure web browser that's designed well enough to prevent any private data from being exposed to lines of passage that might could become intercepted on screen entries from the keyboard. Therein again is where a solid firewall comes into play for safe private interactions. <-QUOTE}
Well, I still have to polish my solution and the main trouble is time to do all that and another bigger problem is my TOTAL LACK of knowledge about Internet, Malware and Anti-Malware. I wouldn't even recognize a keylogger on my computer, because I have now idea how it looks, like most malware. ;D

Google and u can get plenty of them. Look at them closely and be satsified!;D

{QUOTE-> It sure detects all three tyes of keylogging.
See some example screen shots from Pro and Free SSM and PS Pro. <-QUOTE}
This one seems to be an executable (AKLT.EXE), which will be stopped immediately by Anti-Executable. I guess not all of them are that easy. I wonder why they don't call it AKLT.TXT

I guess all of them are that easy.
BTW I was not saying to execute it, just download and look at it closely.{QUOTE-> I wouldn't even recognize a keylogger on my computer, because I have now idea how it looks, like most malware. ;D <-QUOTE};D

{QUOTE-> From an old topic here I am using Snoopfree atm <-QUOTE}

The above is from your testing Aigle......fancy doing a new one (please, please please )?;D

lol, it was never a testing. Just a play of an ordinary home user.
ATM I have less n less time and need to focus my mind on many other things that are more imp!
Lets, wait for some real tests, ah.. AV comparative testing is near.
I stopped using SP as it is no longer being developed.

Hello,
You can protect against this by not running / installing programs that log keystrokes.
Mrk

{QUOTE-> Hello,
You can protect against this by not running / installing programs that log keystrokes.
Mrk <-QUOTE}He knows it already.

{QUOTE-> These keyloggers can still read and send my password, but that password changes all the time and is only valid for one login/logout session. Even when I'm inside and make a money transfert, I have to sign with another password.
Quite annoying and with a time limit, but very safe <-QUOTE}

Cool! SSM can detect all 3 methods, but no screenshot isn´t it?

So best way remains aak+outpost pro4.

{QUOTE-> Cool! SSM can detect all 3 methods, but no screenshot isn´t it?

So best way remains aak+outpost pro4. <-QUOTE}
If I have a malicious keylogger on my harddisk, I assume that keyloggers can record and send my keystrokes when I type my password, but that password is useless, when the thief receives it.
On-line banking was my most dangerous activity on my computer, but not anymore since the login-procedure changed.

I still can install softwares, that could contain a keylogger, but these softwares + keyloggers are gone after reboot, because I don't want to keep them.
I install alot of things out of curiosity, but I never install them permanently.

Hi!

Current DefenseWall's betas have full anti-keylogging support- some methods automatically blocks, some notified about (they can no be automatically blocked because some legitimate programs use them).

{QUOTE-> Hi!

Current DefenseWall's betas have full anti-keylogging support- some methods automatically blocks, some notified about (they can no be automatically blocked because some legitimate programs use them). <-QUOTE}
But ALL keyloggers, no matter what method they use, they do CHANGE your harddisk somewhere. Am I right about this ? :)

{QUOTE-> But ALL keyloggers, no matter what method they use, they do CHANGE your harddisk somewhere. Am I right about this ? :) <-QUOTE}
No, it may send it via Internet without saving to hard drive (pagefile is not counts as file).

{QUOTE-> No, it may send it via Internet without saving to hard drive (pagefile is not counts as file). <-QUOTE}
A very sneaking keylogger indeed, which is a problem in my boot-to-restore solution.

Suppose I run regedit and go to :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
and I change the value "0" into "1" (= Clear Page File Enabled)
Then Exit Registry and Reboot.

Then my boot-to-restore would clear the pagefile at shutdown and the keylogger would be gone.

Is that a possible solution grand master Ilya ?

PS: I noticed that the shutdown lasts alot longer with cleaning the page file.

Doesn't the pagefile automatically reset itself when you are using FD-ISR to freeze your snapshot?

