Interesting keylogger test

Discussion in 'other anti-malware software' started by aigle, Dec 1, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    Last edited: Dec 2, 2007
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,286
    Location:
    U.S.A. (South)
    New test alright but.............


     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    On my system, it works with .NET framework 1.1.
     
  4. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Thanks aigle,

    DefenseWall : Failed

    I use OA free so could not test it

    Regards,

    MaB
     
  5. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    XP PRO SP2 [ITA], PS 1.40b2:

    1.JPG


    I hope not to be in error also this time: eventually, try to be clement with me...:gack:
     
    Last edited: Dec 2, 2007
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    So PS is the champion! PS has again n again proved itself to be the King/ Queen of all HIPS.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    Can anyone try OA paid and SSM Pro?

    Thanks
     
  8. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    gerardwill just made the test against OA paid and OA detect it and of course block it :cool:

    MaB
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    Yep it does :)
     

    Attached Files:

    • klt.gif
      klt.gif
      File size:
      18.3 KB
      Views:
      3,195
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    Hi! It,s not so clear from the screenshot that what is blocked? Keylogging or just the execution of the file?

    Edit:I can see words keylogger on top of the window. What,s the popup alert given by OA?
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    I allowed the execution, after that I got the keylogger warning and I blocked.

    Gerard
     
  12. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Since OA Free has some keylogger protection, would it still stop this?
     
  13. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    I don't understand your question.
    Regards,

    Gerard
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    As I know, OA free has no keylogger detection.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    That,s nice. Thanks
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    SSM Pro
    Comodo v 3

    Anyone please?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,658
    Location:
    The Netherlands
    Seems to be a new keylogging method that´s used by this tool, so no surprise that most HIPS will fail. But like I said before, I think the only way to guard against all keylogging methods is by using a tool like KeyScrambler (KS), this way you don´t have to worry about all these methods. Btw, to clarify, KS would never work on any of my virtual machines, so I´m not promoting it or something, but the technique used by this tool seems to be very interesting.
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I don't have NET framework so presumably no point me trying this ? If passwords etc are entered using a mouse ( Roboform) so that credit card details are entered directly with one click can any of these keyloggers obtain the details ?
     
  19. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    For the testers of oa and prosecurity....

    Did the applications actually block it or just alert you to it? Because comodo can alert but cannot block.

    http://screencast.com/t/aAaB0l9Q1
     
  20. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
  21. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    alert and then, obviously, block this attempt...
     
  22. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Anyone with oa free check? Maybe that is why gerard is passing. He has the pay version which has this additional protection?
     
  23. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    watching your movie, i observe an alert not riproducible with prosecurity, like if Defence+ is exercising a control on a particular behavior unnoticed instead from Prosecurity...

    Snap1.jpg


    PS, infact, prevents reading/writing process space memory attempt but not such alert from PS:
    only execution/Log Keystroke pop-up....o_O





    Moreover, testing D+ in VM, i'm able to find out other behaviuor unnoticed by PS (and other HIPS):
    http://www.proactive-hips.com/yabb/yabb2/YaBB.pl?num=1195848002
    Could someone provide me some explanation before PS_Dev reply?
    TXS in advance! :)
     
    Last edited: Dec 2, 2007
  24. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    KIS 7.0.0.125d:

    2.JPG
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,655
    Location:
    Sydney, Australia
    Hi Wordward,

    OA Free will detect a couple of elementary methods, but not the same number of methods as the full version of OA.

    Mike
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.