New keylogger tests from Zemana

Discussion in 'other anti-malware software' started by aigle, Aug 21, 2008.

Thread Status:
Not open for further replies.
  1. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    My test results

    Online-Armor V3 beta (162):
    Key Logger: PASS
    Screen Logger: FAIL
    Clipboard Logger: PASS

    DefenseWall v2.45:
    Key Logger: PASS
    Screen Logger: PASS
    Clipboard Logger: PASS

    EQS 3.41:
    Key Logger: FAIL
    Screen Logger: FAIL
    Clipboard Logger: FAIL

    Webcam N/A
     

    Attached Files:

  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    CFP v 3.

    c.jpg
    cc.jpg
     

    Attached Files:

    • cc.jpg
      cc.jpg
      File size:
      98.5 KB
      Views:
      1,018
  3. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    So can someone confirm how many tests Outpost passes?
     
  4. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten

    If Matousec introduce technique of these tests at his own suite I am sure OP will pass all :rolleyes: , for now OP can pass only first keylogg test (silencio guess).
    BTW, Zemana tests are digitally signed...so uncheck your HIPS exclusions

    Edit:

     
    Last edited: Aug 21, 2008
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan

    Attached Files:

  6. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    According to my tests OP has failed all the tests, in spite of the fact that it's settings were at maximum level with custom rules in which OP should alert me on all events !!

    Some one has said that OP passed the Key logger test, this is weird because on my tests it fails every time in this test and all others !!

    This doesn't mean that OP is a weak HIPS, not at all.
     
  7. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    ...and what does it means then, if OP passed test then it is weak? :D
     
    Last edited: Aug 22, 2008
  8. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    Einsturzende - so you are saying Outpost passes the first test but fails the other two?
     
  9. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Not me, Metting said it fails all and The MUL said it passed Keylogg...

    Edit: I tried now all test on Vmware, OP ver. 6.5.2355.316.0597
    It passes keylogg and fails all other
     
    Last edited: Aug 22, 2008
  10. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    On my pc Outpost passed the keylogger test only.It failed the clipboard,and the screenlogger.i don't have a webcam.Host protection was on advanced level.
     
  11. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland

    Hi,

    Just to let you know that the latest version of outpost pro firewall is 6.5.2358.316.607 not the version you are testing with.

    THE MUL
     
  12. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I have to correct something from my last post in the old thread. Real-Time Defender (aka ProSecurity 1.43) pass the Key logger test:
     

    Attached Files:

  13. BrendanK.

    BrendanK. Guest

    I tried Threatfire with this, just really wanted to see what it would do.

    It did nothing :p
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I get the same results of course, but the screenlogger when allowed takes picture perfect screens of the desktop unabated/unalerted.

    Now these type tests while easily would be stopped at first execution, are the ones i like to TEST & allow to proceed past point #1 to see if the defense app i'm testing has any secondary defense mechanism to stop them before acting. Obviously, the way windows nt systems are fashioned seem to make this second prevention unavoidable for most single security apps.

    EASTER
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You are wrong here. Such a behavior you just described is normal. To prove that DefenseWall protect against clipboard data hijack, just run the test, run notepad, type something and copy to clipboard.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    A small correction. GesWall does pass keylogger simulation test. Screen capture is still actually not a part of GesWall,s protection but I have suggested to add it.
     

    Attached Files:

  17. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello Ilya,

    I stand corrected. I was able to confirm that DefenseWall does in fact "pass" this clipboard data hijack test. Thanks for setting the record straight.


    Peace & Gratitude,

    CogitoErgoSum
     
  18. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    There may be a conflict somewhere on your system or something wrong with your DefenseWall(DW) installation because I have retested the Screen-Logger test several times and have found that DW "passes" this test(blocks it silently) when it is "Run as untrusted" and "fails" when it is "Run as trusted". Out of curiosity, did you run this test with ShadowSurfer(SS) enabled or disabled? The reason that I am asking is because it has been my experience that Shadow Defender while in "shadow mode" which is similar to, but a little different than SS has impaired DW's operation on more than one occasion. I have attached my events log for your review.


    Peace & Gratitude,

    CogitoErgoSum
     

    Attached Files:

    Last edited: Aug 22, 2008
  19. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    Anyone tried this test with KIS9?
     
  20. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello aigle,

    Thanks for performing these tests. Your efforts are very much appreciated.


    Peace & Gratitude,

    CogitoErgoSum
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    not sure if antibot is supposed to alert on these threats,

    but it certainly failed either way, detecting & alerting nothing.... :rolleyes:
     
  22. Ohmy

    Ohmy Guest

    K-1.png
    Maybe I'm not sure how to test it,
    but am I missing anything?
    Everyone else using DW seems to pass,
    but not mine? o_O
    And yes I'm only using Defensewall.

    P.S. there was a warning by DW, however after I allowed it,
    it doesn't pass both test (clipboard-logger test, key logger teset)
     
    Last edited by a moderator: Aug 22, 2008
  23. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    That's what I want to know - how does KIS 2009 do?
     
  24. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    You should get a keylogger warning pop-up from DW.
    You will need to Terminate, not press OK.
     

    Attached Files:

    • dw.JPG
      dw.JPG
      File size:
      38.3 KB
      Views:
      815
  25. Ohmy

    Ohmy Guest

    Reading this post by aigle...

    Sorry I thought I had to do the samething. :oops:
     
    Last edited by a moderator: Aug 22, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.