Should BitDefender Windows 8 react to keylogger tests?

I've have already posted my complaint about Zemana Antilogger "unfit for service" on Windows 8 64-bit systems.
While "understaffed" and "underpaid" Zemana's "engineers are working on fixing the bugs and estimated release date is on the next months", and I hope, trying to resolve some FALSE ADVERTISING claims about their PAID version, my next question is about the Great BitDefender Windows 8 Security AV.

The problem is that BitDefender Windows 8 Security on Windows 8 and Bitdefender Internet Security 2013 on Windows 7 did not react to my Zemana keylogger Tests. Reaction was Zero, Zilch, Nada.
But.

1. TrustPort Internet Security 2013 intercepted the test.
2. Avast Free AV informed about the "low quality of suspicious" files and recommended to stop downloading. Avast Free also informed me about the danger of installing the test files and advised to install it in the sandbox.
3. Outpost Pro 8 also recognized the keylogger.

Only my dog, BitDefender AV, did not bark.

 

This is leak test and some AV's add it their signature database, some others not.
Signature results dont show us AV is effective against keylogging technique.
Probably Trusport and Outpost Block it because signature database, not proactive.

win 8 x64 bit systems, there arent many choice.
Comodo Firewall has very good 64 bit support. But it bypassed by zemana keylogger test. Developers already know this and say it is not real bypass. it is foreground keylogger (not suspicious) so CIS doesnt protect against it. Other leak test For example Spyshelter, cant bypass CIS.

You are using x64 Win8;
Zemana KT can bypass Kaspersky. But it cant bypass KIS's SafePay module when banking session. Also, cant Bypass Avast safezone protected browser. Some AV's has different tech for keylogging.


You can use Zemana antilogger free, it will encrypt your keystroke and protect you against keylogger. it is another layer if you want.

 

Thats assuming the average user has SafePay enabled (its OFF by default), and that you have remembered to enter the URL into SafePay, which again is another manual step. SafePay in its current form is fairly useless to the vast majority of users despite all Kaspersky's hype.

 

Sorry, but I think SafePay its ON by default. At least it was last time I tried KIS (build e). It will notify the users if it recognises common banks and/or financial sites (e.g. PayPal). Of course, some national/local banks or small merchants will not be recognised but can be added as to get an automatic trigger to the protected session.

 

Yes, Safe Money is on by default and in my experience it automatically activated on most banking and payment sites. Probably these isolated browsers like Safe Money and SafeZone work better on Win8x64 because they don't have to apply the protection system-wide, only on their browser.

 

Safepay/money;

For banking Yes.
But it is limited. Malware can record your email when you typing. it protect password text inpuld field but not others.

Safezone;
i think usability not good as safemoney. Keepass for example. i keep my password keepass, it is not easy to use with safe zone. it change windows screen to its own screen.

 

Yes, that's why I think more systemwide protection is better, but those are having problems with Win8x64.

 

Uuuhm, by how you describe it you seems not having tested it. SafeMoney is designed for websites (https). It will open an isolated/sandboxed web browser page. Of course it does not work on e-mails as you normally don't purchase or perform financial transaction by e-mail (I hope)

Also it does not only protect password field but the entire session (Special keyboard driver - secure keyboard). It will also protect against injections into the browser, checks the SSL certificate, as well as any vulnerability existing on the system that can compromise the session.

 

This time, BitDefender has reacted.

 

KIS SM protect banking sessions fully and it looks good.
http://www.matousec.com/info/reports/Online-Payments-Threats-2.pdf

SM has no option for mail and other sessions. But you can open "secure data input" option for mail. in this case KIS protect mail password fields, facebook inputs but still malware can record your keystrokes if you write mail.

KIS SM protect looks similar to Truster Rapport. It isnt anti-keylogger module of course. in this time, i hope i am clear

You dont know what is leak test i think. This is not reaction. Leak test is not malware. Bitdefender simply add it their signature database. it doesnt block proactively

 

Last month after I formally complained to their support the reply was a new fixed version would be release in the end of this month. So far nothing.
as far as keyloggers and standalone AV, only Avira and NOD32 had somewhat good results detecting them, mostly via their PUP application list or signature, without a functional HIPS your chances of detecting a real threat is low to none.

 

You all talk about vendors here and there...

But to be honest, Windows 8 Smart Screen filter stopped Zemana Antilogger test file from even starting. So why bother?

 

we are talking about AV's/FW's ability not windows.
Smart screen and internet explorer alert about file, Also many AV's dedect it as malware.
But you are missing our point. SS is not answer for keylogger protection.
Zemana release their leak test because proactive defense testing against keylogging.

 

Windows 8 SS is pretty much like an antivirus, it will only protect you from known and cataloged threats, it should alert you about unknown executables but as far as windows built-in protection goes its nothing reassuring.

 

can somebody try these tests on a 64bit windows system with this keylogger beater extension of firefox:
https://addons.mozilla.org/en-US/firefox/addon/keylogger-beater/

to use it please read:
http://www.toptip.ca/2010/05/firefox-extension-keylogger-beater.html

i got it from this thread & if it works then it should be able to beat any keylogger installed:
https://www.wilderssecurity.com/showthread.php?t=340941

 

Yeap, better now

 

I guess the author of the tool has already answered to your question. i.e. only a firefox add-on can defeat the keylogger.
https://www.wilderssecurity.com/showpost.php?p=2182394&postcount=3.

Browser sessions stripped of any add-on will also defeat the keylogger. i.e. Kaspersky Safe Money, for example, will kill it. The same should apply to Bitdefender SafePay

 

To my regret, I cannot make a payment on-line to my, "well-known" bank by using BitDefender Safepay, because when I click on "Pay My Bill", Safepay does not allow to open a new pop-up window, which is needed to proceed with payment.

 

so basically it means that on a 64bit windows system using firefox with this keylogger beater extension is better than using any security suite in-built feature(like safe pay)/anti-keylogger software with the advantage of usual working with no restrictions(printing,popup windows etc).

 

Well, not really. Financial malware does not limit to keylogging at browser level. A simple screenshot will defeat that magic add-on, this could be combined with clipboard monitor and keylogger at kernel level (not browser level). The latter assuming there are keyloggers bypassing patchguard on 64bit. For keyloggers there is always a small window of opportunity since, before or later, the data must be unscrambled to make sense for the receiver. First "dont let them in" next you can worry about "not getting them out".

 

1. Can Windows 8 Early Launch Anti-Malware (ELAM) protect you against kernel/driver keyloggers?
2. Can SysInternals' Process Explorer see the keylogger running?

 

Sorry not a malware expert... I guess a malware analyst will be better placed to answer to your questions.

1. Yes, it can. Up to when they will find new ways to break it (if they have not done it already)
2. Yes and No. It depends what evasive measure are implemented by the keylogger.