KEYLOGGER TESTS: Plz test and post your result.

[AaLF]

I need to know what software win and lose against this series of keylogger vulnerabilities tests. If you guys can be so kind as to download and run the .exe much appreciated.

Here is a link to spyshelter.com

At the bottom right of their home page you will find a keylogger test file to download and check yourself for vulnerabilities.

Its a single .exe that opens up a panel to click on 6 tests. Simple easy & quick. I'm interested to see which HiPS SecuritySuites, (hippy)FWs & anti Keyloggers etc miss any. And your AV spotting the .exe as malware doesn't count as a pass. You gotta run the the tests.

Nothing adverse happened to me by downloading it except a bit of embarrassment by a few failures.

So let us know what software you tested with & how did it fare against the six simple quick tests?

[Noob]

Most HIPS will fail against these type of tests because these things are extremely focused on screen cap, sound log etc, and the HIPS were not made to protect specifically this situations. Unless you use another Anti Keylog software such as Zemana etc.

[jmonge]

Nod says
Access denied!


Details:
Web page: http://spyshelter.com
Category: Criminal Activities - Child Abuse Images, Criminal Skills, Hacking, Hate Speech, Illegal Drugs, Marijuana, Piracy and Copyright Theft

Comment: Web page was blocked because it matched prohibited categories.

[ichito]

Quote:

Originally Posted by jmonge

Nod says
Access denied!

Haha Try Zemana site
BTW...SpyShelter pass all

[jmonge]

Zemana it is good no problem

[moontan]

Quote:

Originally Posted by jmonge

...

Details:
Web page: http://spyshelter.com
Category: Criminal Activities - Child Abuse Images, Criminal Skills, Hacking, Hate Speech, Illegal Drugs, Marijuana, Piracy and Copyright Theft

is that included in the trial version?

[ichito]

Quote:

Originally Posted by jmonge

Zemana it is good no problem

Hmmm...it looks that your web-filtering is some "silent and good friend of Zemana"

[Noob]

Hahaha wonder why NOD would block SpyShelter
We need to report that!

Anyone can try this with OA highest setting just to check it out?

[cm1971]

Avira blocks it too. I just tried it and got an access denied from Avira.

[Noob]

Blocks the .exe or the website?

[cm1971]

Both as far as I could tell...here is what it says.

Quote:

Warning

In order not to compromise your security, this page will not be accessed
The requested URL has been identified as a potentially dangerous website.
Further information as to why this page was blocked can be found here. A description of how to remove the block for this page is available here.



Requested URL: -http://www.spyshelter.com/download/AntiTest.exe-
Category/categories:
Malware

[Konata Izumi]

spyshelter update has ceased lately.
do you think the site is compromised hence it gets blocked?

[AaLF]

Quote:

Originally Posted by Konata Izumi

spyshelter update has ceased lately.
do you think the site is compromised hence it gets blocked?

Maybe or its some sorta unfriendly competitive rivalry. Odd that two dif. AVs can sniff something there. I have no AV up right now so I can't tell. Let's see what the others say.

Any other AVs getting jumpy knocking on Spyshelter's door?

[AlexC]

SRP blocked the .exe
prevention, prevention, prevention...

[tomazyk]

I tested it against Malware defender. Here are resaults:

Keylogging - PASSED
Webcam capture - did not test (got no cam connected and it would probably FAIL)
Screenshot - FAIL
Clipboard monitoring - FAIL
System protection - registry access 1 and 2 -PASSED; driver registering FAIL
Sound record - did not test (got no mic connected and it would probably FAIL)

MD did as I expected. I was only surprised for failing driver registering test.
Of course I have allowed test to run. Had I block the execution MD would pass 100%

[vojta]

I tested Personal Firewall in XP 32 with maxed up settings.

Keylogging - Passed
Webcam capture - No cam here
Screenshot - Passed
Clipboard monitoring - Passed
System protection - memory access 1 Passed, the rest Failed
Sound record - Not covered by PF

It also passed Zemana's Keylogging, Clipboard monitoring and Screenshot tests. I don't have the SSL test.

Of course, it alerted of all the tests, I had to alow them first.

[phaser]

Quote:

Originally Posted by Konata Izumi

spyshelter update has ceased lately.
do you think the site is compromised hence it gets blocked?

A new beta for SpyShelter 6.0 is out, so I wouldn't worry.

