[FireLion] Anti Keyloggers Test version

Hi,

I´m not sure if you understood me correctly. What I´m saying is that, to my surprise, your anti keylogging tool is able to bypass HIPS on my VM test machine. (HIPS tested: SSM, NG, ThreatFire and Comodo. First three fail.) SSM and NG will alert about the stuff mentioned in post #20, except for the driver loading. TF will not alert about anything.

All HIPS should have been able to stop AK from working correctly, but they can´t. So it´s not really a problem with your tool, but let´s say if FireLion AK was malware, I wouldn´t be too happy. Perhaps others can check it out. And can you still give an answer on post #20, is it really necessary to do all these things to stop all these keylogging methods?

 

@Rasheed!

Pls see here.

 

Thanks for testing Aigle, I decided to run it on my real machine, and it is indeed stopped by NG. So seems like I´m having serious problems on some of my VM´s, I´m not sure if it has anything to do with conflicts (I did test quite a few tools on these machines) or if some tools might act differently inside virtual machines.

 

here is one of common problem with sandbox/virtual machine. Even it is the best emulator, it's not real. Some applications can't run correctly in those machine.

 

Yes correct, but still, most of the time you will see that if you´re having problems with tools on your VM, you´re likely to get problems on your real machine. Luckily this isn´t always the case.

You did understood me correctly, my mistake. Btw, if the product goes live, I´m sure you will get more attention, not a lot of products can pass all these tests.

 

MS Virtual PC 2007 here with a beta version of Sandboxie I was testing a while back in a Vista vm it would run fine but wouldn't run properly within the real Vista system.

Problem seemed to be the vm using a single core with Tzuk, the author of SB, sorting it after a couple of reg queries that were run.

 

Added new feature: Email Monitor
http://img89.imageshack.us/img89/5807/emailmonitorqa0.png
This is the unique feature I've ever seen with other Anti Keyloggers program. It's very useful if there is any application try to send log file to the author/hacker.

If you have new idea for this application, feel free to post it here: http://the-best-soft.com/forum/viewtopic.php?f=20&t=21&p=46#p46

 

Allowed it to run with ThreatFire and then clicked on Foxfire and my system locked up.

Virus Total says

Kaspersky - - Heur.Trojan.Generic


Webwasher-Gateway - - Virus.Win32.FileInfector.gen (suspicious)

 

This is really 100% FALSE POSITIVE .

 

I was thinking it was flagged at Virus Total because of the way it is packed OR
because of the way the driver is created.

The program still froze my PC and that is usualy caused by a driver. No blue screen though. Had to hit power button to shut down and restart.

 

We'll try to fix the problem with Anti Viruses in the final release.
Can you give me your system informations ?
What Windows version are you using (2000, XP SP1, XP SP2...) ?
What security application are you running (KAV, AVG, Comodo...) ?

 

XP SP2 and Threatfire. That's it.

 

Tested with Threadfire + Windows XP SP2. Everything is ok: http://img186.imageshack.us/img186/8769/testsf4.png
You should enabled Threadfire to allow Anti Keylogger running.

 

I have tested this with every keylogger test I can find and it beats them all. Very impressed. When do you intend to launch this on the market?

 

We guess that the final product will be available within 1 - 2 months. Please check our development progress here: http://support.the-best-soft.com/viewforum.php?f=22

 

@ controler

Did you get to see any alerts when you executed FLAK? On my VM, TF freezed the system when I run this tool.

 

We moved the forum to http://support.the-best-soft.com
If you're interested in development progress, please check it here: http://support.the-best-soft.com/viewforum.php?f=22

There are some good news which I think you'll like.

 

Hi,

The forum looks nice. And is it just me or is FLAK turning into a full HIPS, or will it stay focused on anti keylogging? And why did you add outbound protection, if the tool can stop all or most keyloggers, then outbound connections shouldn´t be a problem?

 

I would love to try it out for you but I'm running vista which means I need to wait for a vista compatible version

 

I am getting an alert message that iexplore is polling the keyboard state in a hight rate, the access was denied.

Is that normal?

 

In currently, we just point to what the most features keyloggers are using.

as I mentioned above, we try to provide you as much informations as we can. Up to that list, you can monitor your self better.

With the version I'm keeping in my computer. It seems the Vista problem is solved.

yes, it's normal. But in the final version, all process which are digitally signed, will be accepted as default.