I would like your opinion on how good is tds at keylogger detection, and i have heard that it detects a lot of them, but do u think this is enough or does it warrant another programme as a back up in keylogger detection.
Most people nowadays have a backup av programme, so do we need an extra keylogger detection programme as well.

your help is most appreciated

The Mul

Until someone does a truly comprehensive test on ProcessGuard to see if it's going to fulfill the role of a resident, "catch-them-all" anti-keylogger app, I totally suggest and recommend a dedicated anti-keylogging app IF you really concerned (for whatever reason) about the possibility of being key-logged.

The top three are:

SpyCop "Home" edition: http://spycop.com/products.htm (The one I use - and, IMO, the best).

Anti-Keylogger SOHO Edition: http://www.anti-keyloggers.com/

WhosWatchingMe: http://www.trapware.com/index.html

That's just my opinion, of course. Pete

Hi Mul, PG will stop most keyloggers.
TDS3 finds many - Check Help - Primary list.
To add another layer just run AdAware or Spybot.

Thanks pilli for your reply, and also thanks to spy1.
I have spybot, and also ad aware, so i will stick with this at the moment. As u said pilli, pg stops most keyloggers and that is good enough for me.


Have a nice day
the mul

Just let's all promise to send anything suspicious to submit@diamondcs.com.au so there is less and less chance anything is missed at all. Gavin doesn't mind having many doubles, better then missing one which could get on the loose harming somebody at all!

{QUOTE-> quoting: Pilli link=board=5;threadid=22576;start=0#msg134560 date=1077481368]
Hi Mul, PG will stop most keyloggers. <-QUOTE}

Pilli - I hate to say it, but that claim is so totally un-supported as to be useless. There hasn't been a single broad-based, definitve test of PG's ability to detect keyloggers at all.

Until there is, I stand by what I posted above. Pete

{QUOTE-> Pilli - I hate to say it, but that claim is so totally un-supported as to be useless. There hasn't been a single broad-based, definitve test of PG's ability to detect keyloggers at all.
<-QUOTE}



Agreed there has been no definitve tests keyloggers with PG or any other programme as far as I am aware but by it's very nature it can stop many if not all keyloggers that use the SetWindowsHookEx method and it can do this without the need for daily updates, prevention is better than cure IMO. This is demonstrated here:
http://www.diamondcs.com.au/processguard/index.php?page=attack-keystroke-loggers

As to being next to useles I disagree. :) All part of a layered protection approach.

Process Guard has the ability to stop nearly all software keyloggers. It can block the main one which is SetWindowsHookEx() always. Finally a lot of newer keyloggers these days are becoming driver based and PG can also stop these.

Not to mention that without these major key logging abilities at their disposal, keyloggers would have to turn to reading process memory and other such "process" methods, which PG can also block.

Of course, PG does not "detect" keyloggers already installed and it couldn't stop a keylogger driver which was already installed. But without a pro-active solution which PG is I doubt you would be able to stop as much as it can.

-Jason-

Pete, your stance is a very safe one - when it comes to a new program it's always best to test capabilities rather than just take the developers word for it, and indeed Process Guard certainly is a fairly new program, and nobody has ever done a thorough test of its protection against keyloggers so you're right to be cautious, BUT ... I can tell you that:
- it has worked against every keylogger we've tested it against
- virtually all keyloggers use the same technique, which is blocked by Process Guard
- it has a 'global' protection effect which is why it can effectively block every keylogger
- there are a couple of new, very advanced driver-based keyloggers (quite difficult to develop), but even these are blocked by Process Guard's driver-blocking capability
- Proof-of-concept can be downloaded here (http://www.diamondcs.com.au/processguard/keyhook.exe") - it's a harmless, simple demo program which captures keystrokes and displays the last key pressed. With Process Guard's protection in place, it cannot capture your keystrokes.

So although your cautious "wait until it's tested against every keylogger" approach is a safe one, I don't think there's any need for such concern - you can't decrease your security level by using it, and it IS already proven that it does block ALL keyloggers that use the keyboard message interception method of keylogging (the method used by every keylogging trojan we've ever seen).