Quote:

Originally Posted by cm1971

Both as far as I could tell...here is what it says.
Requested URL: -http://www.spyshelter.com/download/AntiTest.exe-
Category/categories:
Malware

Probably the keylogger test is now blocked by some vendors (like SpyCar and others, without being a real malware).

[gambla]

I tested Online Armor Free + Threatfire against it:


Keylogging - Passed (OA free)
Webcam capture - No cam here
Screenshot - failed
Clipboard monitoring - failed
System protection :
Test 1 - Passed (Threatfire)
Test 2 - Passed (Threatfire)
Sound record - Passed (OA free)

I'm pleased with the result.

[Dark Shadow]

WSA blocks it as well as a win32 Malware Gen.

[zakazak]

CIS (the AV) blocks the file as well.

[Dark Shadow]

Geeze either a lot of FP going on here or the site may have been compromised. I hope not,it will not look to good for SS if it has.

[chris1341]

I find the fact that AV's are blocking/detecting this file depressing. It has been available for some time and is from a known reputable vendor. Occassionally I need a reminder why I gave up on them in real time, things like this help! I suppose it could be classified as a PUP or the heuristics are detecting the behaviour but still. Could it be to avoid their users knowing they don't pass the test? Surely not

Anyway detection ain't the point here, ability to recognise and prevent the apps key/screen logging etc is.

I think you will find nowadays all the main HIPS OA, Comodo, Outpost etc do very well on the tests on 32 bit sysyems. On 64 bit it is a different story (not surprising given the patch gaurd issues) although keylogging protection seems to be much better now but screen capture protection still fairly poor.

I've been considering using HIPS again recently and on my Win 7 64 bit set-up (last month or so) I've tried Outpost, Comodo, Online Armor, Private Firewall and even Kaspersky 2012 HIPS against these tests. All passed the keylogging and they failed either the clipboard and/or some or all of the screen capture. Surprising (to me anyway) on my set-up Outpost was best as it was poor on 64 bit not long ago and even more so that PFW was by far the worse and furthest behind the very good 32 bit version (although to be fair none offerred the same degree of protection they did on 32 bit). Spyshelter itself of course passed all and WSA prevented all when in a https site.

I think we should find this type of thing interesting and perhaps even indicative but there should always be the regognition that developers could have designed their products to pass this particular test rather than to protect against the methods it uses.

Anyway.......

[blacknight]

Quote:

Originally Posted by zakazak

CIS (the AV) blocks the file as well.

Yes, but if I allow the test, it says to that some registry's keys was modified: but they should be protected by default by Defense+ settings. So ??

[Dark Shadow]

Quote:

Originally Posted by chris1341

I find the fact that AV's are blocking/detecting this file depressing. It has been available for some time and is from a known reputable vendor. Occassionally I need a reminder why I gave up on them in real time, things like this help! I suppose it could be classified as a PUP or the heuristics are detecting the behaviour but still. Could it be to avoid their users knowing they don't pass the test? Surely not

Anyway detection ain't the point here, ability to recognise and prevent the apps key/screen logging etc is.

I think you will find nowadays all the main HIPS OA, Comodo, Outpost etc do very well on the tests on 32 bit sysyems. On 64 bit it is a different story (not surprising given the patch gaurd issues) although keylogging protection seems to be much better now but screen capture protection still fairly poor.

I've been considering using HIPS again recently and on my Win 7 64 bit set-up (last month or so) I've tried Outpost, Comodo, Online Armor, Private Firewall and even Kaspersky 2012 HIPS against these tests. All passed the keylogging and they failed either the clipboard and/or some or all of the screen capture. Surprising (to me anyway) on my set-up Outpost was best as it was poor on 64 bit not long ago and even more so that PFW was by far the worse and furthest behind the very good 32 bit version (although to be fair none offerred the same degree of protection they did on 32 bit). Spyshelter itself of course passed all and WSA prevented all when in a https site.

I think we should find this type of thing interesting and perhaps even indicative but there should always be the regognition that developers could have designed their products to pass this particular test rather than to protect against the methods it uses.

Anyway.......

+10

[ichito]

I've checked site of SS (home and download) on VT:
Avira Clean site
BitDefender Clean site
Dr.Web Clean site
G-Data Clean site
Malc0de Database Clean site
MalwareDomainList Clean site
Opera Clean site
ParetoLogic Malware site
Phishtank Clean site
TrendMicro Clean site
Websense ThreatSeeker Unrated site
Wepawet Unrated site
It's obvious for me that site is clean and safe. There are many sites which are flagged as "suspicious/unsafe/danger" for one reason only...they are site of security apps or security forums.