Interesting keylogger test

Safespace & Online Armor prevent these keyloggers. Inside Safespace, OA gets the day off-no alerts, but Safespace puts keylogger toes-up. Outside of Safespace, OA is back on duty-stops it cold. Prevx2...gone fishing.


Mike

 

Good combination, Easter bunny. Me use SSM + Snoopy - grrrreat!!!

 

That's definitely not the case

The way the keylogger stuff works inside Online Armor is that once "Keylogging" permission is denied, no method may be used. So, if you were testing for example with AKLT - you would need to make sure that after every test you set the keylogger permission back to ask (or removed the program altogether from OA's list completely).

What should happen is that we should pop up an alert which is the standard keylogger warning and give you the chance to block it.

 

I too.

 

Thanks.

 

Thanks gkweb for all your efforts. Very nice tool.

 

Hey guys found a new test to fail at

https://www.wilderssecurity.com/showthread.php?t=194037

 

Nice try Coolio but it has nothing in common with this topic.

Gerard

 

I'm discovering some really nice ALERTS by OnlineArmor (free) that are impressive to say the least. What i admire is that these are really strong encouragements to not force a user to upgrade like some programs employ, but bring to light even more useful protections and information will be enjoyed by going FULL.

Nice job indeed. I am pleasantly surprised by this app.

 

Finally managed to install the genuine 3.41 EQSecure and it indeed passes the TEST.EXE which is a mouse/keyboard locker of sorts, and it does work as claimed.

 

Wow! I am confused and surprised by the postings. I was planning on purchasing SpyCop because I was under the impression that it was a superior Anti-Keylogger program. I did not see it mentioned anywhere and now I am beginning to rethink my choice. I am using SnoopFree and it seems to find several keyboard/screen hooks, fortunately all from respectable software. But I really thought that by adding SpyCop it would really slam the door on keyloggers. Would appreciate any advice forum users could give me on the program SpyCop. As always I welcome user comments and recommendations and I thank you in advance for your replies.

John

 

I run:
1. Tiny Personal Firewall (TPF)
2. SSM
3. Shadow Surfer

that's all! (I like to keep things simple)

TPF stops everything except "GetRawInputData" test if I run AKLT as a
"default security app".

If I run firefox and try to type anything in firefox, everything is stopped between TPF & SSM.

 

It has been said that Keyloggers are similiar to Trojans- Comodo BoClean does not stop any AKLT tests.

 

Well, untill a better safety net surfaces that can cover about all of them, EQSEcure 3.41 + Snoopfree combo is it for me. Remember the keylogger would have to work fast to climb a lot of hurdles just to enter, then it would be picked up the moment is signalled or moved to dispense supporting files, and after that it's a race against the firewall to pull the info back out to it's nested database someplace. Not a very high degree for risk with my system setup.

 

AKLT is a test application for HIPS, it isn't malware. BOClean is a blacklist scanner, so AKLT isn't a test for it and detecting it would be a mistake.

 

Hi EASTER,

I was thinking of trying out EQSecure and downloaded a copy from eqsecure.com

Was wondering why you said that you managed to install the 'genuine' 3.41 EQSecure. Are there non-genuine copies about? Is there anything to look out for during the install?

 

I tested the latest Online Armor 2.1.0.31 Trial (suppose to be the full version right?) and AKLT 3.0 and it does NOT block the GetRawInputData even though it's said in this thread that it blocks it...

It does block those GetKeyState,GetAsyncKeyState,GetKeyboardState etc. but GetRawInputData is not blocked in any way. Is it because the Trial version is not still as good as the full version, or what?

 

Online Armor 2.1.0.31 cant block GetRawInputData even. this has not this production.
but new version will be protect.

 

No

I was under the wrong assuption that my version earlier was 3.41 when in reality it was only 3.4

I can't read Chinese so i have a bit of a challenge nailing down the right "Genuine" EQS 3.41 that also included some updated abilities.
Since i never found a 3.41 installer but did find the entire 3.41 already laid out in a rar file, i just installed 3.4 then before launching it, overwrote the entire folder with 3.41 contents and Lo & Behold! Bingo! 3.41 along with it's newer checks.

 

Hi,

I am facing a strange problem. While doing this test KIS failed. But later it started giving "suspicious action: keylogger. kernel level memory patch". While scanning in safe mode it doesn't detect anything. But otherwise it goes on popping msgs even after I click ok. Is this a real threat? Or can i add it to trusted zone?

I must add that in between when I switched over to ZASS, it didn't show anything. Of course I should have done the test in shadow mode, but thats history and I am learning!