Interesting keylogger test

Discussion in 'other anti-malware software' started by aigle, Dec 1, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Last edited: Dec 2, 2007
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    New test alright but.............


     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    On my system, it works with .NET framework 1.1.
     
  4. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Thanks aigle,

    DefenseWall : Failed

    I use OA free so could not test it

    Regards,

    MaB
     
  5. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    XP PRO SP2 [ITA], PS 1.40b2:

    1.JPG


    I hope not to be in error also this time: eventually, try to be clement with me...:gack:
     
    Last edited: Dec 2, 2007
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So PS is the champion! PS has again n again proved itself to be the King/ Queen of all HIPS.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone try OA paid and SSM Pro?

    Thanks
     
  8. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    gerardwill just made the test against OA paid and OA detect it and of course block it :cool:

    MaB
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Yep it does :)
     

    Attached Files:

    • klt.gif
      klt.gif
      File size:
      18.3 KB
      Views:
      3,194
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi! It,s not so clear from the screenshot that what is blocked? Keylogging or just the execution of the file?

    Edit:I can see words keylogger on top of the window. What,s the popup alert given by OA?
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I allowed the execution, after that I got the keylogger warning and I blocked.

    Gerard
     
  12. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Since OA Free has some keylogger protection, would it still stop this?
     
  13. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I don't understand your question.
    Regards,

    Gerard
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I know, OA free has no keylogger detection.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s nice. Thanks
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    SSM Pro
    Comodo v 3

    Anyone please?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Seems to be a new keylogging method that´s used by this tool, so no surprise that most HIPS will fail. But like I said before, I think the only way to guard against all keylogging methods is by using a tool like KeyScrambler (KS), this way you don´t have to worry about all these methods. Btw, to clarify, KS would never work on any of my virtual machines, so I´m not promoting it or something, but the technique used by this tool seems to be very interesting.
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I don't have NET framework so presumably no point me trying this ? If passwords etc are entered using a mouse ( Roboform) so that credit card details are entered directly with one click can any of these keyloggers obtain the details ?
     
  19. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    For the testers of oa and prosecurity....

    Did the applications actually block it or just alert you to it? Because comodo can alert but cannot block.

    http://screencast.com/t/aAaB0l9Q1
     
  20. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
  21. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    alert and then, obviously, block this attempt...
     
  22. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Anyone with oa free check? Maybe that is why gerard is passing. He has the pay version which has this additional protection?
     
  23. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    watching your movie, i observe an alert not riproducible with prosecurity, like if Defence+ is exercising a control on a particular behavior unnoticed instead from Prosecurity...

    Snap1.jpg


    PS, infact, prevents reading/writing process space memory attempt but not such alert from PS:
    only execution/Log Keystroke pop-up....o_O





    Moreover, testing D+ in VM, i'm able to find out other behaviuor unnoticed by PS (and other HIPS):
    http://www.proactive-hips.com/yabb/yabb2/YaBB.pl?num=1195848002
    Could someone provide me some explanation before PS_Dev reply?
    TXS in advance! :)
     
    Last edited: Dec 2, 2007
  24. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    KIS 7.0.0.125d:

    2.JPG
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Wordward,

    OA Free will detect a couple of elementary methods, but not the same number of methods as the full version of OA.

    Mike
     
Loading...
Thread Status:
Not open for further replies.