But you say that you shouldn't rely on Process Guard because it hasn't yet been tested against hundreds of keyloggers ... but, the anti-keylog programs you've mentioned also haven't been tested ... :)
They've been around longer than Process Guard, but that doesn't mean much, and actually I think you'll find if you do your own testing that Process Guard's anti-keylog protection is stronger than all of them combined - but please don't take my word for it, test for yourself. :)

Cheers,
Wayne

{QUOTE-> quoting: Wayne - DiamondCS link=board=5;threadid=22576;start=0#msg134769 date=1077529804]But you say that you shouldn't rely on Process Guard because it hasn't yet been tested against hundreds of keyloggers ... <-QUOTE}

Look, I'm not saying that people shouldn't have ProcessGuard - I think everyone on Earth should have ProcessGuard, actually! And I mean that!

I'm probably even more excited and enthusiastic about it's "real-time detection" capabilities in regard to keyloggers than YOU are (do you have any idea how much time gets spent here - at seventeen minutes a pop, with everything else shut down - over the course of weeks, months and years - simply doing FULL scans for keyloggers?).

BUT the fact remains - ProcessGuard will not detect a pre-exisiting keylogger that already is hidden, active and driver-driven on someone's computer.

Now, the alternative strategy here is (of course) to be using the anti-crapware app, the anti-trojan app, the AV and the firewall of your choice for "surface" detection of the more common keyloggers - but if you're actually suspecting the presence of a keylogger for any reason - or you simply want to make absolutely sure (within reason) that you don't have any type of a keylogger whatsoever on your computer before you go to relying totally on PG for detection, then at the very least, one needs to install, update (if applicable) and run a full, in-depth scan with a dedicated, top-of-the-line anti-keylogger program - even if it's only long enough to take advantage of whatever trial-period that program offers, just for safety's sake.

And BTW, since we all agree that "layered defenses" are the way to go, it certainly wouldn't hurt to purchase whatever anti-keylogger specific program we finally decide upon, now would it? ;D

Is this clear enough now? Pete

My apologies Pete if I came across the wrong way, I was just trying to help clarify things :)

{QUOTE-> BUT the fact remains - ProcessGuard will not detect a pre-exisiting keylogger that already is hidden, active and driver-driven on someone's computer. <-QUOTE}
Process Guard was never designed as a 'keylog detector', although when it blocks keyloggers (at the time they obtain a hook), Process Guard's window will show the offending program. :)

Process Guard loads very early - typically a lot earlier than any keyloggers, so you're correct in that if you've just installed Process Guard then it won't alert to any programs that already have hooks, but as soon as you reboot, Process Guard should load straight away and even if a keylogger is set to start automatically, Process Guard should've started before it, so its request for a hook should be blocked by Process Guard. :)

But here's something you might find rather curious Pete! - Process Guard (as you know) was never designed as protection against keyloggers - that's just one of the inadvertant protections it offers as kind of a welcome side-effect from one of its main protections, but the end result is actually more effective against keyloggers than any other anti-keylogger program I've ever seen - I encourage you to try this for yourself :)

Cheers,
Wayne

No apologies needed, Wayne (accepted on principle, of course) - I'm thrilled flat to death with PG and not shy about letting people know about it.

Since I installed ProcessGuard,I have never felt this safe on the Internet before - and I thank DCS for that. Pete

Pete, you also have already TDS in your anti-keylogger toolkit, i've been told top notch and lots of keyloggers added to it's detection, so don't forget to use it also for that goal. If you find any "suspicious" detection please submit@diamondcs.com.au is waiting for it.

Rootkits same story i guess?

Jooske - Correct - same story.

The majority of people (myself included, at one time) don't have a clue as to what a rootkit is or can do - much less whether they're being affected/infected by one or not.

Since I'm relatively (99.99999...%) sure I didn't have one on here prior to getting and installing PG, I no longer feel like I have to worry about ever being affected/infected by one now that I do have PG on here.

It's amazing what one little (properly-designed, state-of-the-art, benchmark of protection) program can do for one's piece-of-mind, isn't it?

Of course, I'm well-aware of the dangers that could be presented by something totally new - but that's the nature of the game.

And I've been given every reason to expect (given their performance so far) DiamondCS to be on top of those future threats, as well.

(Basically, on the whole, Pete is a very happy camper! <g>). Pete