Latest KAV7 also detects all three keylogging attempts by AKLT, as told by one user here.

{QUOTE-> Is that a possible solution grand master Ilya ? <-QUOTE}
No, I mean, keylogger may save its data into memory buffer (it could be pagefile-based if you have it enabled) and then send this buffer via Internet to its owner, clean it up and get data again.

{QUOTE-> Doesn't the pagefile automatically reset itself when you are using FD-ISR to freeze your snapshot? <-QUOTE}
AFAIK FDISR ignores the pagefile completely, it's not included in the copy/update along with 3 other objects, but I don't remember them.
Acadia knows all four and published them somewhere in the forum of FDISR.

{QUOTE-> No, I mean, keylogger may save its data into memory buffer (it could be pagefile-based if you have it enabled) and then send this buffer via Internet to its owner, clean it up and get data again. <-QUOTE}
I don't understand the last part (red in bold), does it mean I can't do anything about it ?
Does DefenseWall kill such sneaky keyloggers or will DW kill them in the next version(s) ?

{QUOTE-> AFAIK FDISR ignores the pagefile completely, it's not included in the copy/update along with 3 other objects, but I don't remember them.
Acadia knows all four and published them somewhere in the forum of FDISR. <-QUOTE}http://www.raxco.com/support/windows/fdisr/fdisr_faqs.cfm{QUOTE-> To save space, FirstDefense-ISR does NOT copy the pagefile or hibernate file.
There is a Tasks option to exclude System Restore Data when copying a snapshot or creating an archive. <-QUOTE}

pagefile file
hibernate file
*.tmp
System Restore data

Mike

{QUOTE-> http://www.raxco.com/support/windows/fdisr/fdisr_faqs.cfm

pagefile file
hibernate file
*.tmp
System Restore data

Mike <-QUOTE}
I might be wrong, but that doesn't solve anything. Excluding files doesn't clean them, they are just not included in the snapshot, that's all.

{QUOTE-> I might be wrong, but that doesn't solve anything. Excluding files doesn't clean them, they are just not included in the snapshot, that's all. <-QUOTE}What??? I was only answering your question... "but I don't remember them."

"Acadia, Mike, & Erik knows all four and published them somewhere in the forum of FDISR." ;D ;D

Mike

{QUOTE-> What??? I was only answering your question... "but I don't remember them."

"Acadia, Mike, & Erik knows all four and published them somewhere in the forum of FDISR." ;D ;D

Mike <-QUOTE}
Yes you are right. You answered my question and thanks for that.
I was too occupied with these POSSIBLE nasty keyloggers on my pagefile.
My apologizes. :-[

{QUOTE-> I don't understand the last part (red in bold), does it mean I can't do anything about it ? <-QUOTE}
I mean that there is no need for keylogger to dave its data into file- it may store it into memory buffer, send via Internet and, as data is sent, use same buffer for new data captured.

{QUOTE->
Does DefenseWall kill such sneaky keyloggers or will DW kill them in the next version(s) ? <-QUOTE}
Well, DefenseWall stops traditional keyloggers from proper work, as about advanced keyloggers- DW will notify you about it (v2.0), but won't stop its job as some legitimate applications (original ICQ client, for instance) are using those techniques to get keystrokes.

{QUOTE-> I mean that there is no need for keylogger to dave its data into file- it may store it into memory buffer, send via Internet and, as data is sent, use same buffer for new data captured.
<-QUOTE}
OK. But now I do this :
1. I clean the pagefile.sys at Shutdown, which I didn't before.
2. And my RAM is normally clean when I reboot.
3. If there is something changed on my harddisk, that will also be removed during reboot.
So the keylogger in my RAM and/or my pagefile.sys is completely gone after reboot.

{QUOTE-> So the keylogger in my RAM and/or my pagefile.sys is completely gone after reboot. <-QUOTE}
Keylogger in pagefile.sys?:o You should be missed my point. It is just swap file, nothing more. It could be used by system to store some memory data, but it can't store structured information like executable file. In fact, keylogger will gone after reboot with FD-ISR, but between reboots you need extra defense layer (anti-keylogger, anti-screecapturer, sensitive files protection from being hijacked).

