http://www.spyarsenal.com/familykeylogger/ Seems like these get missed when I download them and scan them. Since these are legit keyloggers you can buy is that why they are bypassed as malware?

Not trying to sound smart alecky at all but wouldn't marking a legit program/file/process be considered a false positive? :)

If my wife/girlfriend installed these types of things I'd want to be able to scan for them wouldn't you?

Not going to test it myself but have you tried SnoopFree against this?
WinPatrol did not show that this was installed?

Yeah, I suppose I would. Perhaps a dedicated keylogging scanner might work better. I'm not all that knowledgeable about keylogger scanners but many feel SpyCop is one of the best for that job. But it's not free http://spycop.com/ An older but free scanner that many often list in their arsenal is SnoopFree http://www.snoopfree.com/default.htm

-{ Quote: "http://www.spyarsenal.com/familykeylogger/ Seems like these get missed when I download them and scan them. Since these are legit keyloggers you can buy is that why they are bypassed as malware?" }-


The reason those programs didn't detect the keylogger, is because those three programs all stink at finding keyloggers. Winpatrol is probably the best of the bunch.

I think many popular AVs even have a higher detection rate of keyloggers. If you don't believe me try a couple more keyloggers, I'll bet you'll get similar results.

You really need a program specifically designed for the detection of keyloggers (aka antikeylogger) if you want a higher detection success rate and/or HIPS to block them.

-{ Quote: "http://www.spyarsenal.com/familykeylogger/ Seems like these get missed when I download them and scan them. Since these are legit keyloggers you can buy is that why they are bypassed as malware?" }-

BoClean is primarily an anti-trojan program so its keylogging detection probably isn't that great.

I believe Nick of SuperAntiSpyware.com has stated that SAS is more focused on detecting/removing keyloggers bundled with malware than commercial keyloggers.

How did you scan with WinPatrol? It doesn't have a scanner. If a keylogger was installed with Scotty patrolling, I'm pretty sure it would notify a new suspicious start up entry which could then be blocked.

Sounds like you need a program like Cyberhawk or Norton Antibot (repackaged Sana Security Primary Response SafeConnect). They monitor system behavior and processes and they will alert you if something is wrong.

-{ Quote: "Not going to test it myself but have you tried SnoopFree against this?
WinPatrol did not show that this was installed?" }- Yes snoopfree is where I leaned of these keyloggers. The snoopfree website invites you to download these keyloggers to prove they can detect them. So when I did download them to see which of my applications could detect them, NONE of them did! Winpatrol failed, boclean 424 failed, and the newest superantispyware failed to notifiy me and they were all running as I installed these keyloggers. That's not good. I was expecting better results.

-{ Quote: "BoClean is primarily an anti-trojan program so its keylogging detection probably isn't that great.

I believe Nick of SuperAntiSpyware.com has stated that SAS is more focused on detecting/removing keyloggers bundled with malware than commercial keyloggers.

How did you scan with WinPatrol? It doesn't have a scanner. If a keylogger was installed with Scotty patrolling, I'm pretty sure it would notify a new suspicious start up entry which could then be blocked." }- You'd be wrong since winpatrol missed them. I had it running while installing and not even a peep. These keyloggers show up in your start menu and you have the option of hiding them in stealth mode so they don't appear anywhere. Sounds like something I'd want to be able to scan for and detect.

-{ Quote: "Yes snoopfree is where I leaned of these keyloggers. The snoopfree website invites you to download these keyloggers to prove they can detect them. So when I did download them to see which of my applications could detect them, NONE of them did! Winpatrol failed, boclean 424 failed, and the newest superantispyware failed to notifiy me and they were all running as I installed these keyloggers. That's not good. I was expecting better results." }-

We (SUPERAntiSpyware) specifically don't detect the commercial keyloggers as they are used by many companies, etc. for legitimate purposes. We may add them in the future as "warning/notification" rules/definitions.

-{ Quote: "You'd be wrong since winpatrol missed them. I had it running while installing and not even a peep. These keyloggers show up in your start menu and you have the option of hiding them in stealth mode so they don't appear anywhere. Sounds like something I'd want to be able to scan for and detect." }-

I enabled "Autorun at system startup", closed the program, and got this

http://i7.photobucket.com/albums/y292/jt110/Clipboard01.jpg

-{ Quote: "We (SUPERAntiSpyware) specifically don't detect the commercial keyloggers as they are used by many companies, etc. for legitimate purposes. We may add them in the future as "warning/notification" rules/definitions." }-

Nick...Is SAS being used in corporate settings? I thought your target audience was primarily home PCs. I can see not wanting to detect keystroke loggers at the office.

But for home use, I think most people want to know if their spouse, significant other, or really anyone is monitoring what they do on-line. You can always set SAS to ignore or trust certain applications if you want them on your PC. And I know that we've talked about this topic before, I just thought I would get my 2 cents in again while the topic was being rediscussed.

I think your "warning" or "caution" is a decent compromise. Even if you choose not to be able to remove keyloggers, warning the end user that they are being watched is probably a good thing.

-{ Quote: "I enabled "Autorun at system startup", closed the program, and got this

http://i7.photobucket.com/albums/y292/jt110/Clipboard01.jpg" }-


I don't get the alert you get. I installed the keylogger and let it sit on my machine and went about browsing the internet and none of those apps pick it up. This is by design so that certain keyloggers CAN work against you at the office?

but remember at an office you have to sign a disclaimer before an employer can record your keystrokes using a keylogger.
lodore

-{ Quote: "but remember at an office you have to sign a disclaimer before an employer can record your keystrokes using a keylogger." }-
According to what? Is there some law that specifies this? If so, you might want to clarify which countries this law applies to, as I very much doubt it is universal. Also, what does the supposed law entail? Is it simply that the employee must be notified, or is it that the consent of the employee must be acquired, and would such consent be optional or required to get the job? Does that vary by company policy or does the law restrict that? Sorry for the plethora of questions, but it seemed some clarification was in order.

Lots of members here often forget or don't realize who their audience is at this forum. This is a diversified community in terms of location and nationality, and as such one should provide clarification for things that vary by country such as laws.

-{ Quote: "I don't get the alert you get. I installed the keylogger and let it sit on my machine and went about browsing the internet and none of those apps pick it up. This is by design so that certain keyloggers CAN work against you at the office?" }-

Check your setting for how often Scotty patrols. The plus you can monitor in real time,the free no sooner then once a min.

I'm using the free one. I've checked the settings on how often scotty patrols. The snoopfree program catches it immediately as well as my antivirus. I know I let the program run for longer than a minute. I didn't reboot though. I installed the keylogger in a virtual environment and it went away on reboot.