Should Trustware Vulnerability Test comes under the supervision of Anti-Keyloggers?

Trustware Free Security Test
http://www.trustware.com/Free-Security-Test/
I know this is a test for sandboxing softwares but logging the filenames in My Document folder; doesn't this a king of logging? So, shouldn't anti-keyloggers protect us from this kind of vulnerability?

 

Damn. I put this in a one of my sandboxed folders. Even with Comodo firewall, panda cloud pro and sandboxie, this "test" still read my documents folder and supposedly sent it to trustware. Odd I don't have any log in the firewall that it tried to connect out. I was sure that panda would have said something or even D+. Nothing. Nada. I even have sandboxie folder dropmyrights and internet restriction. It says that it went through FTP.exe. Telnet.exe failed though. I'm kinda surprised by all of this.

 

Were you alerted to its actions? If no then that is worrying otherwise not

 

Not a peep. yeah scarey. Of course I did notice that D+ showed it as "scaned online and found safe". So that's why comodo didn't speak up. Panda not really sure. Log didn't show anything. Sandboxie I have the sandbox folder as internet restriction to everything but MBAM, Killswitch and hitman, dropmyrights applied and anything running in that folder is forced into sandbox. Not cool. I might have to go back to appguard.

 

I take it you disabled AppGaurd for the test? For me it blocks this on lock-down & high. It will run at medium but if you have protected folders set it blocks access to them.

Cheers

Edit: Sorry was reading your sig. Now noticed you say you may go back to AppGaurd so assume it was not installed for the test.

 

So,
Should Trustware Vulnerability Test comes under the supervision of Anti-Keyloggers?

 

No don't think so. It is reading the contents of potentially sensitive folders and transmitting that data not recording keystrokes. Seems like HIPS/Firewall responsibility to me.

In those terms Online Armor Premium deals with it very well. Informative prompts and no data compromise.

Cheers

 

yeah I took off appguard and I replaced it with PCAV pro. Obviously not a great choice.
Can someone else run this and please tell me that I'm not going crazy.
It opens the notepad and browses your my documents folder.

------ Files Attack test ------<br>
Attacking C:\Windows\system32\TASKMGR.EXE: SUCCESS!<br>
Attacking C:\Windows\system32\TELNET.EXE: Failed!<br>
Attacking C:\Windows\system32\FTP.EXE: SUCCESS!<br>
<br>
------ Local Spy test ------<br>
-- Browsing local documents.. --<br>
I'm not really sure that it sends any info out but it does open up the notepad.exe without a peep. I do think that its sandboxed but it does open things up. CIS under paranoid says that it was trying to access MBAM.exe.

 

Tried to run it in my Sandboxed 'Downloads' folder and Online Armor stopped it dead

 

Hmm. Might be time to switch my firewall again. I was sure that comodo would stop it.

 

Guys- This is one of the MOST BOGUS of all bogus tests, and here is why-

Run the file and after a minute it will appear and inform you that it stole the names of whatever number of files and posted it on the internet. Following their instructions, in order to view the files I had to click the Attack Files button, allow the program to get out to see a list of my stolen files.

OH MY GOD!!!!! CIS didn't even alert me!!! I'M DOOMED!!!! I'VE GOT TO BUY BUFFERZONE!!!!

Actually no, I'm not doomed nor will I buy Bufferzone. I tested it again, you see, but this time physically disconnecting my computer from the Internet.

Ran the program again, got the same alert that my information was stolen and posted on the Internet.

Conclusion (Multiple Choice- you may pick more than one answer):

1). This test is so powerful that even if you shut off access to the Internet it will create it's own Hotspot and transmit your data.

2). The data is actually transmitted when you allow the program to access the Internet- ACCORDING TO THEIR INSTRUCTIONS (and if you got a FW alert you were safe all along).

3). They are LYING FEAR-MONGERING SLIME out to deceive people into buying their product.

"Trustware" indeed.

 

Easy there cruelsister. I never said that it had access to the internet. I was more concerned that it was able to open another process without comodo or even sandboxie saying something. I know that it didn't have internet access because when it went to transmit via my browser sandboxie wouldn't let my browser open.

 

Could be the way CIS is configured. Just one of many alerts. So not much to be concerned about.

 

Is that in paranoid or safe mode for D+? I have mine in safe mode and didn't get any alerts.

 

From memory I think it is in Safe mode, with no auto scanning in cloud and set to limited for unrecognised files

 

Ah. I have that one ticked on. Must be on safe list because it found it as safe online.

 

Test's credibility aside, no, you don't have to buy BufferZone. It's free.

 

I downloaded Trojdemo,then installed it in my Geswall Confidential folder and ran it untrusted.

Supposively,it "stole" 9 data files,but yet when I click "attack results" nothing shows up.

Not impressed with their test.

 

Privatefirewall detected the executable easily. Got a prompt and I blocked it.

 

run the executable and got a pop up alert from NoVirusThanks EXE Radar Pro
then i selected block and delete file end of story

 

@chris1341: thanks

I think blocking the executable by anti-executable is not the idea of the test. The idea is to run the executable and still don't let it steal anything.

 

ofcourse but is not good idea to run unknown programs at all

 

Agreed, That's what I did - reduced AppGuard protection until it allowed the executable to run but the Protected Folders functionality prevented reading of the My Documents folder.

Similarly, I allowed the executable to run in OA Premium (in Advanced mode) and just answered BLOCK to the alerts where OA recommended that course of action (red ones). Same result the app fed back the My Documents folder is empty. It wasn't obviously.

I think any decent HIPS should prompt or block when an unknown/untrusted executable tries to read sensitive folders or use another to do so and a firewall should prompt when that app tries to connect out itself or through another process IMO. Obviously some don't.

Anyway............

 

Agree deny execute of 1806 is not the real deal, after removing block, low rights world kicks-in

shine on . . .

 

I have Nothing of importance etc in D&S so it's no big deal for me. Lots of other people though do allow important/personal/private to be stored in there, so it "might" be for them

However as usual any such Trojan etc has to allowed to run in the 1st place. Either by tricking someone, or having insecure practices in place. Neither apply here

PG blocked it so i allowed it



ZA v5.5 blocked it out



Click on here for the .txt results



Results