Prevx SOL and KeySrambler versus Commercial Keyloggers

Discussion in 'other anti-malware software' started by aigle, Oct 22, 2010.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I tested this here as well (XP SP3 but shouldn't make a difference) and SafeOnline blocked everything. There are a number of factors which could be affecting it, from language settings to whatever CTM is doing behind-the-scenes. I can certainly investigate closer if wanted but on multiple PCs here, I've yet to see a single keystroke get stolen across English, British English, and Spanish keyboard configurations. Fundamentally "Advanced Keylogger" does nothing different than the Zemana leaktest or other leaktests.

    Be aware that even though it may be protected from the initial entry, if there is a Man-in-the-Browser infection like Zeus, Caberp, Torpig, Silon, etc. on your PC, it will still be able to see credentials when they are sent across the network unless you use browser protection software.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Ok, may be it,s CTM. Good to know that SOL is working perfect.

    Prevx is great I must say. :thumb:
     
  3. diceman

    diceman Registered Member

    Joined:
    Jan 29, 2010
    Posts:
    24
    Wouldn't running in a limited account while online prevent these key loggers from running and installing to begin with? Is a lot cheaper and easier too. ;)
     
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    aigle, great testing anyway. Interesting to read your test and Joe's explanation of Prevx SafeOnline.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Thanks, just tested as I like Prevx a lot.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    @PrevxHelp

    Does Prevx SOL works Ok in VirtualBox as I tested it on Windows 7 in VBox and still a fail.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    It,s weired. Another person have tested it on XP and windows 7 and has confirmed my finding. Prevx SOL is bypassed by two loggers( screenshots by one and keystrokes by the other).

    Wish some one else could try it as well. :p
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    I'm on XP :thumb:

    Which 2 out of the 3 are they ? Let me know and i'll do it ;)
     
  9. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
  10. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Oh jeez...I've just tried Advanced Keylogger in my Win XP (SP3) VM and it successfully captured login details from Paypal. I couldn't get All-in-one Keylogger to work properly, but given Safeonline was bypassed by Advanced Keylogger I'm sure Aigle's test results are correct for that also. :(

    Joe, if you want to do a remote support session to try to diagnose this drop me a pm.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    All in one Keylogger bypassed Prevx SOL and took snapshots of https session on paypal.com login. Also Advanced Keylogger bypassed Prevx SOL and keylogged the user name and password from paypal.com login page.

    Get them from here.

    http://www.relytec.com/
    http://www.eltima.com/products/keylogger/
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,071
    Location:
    Ontario, Canada
    Don't forget what PrevxHelp has said about Keyboard language:

    TH
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,071
    Location:
    Ontario, Canada
  14. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Well, keyboard language for me is English.
     
  15. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
  16. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    oh man tried them right now.. boyo_O
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,071
    Location:
    Ontario, Canada
    Who said they weren't? I was just pointing out that MRG is testing against malicious keyloggers sorry that I didn't make myself clear!

    TH
     
  18. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Last edited: Oct 24, 2010
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    All-in-one Keylogger & Advanced Keylogger test v PSOL

    XP/SP2 Admin

    Installed both under ShadowDefender, with ALL my security disabled, apart from PSOL.

    All-in-one Keylogger captured a screenshot

    wild.jpg

    I have manually allowed protection for Wilders in Prevx, so it shouldn't have captured that :(

    In the Textual Report i only found one Keystroke logged out of many i did ? The Wilders one was not it, but note above.

    Didn't find any www's logged.

    I found it visably slowed my screen movements with text files & screenies etc :thumbd: I'm sure people would notice & investigate :D

    Not sure if it worked properly as it was buggy, or was it that PSOL protected me ?

    MORE
     
    Last edited: Oct 24, 2010
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Advanced Keylogger was a different class altogether :D

    Captured dozens of screenshots, here's just 2

    ak-log8.gif

    Captured keys etc

    ak-log3.gif

    ak-log5.gif

    ak-log6.gif

    ak-log7.gif

    PSOL didn't block any of the above ?
     
    Last edited: Oct 24, 2010
  21. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
  22. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Something weird is going on here. Maybe we're all testing in a VM and Prevx SOL has some problems in VMs due to the keyboard and screen interfaces??

    Edit: Damn, just noticed Cloneranger is testing with Shadowdefender. Bang goes that theory. Common denominator is XP then??
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    PrevxHelp:
    according to Wikipedia, the only way to prevent Man-In-The-Browser attacks is through what is called "transaction verification".
    -http://en.wikipedia.org/wiki/Man_in_the_Browser-

    i'm no expert but according to the above it seems the only way to be safe beside "transaction verification" is not to get infected in the first place.
     
    Last edited: Oct 24, 2010
  24. SAW

    SAW Registered Member

    Joined:
    Oct 25, 2009
    Posts:
    48
    Has anyone tested Trusteer's rapport with these key loggers ,it's a bit heavier on the system but would protect your browser better if it does work against them.
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Tests by MRG have shown it to be less effective than Prevx SOL. Back on topic...clearly there is a bug/possible regression going on here. I have previously tested SOL against keyloggers in XP and it did what it claimed. For some reason it's now not doing that - at least for XP. We just need to give PrevxHelp some time to respond.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.