Was interested in a program at http://www.anti-keyloggers.com/ *when it becomes availble for XP. *But it bodes the question of viability. *I have *behavior based script defenses and the registry is locked. *Still, keylogging RAT's are a viable intrusion tool. *Before considering this in the arsnel - *I'm wonder how anything like a keylogging RAT could possibly get by ExecProt in TDS3, Sciptsentry, SurfinGuardPro and Norton02's script feature in the first place? *Any opinions on whether this $60.00 program would be useless overkill or a legitimate defense measure? *Thanks, Rickster

Riickster - Unless they've changed it, it may not matter. If I'm not mistaken, even if you don't buy AKL, the detection portion of the program keeps on working. (Whether it stays updated or not, I don't know).

As to whether or not the others will detect/protect - I really can't say - depends on what's in the DB as re: TDS. (I know they do *provide detection for a lot of KL'ing programs).

Doesn't SurfinGuardPro's FAQ's or 'Help' file tell you what it will do in regard to KL's? Pete

Thanks Pete. *Nothing specific about KL's. *Noticed SGPro won't defend against macro viruses however. *Your suggestion prompts me to learn about the form KL's can assume. *I was attracted to TDS and Trojan Hunter (opting for TDS) for ad-hoc test results with compressed trojan forms. *I now focus on heuristics for the unknown/undefined "first strike" risks. *Prior to upgrading a friend and I took the system on a suicide mission to the dark side for several days (curious how they'd do outside the safety of market driven tests) and SGPro nailed all active content. *

How hueristic ExectProt and other script defenses are isn't clear. *Not overly concerned about known KL RAT's. *If there's anything "known" out there, I likely have best in breed, or a combination thereof, in here to deal with it. *The makers of Anti-KL emphisize the hueristic nature of it - so gets my attention, ergo - it might be better stated, is there be a threashold with hueristics before invoking useless redundancy. *

I know what KL's do, but speculation on their mechanics and forms are always welcome too. *For instance I wouldn't know if a KL RAT would "have" to access the registry - which is already heavily guarded - or assume a macro form in a .doc or .xls document. *I'm sure to draw a chuckle on that - but that's what you get with folks like me who are void of "any" programming related knowledge. *(oh, well I know what del*.* does and not to do that to your autoconfig.bat or config.sys) Thanks, Rickster