Can anyone testify as to how reliable ewido is at preventing/detecting/removing keyloggers....either with the real-time guard protection enabled, or through scans? I know that they've added some heuristics, but I'm curious how effective they are, and how many signatures ewido has in it's database for keyloggers.

i think thats the malaware that ewido lacks

According to ewido's web-site, they purport to excel and/or protect against keyloggers:

"Trojans and Keyloggers
No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings."

....but this is an area that I haven't heard much about as far as and in terms of detection, removal and prevention goes, so anyone who uses ewido and has any experiences or data that they can share, that would be great......

{QUOTE-> According to ewido's web-site, they purport to excel and/or protect against keyloggers:

"Trojans and Keyloggers
No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings."

....but this is an area that I haven't heard much about as far as and in terms of detection, removal and prevention goes, so anyone who uses ewido and has any experiences or data that they can share, that would be great...... <-QUOTE}There may be something in this thread. http://www.wilderssecurity.com/showthread.php?t=93179&page=1&pp=25

Thanks, Hammer. No, no mention specifically of ewido's effectiveness at dealing with keyloggers in that thread....but thanks anyway. Hopefully maybe somebody will come along soon with some definitve answers, though.

Where's fish when we need him? :o ;D 8)

Hi,

I have definitely used Ewido to clean keyloggers from infected machines of people I know. However, I personally prefer the ProcessGuard preventative approach.

Rich

{QUOTE-> Hi,

I have definitely used Ewido to clean keyloggers from infected machines of people I know. However, I personally prefer the ProcessGuard preventative approach.

Rich <-QUOTE}

Reallly? :o

Never would have guessed that ;D

Thanks, and I know.....but I'm not using PG. Hopefully Online Armor, UnHackMe, Spyware Doctor, WinPatrol and others will help aid in the prevention of....but I'm curious as to ewido's effectiveness as well (in case I decide to use it for real-time anti-malware protection)........

Have a read through this thread.
http://www.wilderssecurity.com/showthread.php?t=94734
Looking at post #30 it appears that once you get to the serious 'stealth' keyloggers then you need a dedicated Anti-Keylogger. I use Spycop which excels at detecting commercial keyloggers. I also use Security Task Manager which i really rate at spotting hook based keyloggers. There are others you may want to try. Best bet is to trial a few and see which you like best.

muf

Interesting thread Muf. ;) I wouldn't rely on Ewido myself for the detection of all malware. It does do a good job in many cases, but if the sigs aren't there, then chances are you won't find the keylogger, and its heuristics don't seem to be able to do the job in all cases either.

I would do as Muf suggested here and get a good dedicated anti-keylogger, if your worried about missing some keyloggers with Ewido. Most of the anti-spyware/malware programs (like Ewido) will find many keyloggers, some more than others, but most seem to still rely on signatures for the most part.

So if some new keylogger (kernel based or other very stealthy one) comes along you probably won't find it unless your anti-malware has the sigs for it, but you might have a chance if your anti-malware/anti-keylogger has some heuristic ability, then again maybe not. Especially if the so-called infamous Holy Father has something to do with it, not to mention all the other lowlife malware writers out there, who seem to be getting better at defeating many of our current defenses.

{QUOTE-> ...Ewido..., and its heuristics don't seem to be able to do the job in all cases either. <-QUOTE}
From ewido (http://update.ewido.net/changelog.txt)
{QUOTE-> Known Bugs:
- Fast user switching is not supported
- Only basic heuristics
<-QUOTE}

Did you tried with the a-squared Guard that have the IDS feature?

The keylogger rules in the current ewido heuristics were almost completely disabled due to too many false positives, we're working on it. Also, future versions will offer generic keylogger protection... :)

{QUOTE-> The keylogger rules in the current ewido heuristics were almost completely disabled due to too many false positives, we're working on it. Also, future versions will offer generic keylogger protection... :) <-QUOTE}

Thanks, fish....knew we could count on you to get the skinny ;)

But what exactly do you mean and will this "generic keylogger protection" include or provide (without providing too much detail)?