How well does TDS-3 detect keyloggers?

Discussion in 'Trojan Defence Suite' started by 10390bc, Mar 28, 2004.

Thread Status:
Not open for further replies.
  1. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Hi

    I was wondering if anyone knows how well TDS-3 detects keyloggers (it says on Diamondcs website that TDS-3 detects keyloggers, worms, spyware ect...as well as trojans) compared to say, Spycop or Pest Patrol? Thanks. :)
     
  2. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    If u want some information on this question then u can read it at this thread that i started about the same subject.
    http://www.wilderssecurity.com/showthread.php?t=22576


    The Mul
     
  3. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    If u want some information on spycop this is what [spy 1] had to say about spycop and u could always ask him more questions on it I suppose by private message.
    Quote: Is spycop a must have programme. The Mul


    For me, yes it is. One of things the things that would drive me absolutely beserk would be to find out that I'm being key-logged - by anyone. At the same time, it's the last thing that I ever expect will happen. (Sounds kind of nutty, doesn't it? Contradictory?). At any rate, the chance of ever being key-logged is not a risk I'm willing to take, and SpyCop is the program I've chosen to eliminate that possibility (as much as is humanly possible, that is).

    There's just something about the level at which a keylogger could violate you. The more sophisticated ones can get everything - passwords, chats, IM's, web sites visited, web cam stuff (God forbid you have one of those!)

    IOW, a keylogger can cause irrevocable damage to your life.

    Quote:
    and does it detect many keyloggers on your system, each time u do a scan, or has it not detected any since your first scan.


    I have never had it detect a keylogger other than the one I put on here myself to test it. It detected it within a minute of starting the scan (a full scan runs about 17 minutes here). The program I tested it against wasn't even in general release yet - it was a new beta release of an existing programmes.



    I would dearly love to see someone do an exhaustive test on how well ProcessGuard does at detecting whatever keyloggers anyone has, though. PG runs resident - you'd get an alert instantly on something hinky if you're watching your SYSTRAY icon, without the need of running a daily full scan (which I do with SpyCop before I get online in the mornings).

    I can't remember whether you already own PG or not - and, lacking such an exhaustive, definitive test of its' anti-keylooger abilities, [I'd still suggest SpyCop,] anyway. HTH Pete
     
  4. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Thanks The Mul

    I feel kinda stupid for not having looked past page five in the older posts in the TDS forum before posting a question here that's already been asked, but what the heck you only live once.
     
  5. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    You are quite welcome,and have a nice day.




    The Mul :)
     
  6. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    BTW The mul

    If i ever get to 50 posts (may be a couple years from now) you'll be gettin' good karma for that one. :)
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    The way I see it currently is this:

    You must ensure that your computer is currently not infected with a keylogger (or at least, prior to the purchase and installation of ProcessGuard).

    The only way to do that is to either purchase SpyCop (which I recommend wholeheartedly and without reservation), or try d/l'ing and scanning with a trial version of any of the other anti-keylogging programs available to ensure that your computer is clean.

    After that point, I'd say it was about 99.9999% safe to depend on ProcessGuard - period - to alert you to any new keyloggers attempting to find a home on your computer (with the exception of hardware keyloggers) - but you MUST religiously pay attention to any and every alert you get from PG if you're going to rely on it for that function (keylogger detection)!.

    If you can't do that - or you simply don't have time to wade through the log entries generated by everyone who had access to your computer - that's why you still need a dedicated anti-keylogger program on your machine - so you can run scans with updated databases of that program to cover the possibility of someone who has access (use of your computer) of having infected you with one in your absence.

    If any software keylogger can successfully infiltrate a computer installation that contains both SpyCop and ProcessGuard, and not be discovered, I'd be flat-out astounded. HTH Pete
     
  8. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Sadly :'( i can't use Process Guard as i still have Win ME, but i do have a copy of Spycop(free) version that i run regularly and Pest Patrol(pay version) .
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    10390bc - The freeware version of SpyCop does not scan all files that can show an infection. Please read this page if you haven't already done so: http://spycop.com/faq.htm#SpyCop%20Trial%20Version .

    Not only will it skip random files - but your database for the program is so seriously out-of-date as to be useless (unless you've just gotten it recently).

    Currently, SpyCop has in its' DB 408 programs that it scans for - how many is your copy showing?

    An alternative scenario for you would be to d/l and install either the trial version for WhosWatchingMe ( http://www.trapware.com/ ) or Anti-keylogger SOHO Edition ( http://www.anti-keyloggers.com/products.html ) - or, simply continue relying on TDS-3, and PestPatrol (Spybot Search&Destroy also scans for some keyloggers). HTH Pete
     
  10. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Thanks for the info Spy1 :)

    My copy of Spycop says it detects 391+ keyloggers, but i will most likely be purchasing it, i was just trying it out first.

    I guess TDS-3 just doesn't cut it when it comes to keyloggers.

    Too bad there wasn't a free keylogger out there that was worth getting. it gets rather expensive to purchase all this software.
     
  11. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Thanks for the karma 10390bc and i am glad spy 1 can help u as he knows much more than i do on this matter, as well as spycop.
    I would also like to say hi to pete and hope your day goes well.


    The mul :D
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I never said that - not put that way, anyway.

    It's really just this simple (to me, anyway) - FE

    NOD32 is for virus prevention, detection and removal

    TDS-3 is for trojan prevention, detection and removal

    SpyCop is for keylogger detection and removal

    AA and SBS&D are for scumware removal

    SpyBlocker, SpywareGuard, SpywareBlaster, IE-SPYAD and AGNIS F/OutPost are for scumware prevention

    ProcessGuard is for damned near everything else (if your OS can use it) - as long as you're installing it on a machine that you're SURE is clean to start with!.

    Pete
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, there Mr. mul! Good to see you again, too! And, thank you!

    (Unfortunately, I only "know" enough to be extremely dangerous to myself and small, innocent forest creatures!). Pete
     
  14. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    You dont need to be so modest pete, any help u give is always appreciated by anyone and i am sure all will agree on this matter.



    The mul
     
  15. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    I second that comment by The Mul .
     
  16. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    oops.

    in my other post when i said " too bad there wasn't a free keylogger out there that was worth getting." What i meant to say was: Too bad there wasn't a free keylogger DETECTOR out there that was worth getting. :oops:
     
  17. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    All I can say is it wont be long before your past the 50 post mark and it wont take very much longer look at your previous statement.


    The Mul
     
  18. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Yes :D i wasn't paying attention, just a few more posts and i'm there and you get your karma. :D
     
  19. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Bingo u got it and all good things come to those who wait.



    The Mul
     
  20. 10390bc

    10390bc Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    88
    Hey i'm 50. I didn't think i would be saying that for for quite a few years. :D
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    TDS has quite a collection on keylogger detection; keep sending in your samples and TDS will include what's possible if it wasn't there already.
    submit@diamondcs.com.au They're really happy with the samples. Send everything suspicious, don't hold back!
     
Thread Status:
Not open for further replies.