Interesting keylogger test

Your tool becomes better and better I really like it! It´s great!
Incredible this raw method bypasses indeed aak 3.7 and ZA, damn.

 

By the way you can forget procmon it is absolutely not able to trace this raw method back... uhhhhh sysinternals loses points on my scale... not good for tracing back deep attack and even the most simple hooks are only recognized by thread create and exit omg that looks poor guys.. not a real process monitor they should create a hook tracer.

 

I spy with my little eye the first firewall to defend against this keylogger .

This is comodo's upcoming bug-fixing release. All major bugs are gonna be fixed.

 

EDIT....

MaB69 reported back in post 8 of this thread that OA defends against this, according to the testing performed by Gerardwil... but we just tested here and had failure with AKLT...

 

Mike your paid version stops it doesn't it? The free version is the one that cannot stop this.

 

SSM Pro 2.3.0.612 passes the GetRawInputData test on my system, but KAV allows the keystrokes to be captured and only alerts when I shut down AKLT - so surely that's only partial success for KAV?

 

Yes, was just about to post.... I tested with the Italian version of OA Free, didn't even think about it... the paid version does indeed kill it.

Thanks Coolio

 

Your Italian Mike?

 

Actually, I am from the UK... moved to Sydney a long time ago... but we're working on the Italian version of Online Armor at the moment and that was just what happened to be installed when I did the test.

 

I am from the UK. London, England. Moved to Canada.

Also aigle the new 3.0.14 beta passes this test. Tried in my virtual machine and nothing was picked up by it. Would make a video but the vm has too low memory to handle video applications.

 

Indeed it does.

No keystrokes recorded.

 

Nearly the same with AAK 3.7+ZA(alerts but strokes are recorded once) and directx method but happened first time in v.3.0.

Good to know.

 

With KAV 7.0.0.125 (with PDM fully enabled) I get the first pop-up, indicating that the Keystrokes are captured; it is only when I click the 'Stop' button on the test that KAV alerts - so how come posters earlier in this thread claim KAV7 passes?

KAV just warns you what has happened without preventing it. But when you look at the configuration for the Application Activity Analyzer, you note that KAV only has the possibility to 'Alert' on Keyloggers, not block them. (Though you can terminate the process when you do get the alert - so perhaps that is good enough).

ZAP 7.0.462.000 fails by the way.

 

as showed you at the beginning of this thread (post n°5), PS is able to catch this attempt:

 

DSA doesn't work against any of the keylogging tests. That doesn't concern me since it's pretty effective against leaks although the latest version seems to have trouble with AWFT.

 

This is a very old issue of Kaspersky I told already years ago that the guard of Kaspersky can easily be killed with a fast double or triple kill attack. They still haven´t learned as it seems.

 

I believe you Espresso. Although it mentions keyloggers on the Privacyware DSA website, it doesn't really claim to detect them. I wonder if Privacyware is aware of this?

http://www.privacyware.com/dynamic_security_agent.html

 

Arggggg!!

Current 3.41 EQS version lets the newest test walk right on in.

 

Congratulations gkweb. AKLT is a great piece of software! Definitely the best of its kind!

Keep up the good work!

 

Hello,

Thank you for your comments all and dmemace. However I did not discover myself this new method, I have just coded and added it to AKLT. Full reward is for the original author

I wonder how many unknown keylogging methods are existing that we don't know yet... the battle is still open.

Regards,
gkweb.

 

Personally for my setup I have found Pro Security beta 3 with snoopfree the best coverage for this tester it covers all except GetKeyboardState.
The response time on PS b3 stops it instantly upon typing, fastest I've seen yet.

 

ProSecurity with GeSWall stops/blocks all of them.
Except the last one.

Snoopfree blocks the 2nd screenshot test

 

Yes retested only second screen shot this time nothing else and snoop free flagged its as unauthorized screen access so I blocked it and then let PS b3 allow windows and pictures fax viewer to open up and I got blank screen shot. Possible your programs are conflicting hooks is you ? 2nd screen shot test to snoopfree?

Ok just installed OA 30 day trial on top of my XPproS2 with Pro Security beta 3, Comodo Bo Clean, Sandboxie 3.21, and snoopfree 1.0.7, now I pass all the tests.

However I question the ability of Online Armor actually being able to block GetKeyboardState because when I run it and then type into the window nothing happens I get no prompts either, so I wonder if its specifically designed to block the GetKeyboardState test only in this tester. As I said when running this specific test against my current set up after resetting everything in the other programs, I get no prompt at all when I initiate the GetKeyboardState test, it just simply don't allow me to type in the box.

 

Ok installed Snoopfree again along with ProSecurity and GeSWall and now i'm passing all test's including the last screenshot test.

We'll see how these all play together. I'll give it a couple of day's to see if any problems/conflicts turn up.

 

Since i also run snoopfree along with EQSecure i passed all tests before anyway except the one screenie.