Through the Eyes of a Keylogger versus HIPS

What an excellent descriptions KAV provides, even a fool would choose the correct options

 

Kees! Sure a fool can,t.

 

Indeed jmonge

I didn't expect those results but it done alright at least with this TEST, i'm sure theres others that would run past snoop's driver so would be a nice find for snoopfree to update it again. It's a very simple app and requires no maintenance except to just let it go and respond when it' aroused to a potential no no.

 

Keylogger detection was and still is a part of Proactive Defense, that's why KAV protects against Keyloggers even without Application Filtering module.

Cheers

 

Also, KAV 2009 doesn't detect keyloggers which are using hook installation method. KIS does.

 

for twister av.....did not try further ....

 

Note: KIS 09 has proactive protection only in XP. And not in Vista.
So if subnet ran KAV/KIS 09 on Vista, then there will be no popups.

 

Fix'd
(when you say "proactive protection", keylogger detection isn't the only available proactive protection )

 

These kind of tests once again show that most (actually ALL) hips software is, uhm, well, kind of useless.

I bet the more experienced (malware)-programmers still have a couple of thousands of methods at hand to bypass any HIPS, no matter how many times it has been "upgraded"..... And then, we still didn't speak of the techniques investigation agencies use....

Also, for the noobs, you HAVE TO LET IT START ! This tool is an example, but once some jerk adds this code to your beloved "Image Viewer v2.14.163.exe" and you want to have the latest greatest of your beloved image viewer, you're screwed.

 

Infact the opposite of this is true. HIPS are very usefull against most of current malware.

However they can by bypassed if malware is written with such intention by malware writers. However as the users of HIPS are few, malware writers will not bother for all this.

 

When ... In beta ?? I am running KIS09 on Vista right now I don't see it detecting any loggers.

Also in Vista the whole proactive subset is limited. I am sure you know this, since we have discussed the same many times. The Rules available in KIS 09 Vista are a hogwash, IMO. Hope that's about to change soon.

 

Agreed as stated earlier in this thread KIS09 (well at least .506) fails all these tests on Vista 32 by way of example.

Also hoping for change soon although don't see it discussed anywhere. HIPS talk seems to be about whether manual allocation to groups is a good idea for 2010 rather than enhancing what is protected.

Cheers

 

Sorry, I misunderstood your post. I thought you're talking about proactive protection in general, not limited to keylogger detection (that's why I said "when you say "proactive protection", keylogger detection isn't the only available proactive protection")
The beta is not yet out, so it's hard to say what will happen regarding Vista/W7 and HIPS.
Sorry for the confusion.

 

Ok,3x0gR13N ... No damage done

 

ANTIVIR 9 DETECT THIS SOFTWARE ONTHEFLY WHEN YOU TRY TO DOWNLOAD.........SPR/KEYLOGGER PROGRAM!!

 

Yes but this is not HIPS - it is only database AV signature.

 

IS VERY INTELLIGENT GERMAN SOFTWARE.......SMARTER THAN HIPS

 

It is an excellent AV but still only detected this from sigs.
Unlike a HIPS whose detection would come from behavior.

 

this is not true! strong heuristics is behavior......based on signatures

 

nevermind its better to detect everything without a question thats jenius. but in perfect windows world

 

Could you restrain your self from using CAPS, IT IS VERY AGITATING!

 

Few days ago when Aigle posted this thread i tested this software on Avira and Avira didn't detect that. When i upload file on jotti - only 3 AV found this file as malicious:
https://www.wilderssecurity.com/showpost.php?p=1422422&postcount=6

any questions?

 

Never thought of them that way but it's a good point to make and not so far from the truth.

 

sorry for caps.... respect to all free software my friends bye

 

Hi all,

My name is Neo - I wrote "Through the Eyes of a Keylogger".

After being on holidays for 3 weeks, it has just come to my attention that for at least some time, a version of "Through the Eyes of a Keylogger" available at my site was infected with a Trojan.

I have no idea how the trojan got there. The version I first uploaded earlier this year did not have a trojan. (I have checked my archived copy of it.)

In any case, I have deleted the infected version, and have re-uploaded the original, clean "Through the Eyes of a Keylogger" to the website. To be clear, if you (re)download "Through the Eyes of a Keylogger" from www.aplin.com.au you will get a clean version.

I have been working to protect people against malicious software - I'm embarrassed to find that my sofware was infected. I will now perform regular checks of the online program versions, and you will soon see checksums of my original files published on my site - for your protection.

...just wanted to clear any confusion about the purpose of the tool.
If (after downloading the version that's on the site now) your security software says that it is a key/screen logger, well, that's correct (it just doesn't save or send anything anywhere). But if your security software says it's a trojan...then don't use it. I sure didn't program a trojan into it!

By the way - if you have any improvement suggestions or questions on "Through the Eyes of a Keylogger" or Neo's SafeKeys, I'm happy to hear them.

Cheers. Neo.