keylogger tests done with over 13 anti-spyware programs.

I've followed this thread from the beginning, and I'd like to add a few observations.

Without question x-man, your efforts on this topic cannot be denied.
I'm sure you have considered luv2bsecure's position on standards and integrity, as you also know their importance,
and the reasoning.

I'm not defending anyone here as they can handle that themselves, but I do recall the first word of the third post starts, "thanks". I know well how the written word can sometimes be viewed cold, harsh, and taken personal.
But as we're all players in this arena (and for the most part, "on the same side"),
we should be able to boldly address the issue. Any tough stands, taken as constructive. To empower, strengthen,
and refine. There's no character to be developed in a "soft" environment. I may not always want to hear the truth,
but am grateful when someone has the courage to speak it.

To address those who don't seem to grasp the debate at hand,
it lies not in the tests, but rather the criteria's foundation.

Kudo's to your 31st post x-man,
I see you have already gained valuble drive from some of the tougher input provided by this thread.......


Regards to All,
GF

 

I think this is a good area for more exploration and discussion and I am sure glad x-man presented his tests. Not as a conclusion - but as a beginning for more in-depth discussion.

Rich[/QUOTE]

 

Hello JudyK, And Welcome To The Forums!

As this is an area of concern considering the potential for extreme identity damage,
I recall an excellent thread (2002) by some of the security pros of this forum. Read for yourself, you'll find it here.

GF

 

Well I decided to become a member here, but not because I feel it really makes that much of a difference when starting a thread or posting test results.

Let's face it you still don't know a thing about someone who is a member here (and i mean anyone, not just newer members) you only know what someone has posted and what they want you to know about themselves.

I mean for all I know some of the posters in this thread could really work for one of the software companies that got a low rating on my tests and decided to take some shots at me because of this.

But the reason I decided to sign up here was I thought of a good way others could confirm any test results I may get doing future tests with keyloggers (can't use the last test results as i'm sure those keyloggers have been added to the latest defs of many of the anti-spyware programs by now).

Actually anyone can do this who is doing tests and would like to have others prove the results are truthful and valid for a larger group of people.

This involves people volunteering to do some of their own tests (though probably far less than I would be doing) with keyloggers on their computer and determining if they match with mine.

First I would ask if anyone would be willing to volunteer to check some of my results by picking any number of random keyloggers from a list I would provide of the keyloggers I used in my tests. You could choose between one and the total amount of keyloggers I was using in the tests. It just would depend on how many keyloggers you feel like testing.

I would provide this list thru private message only to the individuals who would be confirming my test results. All others would be able to see the list of keyloggers used only after the volunteers were finished with their own tests on the keyloggers.

The volunteers would then choose any number of anti-spyware programs that were used in the tests. For example, let's say I used Ad-aware, Spycop, Pest Patrol, Spysweeper, Snoopfree, Tds-3, Trojan Hunter, Keylogger Killer and Giant antispyware to test against the keyloggers in my own tests. A volunteer could decide on testing only with Ad-aware, Spybot, Spysweeper, Spycop, and Keylogger Killer against the keyloggers. That way a volunteer does not have to reproduce every test I would do. Only some of the testing would have to be reproduced by the volunteer, and thereby making it much easier for them to do the comparisons.

So the volunteers would then test the keyloggers they chose, from the list of keyloggers I provided them, against the different anti-spyware scanners they chose to use.

The volunteers would then post which programs detected which keyloggers and which didn't. And if their findings matched mine then I think we would have some confirmation that the tests are valid and could be trusted to be fairly accurate for a wider group of people.

Now I know this seems like a bit of work involved here, but it is a technique I feel could be used with some success to 'prove' the validity of the tests.

So then if everyone involved was getting nearly the same results in their detections, this then should provide the proof that many require on how well the anti-spyware scanners are detecting the keyloggers.

Then again the whole core of my idea depends on others willing to volunteer to do their own tests with the keyloggers. Also volunteers would have to have many of the anti-spyware/anti-keylogger programs I would be testing against the keyloggers.

I don't know if the idea would work out or not, but I thought I would mention it just to see what other members thought of it.

 

I'm guessing that a sandbox is a "place" on a PC where we can experiment, test and then wipe out the contents and start fresh. With that assumption, I'd like to mention Raxco's 'First Defense' which allows me to create 'snapshots' of my c: drive contents (but not the other drives, d:, etc.) and run/install in one of the snapshots, keeping the other(s) (I hope) secure. If the active snapshot gets corrupted and can't boot, then First Defense boots to (selectable) other snapshots. Now I should say that I also copy my main disk to a back up disk and can use that as a sandbox too, since the back up is immediately bootable. (During copying, both disks are connected and then one is disconnected, I never boot to Windows with both connected). The last point is that I keep really sensitive data on a USB memory stick, and don't have it connected unless I'm not on the 'net'.
So sandboxes are easily set up, especially when it's a separate hard disk.
Jim C

 

X-Man

please try out Anti-Keylogger and let me know what ya think k?
There has been nurmorous descussions on keyloggers here.
The real threat is a dropper that uses a rootkit.

http://www.anti-keyloggers.com/index.html

Bruce

 

An intermediate question for anyone -
Does anyone suppose an on-screen keyboard such as the one found in Windows can be intercepted by a key logger? This one is from XP -

 

Another point that can be brought up is this - Suppose a person worked for company X and that person wanted to run an anti-spyware programme on their computer (which is part of a network) just to "clean it up a bit". Now suppose the company used a key logger actively and did not publish this information to their employees except upper management and it was to be used strictly internally for security purposes. Now what if the employee found the key logger and thought it was gotten via drive-by surfing and was not from the company's IT department! What kind of trouble would that employee catch if they tried to remove the key logger from that computer. (This supposes the key logger was not being run off the server.)

