2 of the Best Antilogger Software's Available!

Thanks Gerard Morentzy for that usefull information, I think Ive used deep freeze from that company before, back when I was less experienced on my machine, do you think Deep freeze is better then Returnil?



Here is the return email Zamana sent me when I told them about my test! If anyone is intrested!

I sent them the file so they may be able to figure things out for themselves!

I will reply as they reply back! But I know for a fact that it didn't stop it because I seen it with my own eyes and I have no reason to lie, especially when Ive only been talking good things about their software!

 

At least from my perspective, it's less a question of better/worse than more/less suitable based on usage style.

Deep Freeze is an excellent solution if you are dealing with a static or near static system. Returnil performs similar function, on a slightly different scope, but is much more amenable to a system which is much more dynamic in content. For myself, Returnil works fine while I'd probably would find (and did find with AntiExecutable (another excellent product by the way)) Deep Freeze too confining to provide a pleasurable user experience.

Blue

 

Will Faronics Anti-Executable block a low level hook? Like something Kernel based?

Or in your Opinion do you think certain software has already been Pre white listed in Faronics Anti-Executable, such as secret keyloggers ect?

I know, sometimes I LOL at some of the conspiracy theories I come up with too!

 

AntiExecutable doesn't work that way. There is no Faronics provided/generated whitelist. It is all locally based.

The AE whitelist is derived from the complete set of executable files that AE finds during the post-installation discovery scan phase, or executables that are placed on the machine while AntiExecutable is installed, but disabled (it basically tracks file accesses and then adjusts the whitelist accordingly).

Start with a known clean machine, and the executable content should stay clean unless the user infects the machine during a period in which they have deliberately placed AE into a disabled state. As far as I recall, the sole potential issue is malicious scripts run by whitelisted applications.

Blue

 

Spector Pro gives random names to its files during each installation I think, so maybe Zemana can detect their test version of Spector but not anybody else's?

 

I doubt they detect by flename and if they do i would definately not use the product. Can you imagine if an anti virus just detected virus' by name..

Thanks,

Chris

 

If most of these anti-keylogger programs intentionally allow commercial keyloggers, then isn't there a program that specifically looks for the commercial ones? I mean just because it can be used legitimately does not mean that it cannot be abused.

 

I don't believe they would intentionally allow "commercial keyloggers", but I do believe that they would intentionally allow keyloggers like "Magic lantern" or other "Goverment monitoring tools"!

 

Very interesting points you and caspian are raising!

( )

Is there a viable software solution?

 

What is the difference between these two? Made by same company. look the same, but neither advertise the other on their site.

http://www.anti-keylogger.com

http://www.anti-keyloggers.com

 

Probably Faronics Anti-Executable?

I don't see any difference besides the name! PrivacyKeyboard™ looks like the better choice though!

 

Faronics Anti-Executable, is the same as "program control" in many Firewalls, like ZoneAlarm!

Why use another program control when you already have one included with your firewall? I use ZAISS, and it does more than Faronics Anti-Executable does! I have not been infected ever sence I Installed ZoneAlarm Internet Security Suite!

 

Hmmmm.... both are different infact.

 

No, AE & Program Control in the ZA firewall are very different.

Edit on 01-20: Content removed. I had this poster confused with another.

 

Program control software basically does the same thing, they block
reg key editing, drive access and injecting a DLL or exe, so why use 2 when I already have one included with my firewall? I can block any app I want using my Program control, like when its being installed, so I didn't really see any difference between the 2 besides mine has more features!

EDITED Post

 

He was attacking - I wasn't. I voiced an opinion with no name calling. He did though - you are right. (Are you a new mod?)
- Gerard

 

Well, I won't be rude in my response. Like FanJ noted, no need for personal attacks.

Does your ZA "Program Control" whitelist each and every execution on your box? If something called gobbledegook.exe tried to execute and run, would "Program Control" stop that from happening? If it ran as a .dll would "Program Control" not allow it to run? Please look here for the big differences http://faronics.com/html/AEFeatures.asp and ask yourself if ZA can do all that AE can do.

Edit 01-20: Content removed by original poster - I had Warlockz confused with another poster. My apologies.

 

I understand. No use getting involved if you don't have a responsibility to though. It just fans the flames.

Edit 01-20: Content removed by opriginal poster. I had Warlockz confused with another poster.

 

Actually, I owe Warlockz an apology. I had you confused with another poster. I really am sorry. Looking back, your posts have been helpful and you are NOT the poster I was thinking of. Please accept my apology. I have now updated my posts removing the content that I had written thinking of another poster. Apologies.

 

FanJ, You are being overly sensitive here. If you will look and see you can see that we handled it on our own. I saw that I had made an error thinking he was a different poster. Why are you involved here? I didn't mean it to be unfriendly - just was saying what I thought. If every non-mod stepped in to attempt to moderate threads, it would be chaos. Whenever that happens, it usually just fans the flame by getting another poster involved. That's all I was trying to say.

Peace.

- Gerard

 

The feeling is Mutual, I owe you an apology also, and your posts have been helpfull to me also! LOL, I think I know who your talking about, I actually replyed to one of his posts with an almost Identical response like yours but then I went back and deleted my post twards him because I didnt want to get involved in a Flame war and thought it would be more mature of me to just correct him instead of shame him!

Im glad that we have resolved this issue!

 

I sent you a PM. Thanks for accepting my apology.

 

So you like their internet security suite? I use Zone Alarm free with eset nod32. I really like how ZA lets me see what is trying to connect to the internet. Is this the same as what a HIPS program does?

 

I'm not a fan of zone alarm free version, I like ZA Internet security suite because it includes Kasperskys AV engine and updates with a more advanced definitions list that includes spyware and adaware definitions that Kasperskys definitions list does not provide!

Well not in the same approach, but it does add every Executed file to the Program Control list and has the options of giving each application its own trust level which is either "Super, Trusted, Restricted, ask, Kill or No Enforcement", It also gives the choice to choose weather or not to allow the Application "Internet, Server or Mail Access" all in the same control panel.

I found this one that makes a big difference

Zone alarm Program Control is slow to react, and usually doesn't react until an Installation is already in progress!

I have to agree that ZA Program Control reacts in a different way when an executable file is launched which may allow an attacker to penetrate Program Control...

I tested Faronics Anti-Executable and I didn't like it, the Whitelist management got on my nerves, and it lacks the settings and control needed in this type of software, + it seems like its more suited for a school, business, or machine with multiple users than for personal use.

I did however find myself a better alternative though "ProcessGuard" offers the same if not more protection than AE.....

You can see for yourself

http://www.diamondcs.com.au/processguard/features.php

 

Zemana Antilogger lost my respect when Spector Pro Bypassed it, so I no longer recommend it, also Zemana has not replied to my reply email to them, after I told them I wasnt testing Zemana antilogger against software being installed, I already have HIPS that blocks Exicutibles and Zonealarm AV also popped up along with Zonealarm Operating System Firewall warnings when I was installing it, I told them I was testing it against Spector Pro as if Spector Pro was already installed before I got Zemana Antilogger, and I wanted to see if it would stop the screen logging and Keystroke logging, but it failed miserably against Spector Pro, After more research I would recommend using a Strong HIPS, check out this poll thread

What is the best HIPS out there?

https://www.wilderssecurity.com/showthread.php?t=134703