Does that also include some rootkit or hider which might have circumvented the system and installed a keylogger that sends info based on a set time/date?

I'm of the mind DefenseWall and even HIPS programs pretty well squelches those attempts. Also what about a web site exploited page that uses iframes or another method to rapidly bombard the protection app untill it either closes with an error thus allowing entry for the intruder or fails completely?

Thanks.

{QUOTE-> Does that also include some rootkit or hider which might have circumvented the system and installed a keylogger that sends info based on a set time/date? <-QUOTE}

This does not include sophisticated tech on ultra low level.

<snip>

Yes I see there is at least one keylogger all anti maleware doesn't detect at that site. One of the programs is BoClean

edited to remove quote of keylogger spam - Detox

1 post spamming keyloggers for sale removed. Really now... ::)

Not to go OT, but I have heard of keylogging programs available to buyers who want to track where their spouse goes to online or to track children PC accesses. A bit of privacy issues involved of course. :shifty:

Detox

I only replied to a poster and you removed his post making it look like I am spamming? Not cool. besides when did you start removing links to maleware again which some programs do not remove or detect? If you would like to take this Pri, be my guest.


con

{QUOTE-> Detox

I only replied to a poster and you removed his post making it look like I am spamming? Not cool. besides when did you start removing links to maleware again which some programs do not remove or detect? If you would like to take this Pri, be my guest.


con <-QUOTE}

Well, gotta agree. Posters link to programs they suggest all the time. ALL the time. What made your post any different? It's not like you have 5 total posts fercrissakes, you have over 3,000!!!!!!!

You guys have misunderstood. The main post that Detox actioned was "removed entirely" because it was indeed made by a "brand new member" with a total of "1 post" (not even 5), who joined just to post that spam to this thread. (It was spam because it was to a commercial website that sells all kinds of keyloggers. Therefore "spam" not "malware", although live malware links also get removed here.)

Detox removed the spam post as is appropriate here at Wilders. Unfortunately, controler quoted the spam post, so obviously, the quote had to be edited out of his post otherwise the spammer would still have his post showing.

{QUOTE-> I only replied to a poster and you removed his post making it look like I am spamming? <-QUOTE}It's unfortunate that you quoted the spam post controler, but, just because a member quotes a spam posting does not mean that we're going to leave the spam in a thread. If we did that, the spammers would win and get their spam to stay on the forum.

I understand now. I was mistaken as well. Thanks LowWatermark!

Not seen Spycop mentioned yet: http://spycop.com/ How does it fare with the test?

Oh my god this tool is as old as the universe, fully sh*t, full of fps.
I tested it one year ago, but I know it already since 1999,
the sum of keylogger it found was about 330 (last year), thats nothing..,
too less related to the big advertising mouth they have. I doubt that the bad results
only came from the demo version I tested.

@ SystemJunkie

Really, Spycop still seems like a useful tool to me. Not the only antikeylogger you would need, but still useful. But It does seem like Spycop is more geared to the average joe trying to detect a commercial keylogger put on his/her computer by another newb.

And I agree detection of around 330 keyloggers does seem somewhat low. I did hear once that it can still detect a lot of commercial keyloggers because many of them use the same engine (rebranded) or something like that. I think a custom build is where you could have a real problem with Spycop.