{No, we do not use key loggers here!}

 

Q,

IMO,

1. The user would be catching more hell for installing unauthorized software on a company machine then he would for removing the keylogger.
2. The admin should be embarrassed to leave his clients so unrestricted that they could *install* the remover software in the first place.

There would be enough egg in this situation for 2 or more faces...

 

We were thinking that the employee might use a flash drive to run an anti-spyware scanner type of scenario.

 

Hi Controler

Actually I was planning on trying out Anti-Keylogger, but as you probably know the trial version is limited to only 40 hrs total. Not too much time to properly trial a piece of software.

So I would need to know exactly what you want me to test, because of the limited time of the trial. Do you want me just to give my general overall opinion of the program? Or do you just want to know how many keyloggers it will find in my tests?

If you want info about droppers used by different malware programs, I know Pest Patrol detects them. Here's the info page on what exactly it does detect. http://pestpatrol.com/PestInfo/dropper.asp

Also keep in mind that in no way do I or have I ever claimed to be an expert in this field of study. I simply like to try different anti-spy type programs and see what they can and cannot do and how well they detect different spy programs ect... But I will give you my personal opinion of the program, if that's what you would like, after I test it.

 

Maybe what you should do is report more qualitive reviews of each program, rather than just detection results. Do a little research to find a few of the most common keyloggers, a few of the lesser known ones, and a few of the more rare ones, and post results based more on the program itself.

Without a more proper testing environment, it would be more valuable to see results such as: "[Product X] was easily configured, light on resources, and looked very good on detection of most of the popular keyloggers I tested. I would recommend this for new users" Include some notes on the UI, how the program works, and your overall experience using the program itself. This would be more informative and fair than just raw numbers.

 

Hi Notok

Thanks for your input on these tests. I do appreciate any constructive advice on them. I perhaps would have done software reviews on each of the programs I tested, but it would have been much more time consuming and taken up a lot more space here at Wilders.

The real reason for my tests was just to try to help people find out if some of the available anti-spyware/anti-keylogger programs were detecting many of the different available keyloggers or not. I know they weren't perfect tests, but i do feel they did reveal some helpful information about some of the programs available.

I doubt I will do full reviews of each program, but I may add more info to future tests about other aspects of each program tested. I would like any future tests to be as fair (to each program) as possible. Thanks for the ideas.

 

I frequent this forum for its credibility. Please keep it that way. Opinions should be treated as opinions while "test" results should remain unpublished until validated because unless validated, even results with the best intentions can be twisted out of context.

Consider the following: There are more students who pass in Medicine than those who fail. Therefore, Medicine is an easy course.

 

I actually joined to answer this thread. I was not going to, but just felt I needed to. This looks like a good site and will probably come here more often.

luv2bsecure you must understand one thing..... I doubt that any member unless they are security or testing professionals will have access to full test labs and will be able to make full and professional testing procedures. I for one have alot of testing experience and write many papers for large corporations on testing results for security and other projects for corporate wide implementations. We have a test network of 5 routers, 2 6500 cisco switches and 25 computers to be able to test any type of configurations in networking.

I for one applaud x for testing this and bringing this to the front and getting discussion going. It is a basic test with Windows ME and well, it is better than having no test at all. If someone does not agree to the results, then why not install the same programs on their computers and run the same tests..... It would be easy to discount it then. It is easy to complain about all the flaws that someone had in their tests, especially if they are not pros like you, but this type of COMPLAINT ONLY does not work in solving the situation. I have a question.... If you spend this much time thinking of complaints and put that towards actually testing these products, then would you not already have a good PROFESSIONAL test to submit? To test this professionally, you would need to have one of each type of system, each with different security and policy settings as well. Once YOU created the tests result, then you submit it correctly and then it would enable X to learn how to do it properly next time. I believe in not just complaining, but coming up with a solution.

 

Hello Keyloggers:


Why all of these applications for keyloggers when there are a couple of
good ones out there that deal specificly with this application. Is there
really a need for all of these others mentioned above. Anti Keylogger and
Privacy Keylogger are two of the best. I do not think that you have to
go to extremes with 35 programs to arrive at a solid program for this
application. I just thought that that would be a good thought here and
agree with that moderator on a guest coming on and getting carried away.
I know that the intentions were good ones , but keylogger programs are
just like trojan programs , there are a few great ones like TDS 3 and
Trojan Hunter and then after that there are just tons of programs that
say that they are great and are not........best way is just to key in on the
few that are the cream of the crop.

tigercatt

 

Hi X-man

yes I would love to see your results using Anti-Keylogger.
Have you tried getting a free lifetime LIC for it by writing them?
I don't think much can get past programs such as PG.

One thing I will add. If you look back on my old posts you will find I was
one of the only members here even talking about keyloggers.
You might see my battle to know why some companies refused to detect the commercial keyloggers. A few years back I was gaining full Lic's to commercial keyloggers by finding bugs in their software. I commend the companies I have tested for that gave me free full versions, Unlike others that made me buy the dang things after all my effort.

Here is a side note. Alot of these companies make BETA commercial keyloggers & alot of SIG based products won't detect them.

c