[FireLion] Anti Keyloggers Test version

Discussion in 'other anti-malware software' started by LeVuHoang, Dec 21, 2007.

Thread Status:
Not open for further replies.
  1. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    hello all,
    We are going to release a new Anti Keyloggers and need your help to test the application.
    Here is the test version and it will be different (GUI) in the 1.0 version.

    Please check more informations here: http://the-best-soft.com/forum/viewtopic.php?f=18&t=30&p=35#p35

    and give us your suggestions.

    Thanks for your time.
     
  2. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Ok cool program seems to catch keyloggers, it passes the AKLT.exe test(s). You think you can add feature to stop screenshots or captures? Faststone Capture is able to capture screen shots with no prompts.
     

    Attached Files:

  3. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
  4. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    Looks interesting. Any idea if you'll be putting out a version that doesn't need to be installed? I'm still looking for a good anti-keylogger that can be run off a usb flash drive and can pass most if not all of the AKLT tests. Please consider making one that can be run off a portable flash drive as well.
     
  5. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    hi Blue Ring,
    Your idea is a good idea. We can make a portable version but you still need Administrator rights to load the driver. How do you think ?
    The Test version I posted above can run on your flash drive without any installation. You can check it and tell me the problems if it has ;)
     
  6. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    It seems there is not anyone else interested in Anti Keyloggers application ;) ?
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, keyloggers don't worry me (policy-based sandbox + common sense) :)
     
  8. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Many people here are worried about keyloggers, just be patient Hoang :D
     
  9. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    @lucas1985: In some cases, sandbox does not help much and you maybe forgot to clear your sandbox before typing sensitive informations.
    @AJohn: Yeah, but it seems most of users wait for final product :)) ? There is not any comments else.
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Sandboxie can be configured to stop any outbounds except for your browser.

    A sandboxed keylogger may be able to log but it can't send the info out.

    Never the less there is always room for a decent anti-keylogger.
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I already have software for keylogging, but many do not. Maybe you are right about them waiting for a final :D
     
  12. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Lots of people are interested ... it just takes time for them to jump on ....
     
  13. LM1

    LM1 Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    34
    How can Sandboxie be so configured? - thanks!
     
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    Personally I'd rather have a virus destroy my drive than a keylogger getting the info about my banking activities.

    Of all Malware keyloggers scare me the most.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    My sandbox is very good against keyloggers. It blocks most of the keylogging techniques. Also, my sensitive information is inside Truecrypt containers and I have rules in my sandbox (GeSWall) to deny access to folders and volumes marked as confidential.
    Never. A bit of discipline is necessary.
    If you want maximum protection, a Linux LiveCD and a VPN to a trusted endpoint is your best bet against keylogging, snooping and eavesdropping. Only a hardware keylogger might capture something.
     
  16. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    man, we're not talking about *nix or other OSes here.
    And if you have the best system, feel free to tell LM1 how to config it.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Hi,

    Looks like a nice tool, it passed all the tests (AKTL.exe), great job. On my VM it didn´t seem to cause any problems with my other security tools installed, but I need to test this more. And why isn´t there more interest? Well, perhaps because not a lot of people know your company yet, the tool isn´t finished (no GUI), and it´s not freeware. This is just my guess. ;)
     
  18. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    It can be set through SB's gui or you can manually edit the ini file by adding the lines below.

    Replace firefox with the browser you will sandbox and don't forget to hit "Reload Config" after a manual edit.
    Code:
    ClosedFilePath=!firefox.exe,\Device\Afd*
    ClosedFilePath=!firefox.exe,\Device\Tcp
    ClosedFilePath=!firefox.exe,\Device\Udp
    ClosedFilePath=!firefox.exe,\Device\RawIp
    Set through the gui
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, Linux has evolved greatly, so much that a noob like me can use it without too much difficulty.
    A good starting point is this Wiki at Castlecops. Using a VPN has become relatively user-friendly recently. Then, researching a bit on encryption (the TrueCrypt docs are a good starting point) and having a security setup place round a very balanced and strong protection.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Hi,

    @ The developer

    Can you perhaps explain why AK needs to do the following things:

    1 Have "Direct access to memory"
    2 Have "Low level keyboard access"
    3 Install 2 hooks

    Actually, I can imagine why it needs to do these things, but the strange thing is that even if you block all this stuff, it still manages to work correctly. Even worse, it´s able to completely bypass SSM and NG when it comes to the driver loading part! When I try to run it via Sandboxie, the system freezes. TF tries to put up a fight but also fails to stop it. Can anyone test this tool against other HIPS? :doubt:
     
    Last edited: Dec 26, 2007
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    FireLion does not work unless the above features are allowed.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Well, that´s my problem, on my VM it seems like eventhough certain things are blocked, it continues to work correctly (keylogging is stopped), so either it only needs the driver (which can´t be blocked by the HIPS that I tested) or HIPS can´t block a single thing that AK tries to do, eventhough they report blocking this stuff. I´m worried that this tool has actually exposed some bugs in certain HIPS, or it might be some conflict on my system. And that would be another prove why it´s not wise to run several HIPS/security tools together. :gack:
     
    Last edited: Dec 25, 2007
  23. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    can you tell me what HIPS did you test ? I'll try that software and have some solution for this.
     
  24. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    He tested SSM and NG :)
     
  25. LeVuHoang

    LeVuHoang Registered Member

    Joined:
    Dec 21, 2007
    Posts:
    53
    I've just tested with System Safety Monitor. When SSM asked me to create rule for AntiKeylogger. I added and everything worked correctly. ALTK does not work anymore.
     
Loading...
Thread Status:
Not open for further replies.