KEYLOGGER TESTS: Plz test and post your result.

I performed it on real system coz I thought its a sample test & all the changes will be reverted back. But I dont know if it revert back the changes or it doesn't changes anything but just acts as its changing something.

After performing the test i.e after starting each test later I clicked stop. After all the tests I deleted the exe.

Hope no prob on my system. No image here & system restore was disabled at the time coz I was doing some cleanup job.

Thanxx
Naren

 

I think that you don't have to worry. Only traces I found were left from registering driver (driver in temp folder was registered, but no file present). After reboot the registration was gone. I don't think you have to do any cleanup, just reboot the system.

 

That would require me to switch to administrator mode in order to run the executable. It is not a realistic test against a default-deny setup when you have to bypass your primary defense (not permitting non-whitelisted processes to execute) in order to test your defenses. For that test to apply, it would have to start with some type of social engineering trick to coerce me into allowing it.

I'm still waiting for the day that someone packages up a custom rootkit and offers it up here as a leaktest, keylogger test, etc. It's pretty obvious what type of social engineering would work against a lot of the posters here:
Run this and test your defenses!
Who knows, it may have already happened.

 

This very thought has crossed my mind more than a few times.
I guess we all figure, "Nah, they wouldn't do that", or we figure, "Someone must have checked the code out real thoroughly to make sure it is okay".
It's ironic, is it not, that as you say, such social engineering would work so easily here at a forum full of security advocates.
So many skeptics, yet so ripe for the picking.

 

Tried this against DefenseWall sometime ago and everything got blocked as expected

 

DefenseWall

 

The same with CIS Defense+ 5.8.

 

You know you right,could easily happen.Securitry concious and all I bet many just assume that the test links are safe of course admins will squash it if its not but after the fact that some got hosed.Your thinking outside the box so to speak is very good.To be honest the thought have not crossed my mind until know.

 

Thanxx replying. I was little worried coz the test does registry & other changes. Good to know that no changes remains & after reboot the driver is also removed.

Regards
Naren

 

Nova shield - behavior based.
1.key logger - failed
2.web cam - pass
3.Screen Shot - Failed
4.Cliboard Monitoring - Failed
5.System protection Registry 1 - Pass
6.System Protection Registry 2 - Pass
7.System Protection Driver Registering - Failed
8.Sound record - Failed.

 

This is why people who have some education don't worry much about such things. Whether running in a virtual environment/sandbox or using images, it would not matter much. For those who have no such knowledge, they take that risk with every downloaded file they execute, don't they?

I like to take the approach that while I think I have a secure system, nothing is foolproof and therefore it is in my best interest to learn to how get back to a good state. If everyone looked at it like that, then when they had a virus etc, they could simply restore or whatever, and virus gone. No more spreading of virus etc. But, it takes some education to do that, not just button clicking bliss

Sul.

 

No arguments here that a default-deny policy will prevent the installation, and I fully endorse this approach, but the trouble is it comes up clean on an av scan (MBAM).

If the file is named as something someone is looking for, such as a picture editor for example, and they download it via torrent, how long does it take before they notice something suspicious and either halt the installation mid-stream, or worse, don't notice a problem until after it's installed and launched? If they're astute enough it's probably not going to be an issue; they remove it or restore an image.

In my case now I can say with confidence I would notice something wrong very early and either restore an image or, better yet, test-install in the vm or sandbox first so the behaviour could be analyzed before commiting to disk.

A similar incident happened to me once - back in 2002 - when I was seeking a dubious download and it massacred something on the disk (Win xp); pc wouldn't boot. I had to re-install because back then I was not well versed in computer security, including imaging/restore products. I guess this sort of thing is common place with the majority of users who aren't security-wise, especially those who don't care much about it and routinely seek pirated software. This is how I learned to download from trusted sources. It's never failed me yet

 

Faronics Anti Excutable. The test Excutable only if allowed to begin with then results are the following.

1.Key Logger - Fail
2.Web Cam - Faill
3.Screen shot - Fail
4.Clipboard - Fail
5.Registry 1 - Pass
6.Registry 2 - Pass
7.Driver registering - Fail
8.Sound Record - Fail

 

very true

 

I tested: Avast! 6 Free + Malware Defender (action / detection - both).

Resaults:

Keylogging - PASSED
Webcam capture - not test
Screenshot - FAIL
Clipboard monitoring - FAIL
System protection:
- registry access 1 - PASSED
- registry acces 2 - PASSED
- driver registering - PASSED
Sound record - not test

 

Was driver registering blocked by Avast or Malware Defender? If MD, which rule blocked the test?

 

SRP denies me access and Comodo Cloud Scanner accurately detects it.

After moving to whitelisted low integrity location, Comodo Sandbox protected against Registry Access (other system protection unavailable).

Probably does better in Paranoid Mode without AutoSandbox, but I'm too lazy.

 

Tested on Quick heal Internet security

Keylogging - Fail
Webcam capture - Fail
Screenshot - FAIL
Clipboard monitoring - FAIL
System protection:
- registry access 1 - FAIL
- registry acces 2 - FAIL
- driver registering - FAIL
Sound record - FAIL

Beware Quickheal fans
Uninstalling Trial version as soon as possible as it even not able to protect registry Strange

 

Avast!

 

Thanks!

 

To pass the Webcam Capture and the Sound Recorder tests: go to Control Panel > Hardware and Sound. Disable the webcam and the sound recorder. Turn UAC to max. It worked here.

 

Quickheal has fans. Who knew.

 

That's one reason I let other people try this stuff.

 

What is QuickHeal?
*Googles*

 

Few Members above have quoted that avira pass the test but on my 32 bit windows 7 avira internet security with high detection Failed on each and every test even registry can be changed .

Have anybody tested on F-secure
P Lease report