Interesting keylogger test

U can download the keylogger from this thread.

http://www.pctools.com/forum/showthread.php?t=49595

My results:

NG- failed
EQSecure- failed
GesWall- failed

 

New test alright but.............

 

On my system, it works with .NET framework 1.1.

 

Thanks aigle,

DefenseWall : Failed

I use OA free so could not test it

Regards,

MaB

 

XP PRO SP2 [ITA], PS 1.40b2:




I hope not to be in error also this time: eventually, try to be clement with me...

 

So PS is the champion! PS has again n again proved itself to be the King/ Queen of all HIPS.

 

Can anyone try OA paid and SSM Pro?

Thanks

 

gerardwill just made the test against OA paid and OA detect it and of course block it

MaB

 

Yep it does

 

Hi! It,s not so clear from the screenshot that what is blocked? Keylogging or just the execution of the file?

Edit:I can see words keylogger on top of the window. What,s the popup alert given by OA?

 

I allowed the execution, after that I got the keylogger warning and I blocked.

Gerard

 

Since OA Free has some keylogger protection, would it still stop this?

 

I don't understand your question.
Regards,

Gerard

 

As I know, OA free has no keylogger detection.

 

That,s nice. Thanks

 

SSM Pro
Comodo v 3

Anyone please?

 

Seems to be a new keylogging method that´s used by this tool, so no surprise that most HIPS will fail. But like I said before, I think the only way to guard against all keylogging methods is by using a tool like KeyScrambler (KS), this way you don´t have to worry about all these methods. Btw, to clarify, KS would never work on any of my virtual machines, so I´m not promoting it or something, but the technique used by this tool seems to be very interesting.

 

I don't have NET framework so presumably no point me trying this ? If passwords etc are entered using a mouse ( Roboform) so that credit card details are entered directly with one click can any of these keyloggers obtain the details ?

 

For the testers of oa and prosecurity....

Did the applications actually block it or just alert you to it? Because comodo can alert but cannot block.

http://screencast.com/t/aAaB0l9Q1

 

According to the comparison page on the OA Website, Online Armor has keylogger hook detection, but not kernel or other. What do any of these mean?
http://www.tallemu.com/comparisons.html

 

alert and then, obviously, block this attempt...

 

Anyone with oa free check? Maybe that is why gerard is passing. He has the pay version which has this additional protection?

 

watching your movie, i observe an alert not riproducible with prosecurity, like if Defence+ is exercising a control on a particular behavior unnoticed instead from Prosecurity...




PS, infact, prevents reading/writing process space memory attempt but not such alert from PS:
only execution/Log Keystroke pop-up....





Moreover, testing D+ in VM, i'm able to find out other behaviuor unnoticed by PS (and other HIPS):
http://www.proactive-hips.com/yabb/yabb2/YaBB.pl?num=1195848002
Could someone provide me some explanation before PS_Dev reply?
TXS in advance!

 

KIS 7.0.0.125d:

 

Hi Wordward,

OA Free will detect a couple of elementary methods, but not the same number of methods as the full version of OA.

Mike