Keylogger detection?

Discussion in 'Trojan Defence Suite' started by epeete, Jun 4, 2002.

Thread Status:
Not open for further replies.
  1. epeete

    epeete Registered Member

    Joined:
    Apr 15, 2002
    Posts:
    2
    I read through the product web pages but didn't find an answer to my question.

    Does TDS-3 detect/remove keyloggers?  If so, does it do that via signatures, heuristically, or both?

    TIA
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Epeete,
    welcome aboard here!
    Yes they do! Do you have TDS installed this moment as trial or licenced version?
    In the TDS Console > Help > Primaries type keylog and press Find and Find next, you'll see many added.
    We have discussed this among others in this thread here:
    http://www.security-pro.co.uk/yabb/YaBB.pl?board=dcstds;action=display;num=1014720138
    Since many have been added.
    Is there any special reason why you ask?
     
  3. epeete

    epeete Registered Member

    Joined:
    Apr 15, 2002
    Posts:
    2
    Thanks, Jooskie.  This is very helpful.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You're welcome Epeete, with the over 240 keyloggers in the protection databases we try to keep all our systems as clean as possible!
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    I havent done an exact count but TDS positively ID's hundreds of keylogger. Additionally, TDS has generic detection routines that are solely for keyloggers; this is built into the advanced scanning module that is a part of Radius.TD3.

    It's impossible to put numbers on how many keyloggers would be detected by generic techniques, but we estimate that approximately 70-90% of the keyloggers that TDS currently positively IDs (some 2-300) would be detected with the generic routines if positive identification wasn't used.

    It's all about having multiple lines of defence - if one line fails, others should still catch it. This page demonstrates 17 different ways that TDS can detect just one trojan. (Please note that the page is nearly two years old now, and will be revised pending the release of the RADIUS4 engine in TDS4 :))

    Best regards,
    Wayne
     
Thread Status:
Not open for further replies.