I played a bit with some keyloggers and want to share it. I downloaded following keyloggers and installed them while disabling most of my security appliances on two laptops with windows XP. Ghost Keylogger HomeKeylogger Family Keylogger Advanced keylogger Martin,s undetectable keylogger Ardamax keylogger Paq Keylogger Elite Keylogger I am not whetehr all of them are legitimate or not as i just googled and downloaded them( some were detected as trojans by some scanners). I tried following security software against them( mainly detection issue). SnoopFree OA trial KIS( few months old signatures) trial Antivir free Ewido trial SSM free( only for Elite Keylogger) Windows Defender SuperAntispyware free Prevx1 RootKitRevealer and F-secure blacklight rootkit scanner beta( only for Elite keylogger). I am really impressed by SnoopFree. It really caught the action of all but two( Martin,s keylogger and Elite), and when I opted to stop some keyloggers, it successfullly stopped them from keylogging and screen shot capturing. Also when I tried to destroy the detected keylogger files, it destroyed most of them with a reboot. It is really wonderful piece of software, very small foot-print, low resources, no system slow down and is free. It did not detected however Martin,s keylogger( that no other scannner/ software could detect as well except KL Detector) and Elite Keylogger ( that was not detected by any software except for RootKit scanners). Online armor detected all but three of them( Martin,s , Elite and one more that I don,t remember now-- and the most imp thing here is that this detection like SnoopFree was on behaviour. The difference in protection from snoopfree is that OA stops the Keylogger from working at all and keylogger software announces that it failed to make a hook while snoopfree lets the keylogger work apparantly( no hooking failure annoucement by keylogger) but if u check its log, u will find it empty. Both are really good here- top class behavioural detection. Only one thing in OA needs improvement that the popups of unknown software execution and Keylogger software execution were similar- they shouild have different colors so that user can get alerted immediately. After installing all keyloggers I first scanned with Ewido and the results are here. Ewido missed detection of Martin.s Keylogger, Elite keyklogger and partially missed Ardamax( detected the resistry keys but missed files). I was really impressed by Ewido, it detected them both by signatures( and by heuristics as well- pls correct me if I am wrong). When I tried to delete the keyloggers detected by Ewido, Ewido deleted all except Advanced keylogger- showed error here. Rescanned abd deleted Advanced keylogger enteries again and Ewido again showed partial deletion and some error. However 3rd scan with Ewido was clean and I rescanned with KIS to confirm and it was clean as well, so Ewido was able to clean all the keyloggers that it could detect.