Thanks for the explanation LWM but the way the edit was done, makes it look by new viewers of the thread, that I was spamming and posting links to maleware.
There are more then one company posted here that not only make anti-keyloggers but create commercial keylogging programs as well. I have always concidered even comercial keyloggers as maleware too. They don't see it that way however and neither do a lot of buisnesses.
I guess I thought the link the guy posted was for commercial keyloggers.

controler

{QUOTE-> Thanks for the explanation LWM but the way the edit was done, makes it look by new viewers of the thread, that I was spamming and posting links to maleware.
<-QUOTE}
When I first read the edited post, I also thought that too.:-X

{QUOTE-> And I agree detection of around 330 keyloggers does seem somewhat low. I did hear once that it can still detect a lot of commercial keyloggers because many of them use the same engine (rebranded) or something like that. I think a custom build is where you could have a real problem with Spycop. <-QUOTE}

Indeed but the enhanced detection let us consider it as heuristic is very bad, partly it uses string scan method, very primitive, that will lead to mass fp´s.

Hi there,

here is a very special Anti Keylogger software;
www.anti-keylogger.com
Any clues ?

true north

{QUOTE-> Hi there,

here is a very special Anti Keylogger software;
www.anti-keylogger.com
Any clues ?

true north <-QUOTE}

Has anyone here actually used this program and is happy with it? Just curious sence True North recomends this when there is a keylogging thread. Not saying it's no good sence I never tried it.Anyone?

@ Lonewolf

I don't know if this will help you, but I tried it a while back. It seems to be a half way decent program. Though I did have problems between AntiKeylogger and some other programs that hooked into the kernel. There seemed to be some kind of conflict between them and AntiKeylogger. Maybe that's been fixed now, I'm not sure.

But I don't find a need for the program myself due to all the excellent HIPS programs around these days. With HIPS you can block a lot of keyloggers, hence no need for a antikeylogger, in most cases.

You can also run a few of the free antikeyloggers that are around and save some cash. Like Neo's SafeKeys and My Planet Soft antikeylogger. These along with a decent HIPS should be a pretty good defense against being keylogged.

Of course if you run into some real fancy custom build keylogger, your on your own.

{QUOTE-> @ Lonewolf

I don't know if this will help you, but I tried it a while back. It seems to be a half way decent program. Though I did have problems between AntiKeylogger and some other programs that hooked into the kernel. There seemed to be some kind of conflict between them and AntiKeylogger. Maybe that's been fixed now, I'm not sure.

But I don't find a need for the program myself due to all the excellent HIPS programs around these days. With HIPS you can block a lot of keyloggers, hence no need for a antikeylogger, in most cases.

You can also run a few of the free antikeyloggers that are around and save some cash. Like Neo's SafeKeys and My Planet Soft antikeylogger. These along with a decent HIPS should be a pretty good defense against being keylogged.

Of course if you run into some real fancy custom build keylogger, your on your own. <-QUOTE}

Was not really considering running this app just curious. I suspect between all my security apps i'm pretty well covered.
Thanks thou.

{QUOTE-> Has anyone here actually used this program and is happy with it? Just curious sence True North recomends this when there is a keylogging thread. Not saying it's no good sence I never tried it.Anyone? <-QUOTE}

Yes, a real chaos tool this akl driver ruins the whole fonts of several apps, did you follow some of my posted screens, then take a look what it did with app defend 1.2 alpha. The driver really makes some apps useless it even managed to let my pc beeper play some absolutely new melodees and the prog crashed and failed to start on my system. I guess it´s the same as anti-keylogger 7.4, not better(even much worser related to stability) then process guard and worser then AAK 3.7.

{QUOTE-> Yes, a real chaos tool this akl driver ruins the whole fonts of several apps, did you follow some of my posted screens, then take a look what it did with app defend 1.2 alpha. The driver really makes some apps useless it even managed to let my pc beeper play some absolutely new melodees and the prog crashed and failed to start on my system. I guess it´s the same as anti-keylogger 7.4, not better(even much worser related to stability) then process guard and worser then AAK 3.7. <-QUOTE}


One to stay away from then. Thats ok,currently satisfied with the setup I have now.Was just wondering about it. Thanks SystemJunkie.

{QUOTE-> One to stay away from then. Thats ok,currently satisfied with the setup I have now.Was just wondering about it. Thanks SystemJunkie. <-QUOTE}

Lonewolf, this tool scratched my whole system, don´t install it except you have a good backup, that´s my advice. ;)