Anti Keylogger Tester V2.0

Just noticed the new version.
Sorry if this is old news.
They added an extra keylogger test.
GeSWall fails the new one.

http://www.firewallleaktester.com/aklt.htm

 

Cool, thanks for info!

 

Hello LoneWolf,

Using one of DefenseWall's latest driver builds(not v2.05) against AKLT v2.0, it was able to detect and give me the option to terminate "GetKeyState", "GetAsyncKeyState" and "DirectX" keylogging attempts on the spot and "Screenshot1" and "Screenshot2" were not able to capture anything of consequence. Unfortunately, it was not able to detect the new test("GetKeyBoardstate").


Peace & Love,

CogitoErgoSum

 

For those of you who are interested, Ilya has informed me that DefenseWall v2.06 which is expected to be released late Oct./early Nov. will detect the new test("GetKeyBoardstate").


Peace & Love,

CogitoErgoSum

 

Very nice tool. Thanks for it and more thanks to the author.

GW- passed all keylogging attempts and first screen read, just failed on 2nd screen read.

EQS- Failed on GetKeyBoradState. I was expecting it to detect it.

Who will test GetKeyBoradState keylogging against these:

PS, SSM, TF, OA- any users? Thanks

Thanks

PS: very nice GUI this time, colorful!

 

Any tried it on Vista? I wonder how will be the results on Vista? Isn,t that use now runs as limited user by default in Vista? Any one please can try it on Vista?

Thanks

 

Hello,

All of the AKLT's tests work on Vista 64bits, under a restricted account with UAC fully enabled.

While I'm here, there is an update to AKLT v2.5, with two tests added (global hook) :
http://www.firewallleaktester.com/news.htm

Every sensible security software should pass these well known hook tests

Regards,
gkweb.

 

Thanks a lot. Very nice utility by you.

I tried NG, EQS and GW against keylogging tests 1 to 5( not screen reading).

EQSecure- all passed except GetKeyBoradState
NeoavaGuard- failed directX method( Arman has promised to implement its detection) and GetKeyBoradState method.
GesWall- all passed

Guys, pls try ur HIPS and share the results and don,t forget the screen shots. Thanks

 

It doesn,t.

See my posts and pics above.

 

Here it fails this KL test and the last screen reader test

 

I am using 2.7 beta. U?
Let,s wait until other test their versions of GW too!

It fails 2nd screen reading, that,s obvious as GW doesn,t protect against it. I have wrote to Brian and according to him it might give rise to some problems with some applications especially skinned applications but they will try it as an internal beta and see how it goes. Ofcourse it will take time.

 

2.6 Free here.

 

So 2.7 has something better to offer. I am using it since few months.

But it,s a bit raw sometimes.

 

Just a quick though, are u trying to type inside AKLT windows? Click outside of its window and then type- what r the results?

 

Hello LoneWolf,

As I see in your screenshot AKLT has the focus, and it tells you that nothing is intercepted. As explained in the link below, you have to give the focus on another window and/or minimize AKLT's window in order to be flagged and seen as a keylogger by your HIPS :
http://www.firewallleaktester.com/how_to_use_aklt.htm

Regards,
gkweb.

 

Using one of DefenseWall's latest driver builds(not v2.05) against AKLT v2.5, it was able to detect and give me the option to terminate "GetKeyState", "GetAsyncKeyState" and "DirectX" keylogging attempts on the spot and "Screenshot1" and "Screenshot2" were not able to capture anything of consequence. It was not able to detect "GetKeyBoardstate". Lastly, DW was able to silently block both "LowLevel Hook" and "JournalRecord Hook".


Peace & Love,

CogitoErgoSum

 

Thank you gkweb, yes I was incorrect when testing GeSWall aginst AKLT.
GeSWall pass's all but the last screenshot read test here.

You are correct also, I was not testing AKLT properly.
Thank you.

 

incroyable aka incredible

 

Yeah , go Vista.

On my box in one of my FD-ISR snaps:
PrevX build 112 in "expert" mode identifies the "AKLT.exe" as 'unknown : run, block etc'...

PrevX then fails 7/8 tests ( one seemed not to work )
(NAV: no responses to any of the tests)
(BOClean: no responses)
I feel queasy...


Still, I'm not sure that just manually executing these tests means any app has truly failed?
I recall KMcA previously stated "tests" would not be detected by BOClean ?
The .exe has to be dl'd, opened, run itself, then call out: that would be a better test?
However I would like to see at least Prevx be able to catch a keylogger in action

I'm certainly open to being corrected.

 

Comodo Firewall Pro Beta 3.0.9.229

All tests were successfully blocked.

Al

 

Anyone tried KAV PDMs?

 

I will try this too.

 

Comodo Beta mega vulnerability at boot up, 6 minutes time for intruders to exploit with keylogger and screenshooter.

http://i20.tinypic.com/f1b4b5.png

 

Hello Longboard,

Keylogging is a behavior, there is point to test AKLT against signature based software (anti-trojan scanner, antivirus scanner, etc...). AKLT is not a malware, it is a friendly test tool, and should not be flagged as virus by your antivirus. Imagine AKLT as a real malware, for which your signature based security software have not yet a signature for it.

AKLT is meant to test your behavioral monitoring software, that I call HIPS or dedicated anti-keylogger. For instance System Safety Monitor, KAV's PDM, DefenseWall, OnlineArmor, GesWall, etc... Some of them have keylogger detection features, but not all really detect every keylogging methods, as you can see from this thread.

I hope AKLT will lead to more secure HIPS and more effective keylogger detection

Regards,
gkweb.

 

Hi

I've just been giving Geswall a spin and am really quite liking it.

These tests are now giving me a warm fuzzy feeling

My congrats to Firewallleaktester for supplying them