Should BitDefender Windows 8 react to keylogger tests?

Discussion in 'other anti-virus software' started by zmechys, Feb 20, 2013.

Thread Status:
Not open for further replies.
  1. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I've have already posted my complaint about Zemana Antilogger "unfit for service" on Windows 8 64-bit systems.
    While "understaffed" and "underpaid" Zemana's "engineers are working on fixing the bugs and estimated release date is on the next months", and I hope, trying to resolve some FALSE ADVERTISING claims about their PAID version, my next question is about the Great BitDefender Windows 8 Security AV.

    The problem is that BitDefender Windows 8 Security on Windows 8 and Bitdefender Internet Security 2013 on Windows 7 did not react to my Zemana keylogger Tests. Reaction was Zero, Zilch, Nada.
    But.

    1. TrustPort Internet Security 2013 intercepted the test.
    2. Avast Free AV informed about the "low quality of suspicious" files and recommended to stop downloading. Avast Free also informed me about the danger of installing the test files and advised to install it in the sandbox.
    3. Outpost Pro 8 also recognized the keylogger.

    Only my dog, BitDefender AV, did not bark.
     
  2. guest

    guest Guest

    This is leak test and some AV's add it their signature database, some others not.
    Signature results dont show us AV is effective against keylogging technique.
    Probably Trusport and Outpost Block it because signature database, not proactive.

    win 8 x64 bit systems, there arent many choice.
    Comodo Firewall has very good 64 bit support. But it bypassed by zemana keylogger test. Developers already know this and say it is not real bypass. it is foreground keylogger (not suspicious) so CIS doesnt protect against it. Other leak test For example Spyshelter, cant bypass CIS.

    You are using x64 Win8;
    Zemana KT can bypass Kaspersky. But it cant bypass KIS's SafePay module when banking session. Also, cant Bypass Avast safezone protected browser. Some AV's has different tech for keylogging.


    You can use Zemana antilogger free, it will encrypt your keystroke and protect you against keylogger. it is another layer if you want.
     
    Last edited by a moderator: Feb 20, 2013
  3. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    Thats assuming the average user has SafePay enabled (its OFF by default), and that you have remembered to enter the URL into SafePay, which again is another manual step. SafePay in its current form is fairly useless to the vast majority of users despite all Kaspersky's hype.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Sorry, but I think SafePay its ON by default. At least it was last time I tried KIS (build e). It will notify the users if it recognises common banks and/or financial sites (e.g. PayPal). Of course, some national/local banks or small merchants will not be recognised but can be added as to get an automatic trigger to the protected session.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Yes, Safe Money is on by default and in my experience it automatically activated on most banking and payment sites. Probably these isolated browsers like Safe Money and SafeZone work better on Win8x64 because they don't have to apply the protection system-wide, only on their browser.
     
  6. guest

    guest Guest

    Safepay/money;

    For banking Yes.
    But it is limited. Malware can record your email when you typing. it protect password text inpuld field but not others.

    Safezone;
    i think usability not good as safemoney. Keepass for example. i keep my password keepass, it is not easy to use with safe zone. it change windows screen to its own screen.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Yes, that's why I think more systemwide protection is better, but those are having problems with Win8x64.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Uuuhm, by how you describe it you seems not having tested it. SafeMoney is designed for websites (https). It will open an isolated/sandboxed web browser page. Of course it does not work on e-mails as you normally don't purchase or perform financial transaction by e-mail (I hope) :D

    Also it does not only protect password field but the entire session (Special keyboard driver - secure keyboard). It will also protect against injections into the browser, checks the SSL certificate, as well as any vulnerability existing on the system that can compromise the session.
     
  9. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    This time, BitDefender has reacted.

    SpyShelter_Test.PNG
     
  10. guest

    guest Guest


    KIS SM protect banking sessions fully and it looks good.
    http://www.matousec.com/info/reports/Online-Payments-Threats-2.pdf

    SM has no option for mail and other sessions. But you can open "secure data input" option for mail. in this case KIS protect mail password fields, facebook inputs but still malware can record your keystrokes if you write mail.

    KIS SM protect looks similar to Truster Rapport. It isnt anti-keylogger module of course. in this time, i hope i am clear ;)


    You dont know what is leak test i think. This is not reaction. Leak test is not malware. Bitdefender simply add it their signature database. it doesnt block proactively
     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      41.1 KB
      Views:
      597
  11. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Last month after I formally complained to their support the reply was a new fixed version would be release in the end of this month. So far nothing.
    as far as keyloggers and standalone AV, only Avira and NOD32 had somewhat good results detecting them, mostly via their PUP application list or signature, without a functional HIPS your chances of detecting a real threat is low to none.
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    You all talk about vendors here and there...

    But to be honest, Windows 8 Smart Screen filter stopped Zemana Antilogger test file from even starting. So why bother?
     
  13. guest

    guest Guest


    we are talking about AV's/FW's ability not windows.
    Smart screen and internet explorer alert about file, Also many AV's dedect it as malware.
    But you are missing our point. SS is not answer for keylogger protection.
    Zemana release their leak test because proactive defense testing against keylogging.
     
  14. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Windows 8 SS is pretty much like an antivirus, it will only protect you from known and cataloged threats, it should alert you about unknown executables but as far as windows built-in protection goes its nothing reassuring. :ninja:
     
  15. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Yeap, better now :)
     
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    I guess the author of the tool has already answered to your question. i.e. only a firefox add-on can defeat the keylogger.
    https://www.wilderssecurity.com/showpost.php?p=2182394&postcount=3.

    Browser sessions stripped of any add-on will also defeat the keylogger. i.e. Kaspersky Safe Money, for example, will kill it. The same should apply to Bitdefender SafePay ;)
     
    Last edited: Feb 21, 2013
  18. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    To my regret, I cannot make a payment on-line to my, "well-known" bank by using BitDefender Safepay, because when I click on "Pay My Bill", Safepay does not allow to open a new pop-up window, which is needed to proceed with payment.
     
  19. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
    so basically it means that on a 64bit windows system using firefox with this keylogger beater extension is better than using any security suite in-built feature(like safe pay)/anti-keylogger software with the advantage of usual working with no restrictions(printing,popup windows etc).
     
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Well, not really. Financial malware does not limit to keylogging at browser level. A simple screenshot will defeat that magic add-on, this could be combined with clipboard monitor and keylogger at kernel level (not browser level). The latter assuming there are keyloggers bypassing patchguard on 64bit. For keyloggers there is always a small window of opportunity since, before or later, the data must be unscrambled to make sense for the receiver. First "dont let them in" next you can worry about "not getting them out". ;)
     
  21. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    1. Can Windows 8 Early Launch Anti-Malware (ELAM) protect you against kernel/driver keyloggers?
    2. Can SysInternals' Process Explorer see the keylogger running?
     
    Last edited: Feb 21, 2013
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Sorry not a malware expert... I guess a malware analyst will be better placed to answer to your questions.

    1. Yes, it can. Up to when they will find new ways to break it (if they have not done it already)
    2. Yes and No. It depends what evasive measure are implemented by the keylogger.
     
Loading...
Thread Status:
Not open for further replies.