KEYLOGGER TESTS: Plz test and post your result.

Discussion in 'other anti-malware software' started by AaLF, Oct 12, 2011.

Thread Status:
Not open for further replies.
  1. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    I need to know what software win and lose against this series of keylogger vulnerabilities tests. If you guys can be so kind as to download and run the .exe much appreciated.

    Here is a link to spyshelter.com

    At the bottom right of their home page you will find a keylogger test file to download and check yourself for vulnerabilities.

    Its a single .exe that opens up a panel to click on 6 tests. Simple easy & quick. I'm interested to see which HiPS SecuritySuites, (hippy)FWs & anti Keyloggers etc miss any. And your AV spotting the .exe as malware doesn't count as a pass. :rolleyes: You gotta run the the tests.

    Nothing adverse happened to me by downloading it except a bit of embarrassment by a few failures. :oops:

    So let us know what software you tested with & how did it fare against the six simple quick tests?
     
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Most HIPS will fail against these type of tests because these things are extremely focused on screen cap, sound log etc, and the HIPS were not made to protect specifically this situations. Unless you use another Anti Keylog software such as Zemana etc.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Nod says:D
    Access denied!


    Details:
    Web page: http://spyshelter.com
    Category: Criminal Activities - Child Abuse Images, Criminal Skills, Hacking, Hate Speech, Illegal Drugs, Marijuana, Piracy and Copyright Theft

    Comment: Web page was blocked because it matched prohibited categories.
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Haha :D Try Zemana site :)
    BTW...SpyShelter pass all ;)
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Zemana it is good no problem:D
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    is that included in the trial version? ;)
     
    Last edited: Oct 12, 2011
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Hmmm...it looks that your web-filtering is some "silent and good friend of Zemana" :ninja:
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hahaha wonder why NOD would block SpyShelter :)
    We need to report that!

    Anyone can try this with OA highest setting just to check it out? :D
     
  9. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Avira blocks it too. I just tried it and got an access denied from Avira.
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Blocks the .exe or the website? :rolleyes:
     
  11. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Both as far as I could tell...here is what it says.

     
    Last edited by a moderator: Oct 12, 2011
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    spyshelter update has ceased lately.
    do you think the site is compromised hence it gets blocked?
     
  13. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Maybe or its some sorta unfriendly competitive rivalry. Odd that two dif. AVs can sniff something there. I have no AV up right now so I can't tell. Let's see what the others say.

    Any other AVs getting jumpy knocking on Spyshelter's door?
     
  14. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    SRP blocked the .exe:D
    prevention, prevention, prevention...
     
    Last edited: Oct 12, 2011
  15. tomazyk

    tomazyk Guest

    I tested it against Malware defender. Here are resaults:

    Keylogging - PASSED
    Webcam capture - did not test (got no cam connected and it would probably FAIL)
    Screenshot - FAIL
    Clipboard monitoring - FAIL
    System protection - registry access 1 and 2 -PASSED; driver registering FAIL
    Sound record - did not test (got no mic connected and it would probably FAIL)

    MD did as I expected. I was only surprised for failing driver registering test.
    Of course I have allowed test to run. Had I block the execution MD would pass 100% :)
     
  16. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I tested Personal Firewall in XP 32 with maxed up settings.

    Keylogging - Passed
    Webcam capture - No cam here
    Screenshot - Passed
    Clipboard monitoring - Passed
    System protection - memory access 1 Passed, the rest Failed
    Sound record - Not covered by PF

    It also passed Zemana's Keylogging, Clipboard monitoring and Screenshot tests. I don't have the SSL test.

    Of course, it alerted of all the tests, I had to alow them first.
     
    Last edited: Oct 12, 2011
  17. phaser

    phaser Registered Member

    Joined:
    May 28, 2010
    Posts:
    35
    A new beta for SpyShelter 6.0 is out, so I wouldn't worry.



    Probably the keylogger test is now blocked by some vendors (like SpyCar and others, without being a real malware).
     
  18. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    I tested Online Armor Free + Threatfire against it:


    Keylogging - Passed (OA free)
    Webcam capture - No cam here
    Screenshot - failed
    Clipboard monitoring - failed
    System protection :
    Test 1 - Passed (Threatfire)
    Test 2 - Passed (Threatfire)
    Sound record - Passed (OA free)

    I'm pleased with the result. :)
     
  19. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    WSA blocks it as well as a win32 Malware Gen.
     
  20. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    CIS (the AV) blocks the file as well.
     
  21. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Geeze either a lot of FP going on here or the site may have been compromised. I hope not,it will not look to good for SS if it has.
     
  22. chris1341

    chris1341 Guest

    I find the fact that AV's are blocking/detecting this file depressing. It has been available for some time and is from a known reputable vendor. Occassionally I need a reminder why I gave up on them in real time, things like this help! I suppose it could be classified as a PUP or the heuristics are detecting the behaviour but still. Could it be to avoid their users knowing they don't pass the test? Surely not :rolleyes:

    Anyway detection ain't the point here, ability to recognise and prevent the apps key/screen logging etc is.

    I think you will find nowadays all the main HIPS OA, Comodo, Outpost etc do very well on the tests on 32 bit sysyems. On 64 bit it is a different story (not surprising given the patch gaurd issues) although keylogging protection seems to be much better now but screen capture protection still fairly poor.

    I've been considering using HIPS again recently and on my Win 7 64 bit set-up (last month or so) I've tried Outpost, Comodo, Online Armor, Private Firewall and even Kaspersky 2012 HIPS against these tests. All passed the keylogging and they failed either the clipboard and/or some or all of the screen capture. Surprising (to me anyway) on my set-up Outpost was best as it was poor on 64 bit not long ago and even more so that PFW was by far the worse and furthest behind the very good 32 bit version (although to be fair none offerred the same degree of protection they did on 32 bit). Spyshelter itself of course passed all and WSA prevented all when in a https site.

    I think we should find this type of thing interesting and perhaps even indicative but there should always be the regognition that developers could have designed their products to pass this particular test rather than to protect against the methods it uses.

    Anyway.......
     
    Last edited by a moderator: Oct 12, 2011
  23. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe

    Yes, but if I allow the test, it says to that some registry's keys was modified: but they should be protected by default by Defense+ settings. So ??
     
  24. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    +10 :thumb:
     
  25. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    I've checked site of SS (home and download) on VT:
    Avira Clean site
    BitDefender Clean site
    Dr.Web Clean site
    G-Data Clean site
    Malc0de Database Clean site
    MalwareDomainList Clean site
    Opera Clean site
    ParetoLogic Malware site
    Phishtank Clean site
    TrendMicro Clean site
    Websense ThreatSeeker Unrated site
    Wepawet Unrated site

    It's obvious for me that site is clean and safe. There are many sites which are flagged as "suspicious/unsafe/danger" for one reason only...they are site of security apps or security forums.
     
Loading...
Thread Status:
Not open for further replies.