Hi, Blackcat Yes PG protects against Keylogges, you will get a checksum warning of something new trying to start. Take Care, TheQuest
Also Keyloggers have to be able to set a global hook to use the keyboard, so with Block Global Hooks set it could key log even if you let it run.
Hi Blackcat, Here is a link to the specific methods used by Keyloggers: http://www.diamondcs.com.au/processguard/index.php?page=attack-keystroke-loggers If you want to test Process Guard regarding keyloggers you can use this tool: http://www.diamondcs.com.au/processguard/keyhook.exe For further testing of Process Guard please try Advanced Process Termination available from here: http://www.diamondcs.com.au/index.php?page=apt HTH Pilli
Thanks, Pilli, some good reading here. Just tried the keystroke recorder listed above and PG jumped in straight away I think I have keystroke loggers covered with PG. Good job I checked in here as I was looking at Anti-keylogger; https://www.wilderssecurity.com/showthread.php?t=41388
Hi all Whilst I take on board what you are saying about Global Hooks and Keyloggers, I think it is only fair to point out that a lot us (for various reasons) do not have Block Global Hooks enabled. In my case (and that of many others), it is because of the problem with BOClean (well documented elsewhere/earlier in this forum). Also, as mentioned on more than one occasion by one of the DCS team (Wayne?), Block Global Hooks is pretty much experimental and is not for the average (me) user... So.. as things stand at the mo, PG is not really the answer to Keyloggers, is it?
Hi Oremina, Yes, I understand your argument there but you still have checksum protection which will jump in if the keylogger tries to execute. So not completeprotection but a whole lot better than nothing.
Hi Pilli Thanks for your quick reply... I was trying to do a "let me come back on this" before your last post, but lost my dialup connection. Was going to say, of course program checksums would be the first line of defence and one would have to be pretty loopy to let it run, but, yes, the warning would be there. I guess it is just that I will be delighted when Block Global Hooks is sorted and working to everyone's satisfaction and I can use it as it is meant to be used.. Don't think I was knocking PG... two programs I consider the best I've ever had are PG and (although not from the same stable) BOClean and I look forward to the day when they blend together well...
That's OK Oremina, Jason is working on a new version of PG which, hopefully, will be ready in two or three weeks, lots of small bug fixes and improvements.