Interesting keylogger test

Ok I downloaded and install Webroot Firewall and that failed also. BTW.........what a dumb and ugly GUI. I will never use Webroot Firewall.

Did you have the Learning Mode off, Process Monitor set on High, and the Dynamic Security Agent Protection enabled under the Advanced settings?

 

Hmmm...
Anyone else have something they can throw at this test
More app's are failing then passing here.

 

Has anyone tried Mamutu or Prevx against it?

 

This alert is very common with CFP but not with other HIPS, according to my observation.

 

EQS v 3.41

Is there a newer version than this?

 

Don,t expect them to catch it!

 

Hi All

I tried MOK (MouseOnlyKeyboard) with this KeyLogger. The only thing it records is the pressing of Control Key when you are pasting into a login box. As far as I can see it does not copy the actual data going into the login box.

Poor mans KeyScrambler but it seems to work

Terry

 

Good work fellas,

More tests to improve / benchmark HIPS software!

 

keyscrambler passed
anti keylogger elite fail.

 

Zone Alarm Anti-spyware 7.0.462 failed. But i guess if the program wanted to steal some data it would have to make an outbound connection...then it would get caught by most firewalls

 

Hi All

Anybody got any comments on how Sandboxie would perform against this keylogger test?

Maybe Aigle has done some work on it?

Look forward to comments

Terry

 

Look what I just found.

http://www.refog.com/

 

Thank you very much for your reply, much appreciate....

Personally I can not judge myself expert as you even if in this particulare case I reach the same conclusions...


Do you think it is due to a different D+ approach or there is a particular explanation that is able to explain the different behavior compared to "traditional" HIPS?

Txs in advance and bye bye from Italy...

 

SBIE has never stopped any keyloggers in my experience. It,s well known. Correct me if I am wrong.

 

I am not sure, out of my expertise.

I think it may be related to some default settings in those HIPS that avoid some particular popups related to some legit system processes/ dlls etc, a way to avoid too many popups. I know SSM free avoids many popups related to system dlls. It may be a similar thing.

I found this popup too annoying with CFP.

 

What do u mean by this? U will find loads of such software on internet!

 

That keylogger test is completely removed by my frozen snapshot during reboot, including the .zip-file, like any other "change" on my system partition.

 

indeed strange thing,
zone alarm fails most keylogger tests. Beside I found a vulnerability in process guard 3.41, lol,
you can kill processes via simple method and pg doesn´t take any notice of that.

 

It,s very much expected. I wonder why u even bother for this testing. Were u really expecting it to bypass frozen snapshot? It,s a very simple piece of software, not intended to bypass any boot to restore setup!

 

From what I have read, sandboxie allows for system hooks inside the sandbox. So if this is run and in the same sandbox session you type in your banking details, it would be logged. However if you clear your sandbox, the keylogger should go with it.

Check out http://www.sandboxie.com/index.php?DetectingKeyLoggers for more details.

Has anyone tried this with DSA properly i.e. learning mode off?

 

I take any opportunity to test my frozen snapshot. I expected from PC Security to lock my data partition, it failed. Why would I expect more or less from FDISR, it can fail too, just like any other software.

 

It can but I will really never expect FDISR frozen snapshot to fail against this tiny keylogger software- no grounds at all for that. Did u really expect so?

 

No, but I expected from PC Security doing its job also and it didn't. Getting tired of trusting softwares.

 

So my guess was right. You just wanted to drag ur frozen snapshot in the thread. Am I right?

 

Hi,

No offense ErikAlbert but between two reboot, the keylogger already done it's job

My opinion : freeze less, layer more

MaB