Spyshelter Keylogger Test

Discussion in 'other anti-malware software' started by aigle, Mar 5, 2010.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    spyshelter.com

    GesWall


    Keylogging --- Pass
    Webcam --- Fail
    Screen Capture-- Pass
    ClipBoard --- Pass
    System Protection( must run it as admin) -- Pass
    Sound Record--- buggy

    CIS v4


    Keylogger and Clipboard logger --- FAIL
    Web cam logger - - - Fail, I guess
    System Protection --- Pass
    Sound logger --- buggy

    Tried in VBox Win 7 32 bit.

    Not sure about CIS results as it behaved strange with GesWall on VM.
     

    Attached Files:

    Last edited: Mar 6, 2010
  2. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    CIS4 seriously needs to be fixed on MANY fronts... :cautious:
     
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    any idea how Zemana does?

    EDIT: just tried out the test and Zemana blocks all sucessfully, except for the Sound Recording Test which i dont even care about tbh.
     
    Last edited: Mar 5, 2010
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Zemana is doing good;)
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Online Armor++ 4 beta 31 in advanced mode on Win 7 x86

    Antitest unknown to OASIS

    At launch warning about a direct disk access - allowed

    Keylogging - Failed
    Webcam Capture - No webcam connected on my comp
    Screenshot - Passed
    Clipboard monitoring - Passed
    System Protection - Passed
    Sound record - Not working (not able to find recorded file) ?

    Good result i think. Will of course submit the fail to Tall Emu

    Regards,

    MaB
     
  6. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    621
    Location:
    Sydney Australia
    Some program can log keystrokes, hook the clipboard etc, but if it's caught making a stealth or any type of internet connection, or caught logging data to a file or whatever else....then who cares. This test does nothing with the data, so failing wouldn't bother me at all. :thumb:
     
  7. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    FYI, KIS 2010 (Interactive mode). Upon execution, this appeared:
    AT1.png
    Selected worst case scenario: "Yes" (Low restricted)
    ("Limit"=High restricted, "No"=Untrusted (execution blocked))
    Keylogging - passed
    You can also use Virtual keyboard for entering sensitive data.
    AT2.png
    Webcam Capture - Don't have Webcam
    Screenshot - failed in Low restricted, changed the appropriate rule for Low restricted group (equals to High restricted defaults)
    If you're concerned about this test, use the Virtual keyboard when entering sensitive data- 3rd party apps are auto blocked from screencapture.
    AT3.png
    Clipboard monitoring - KIS doesn't have clipboard protection, failed
    System Protection - passed
    AT4.png
    Sound record - didn't try
     
    Last edited: Mar 6, 2010
  8. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Ran the Keylogging, Screenshot, Clipboard and System Protection tests against Prevx SafeOnline, DefenseWall v3 beta6 and Zemana.

    Prevx - not a blink, failed on them all, even when on an https site.

    DefenseWall - same as Prevx, didn't alert to anything. Very surprised at that.

    Edit: Just checked and found I ran test in DW as 'Trusted'. Thought I had made it 'Untrusted' - my bad, will see if I can do it again later, properly this time. No wonder there wasn't any reaction from DW.

    Zemana 1.9.2.172 - :thumb: Alerted to them all straight away.

    As the SpyShelter program is available on a 14 day trial I downloaded that as well. Tried it against the Zemana Clipboard, Screen and Keyboard logger tests, alerted straight away as soon as I tried to run the tests. There is a setting in SpyShelter to 'Autoblock Unknown' (see screenshot) this seems to be almost like an anti-executable, it simply blocked the tests and added them to it's blacklist. Quite impressed, will see if I can find the time to run some more tests later.
     

    Attached Files:

    Last edited: Mar 6, 2010
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Seems very nice. I'd like to test either SpyShelter or Zemana AL depending on which one seems most light and at the same time effective and easy to use. :)
     
  10. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    With a Microsoft LifeCam OA v4.0.0.15 passes this test.
    AntiTest.exe is not able to get the webcam video.

    OAwlogger.png

    It works for me, if I allow the microphone logging.
    But after blocking the AntiTest.exe crashes.

    OAmlogger.png

    So there is only the Keylogger test left with OA, but as stackz said, this test does nothing malicious (apart from direct disk access, who knows...). But same applies to Matousec stuff. Just tests.

    Cheers
     
  11. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Guys, thank you very much for your testings. They are quite helpful.

    Where did you get that AntiTest.exe (link please, if possible)?


    EDIT: I've found it, thank you.
     
  12. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,085
    http://www.spyshelter.com/download/AntiTest.exe
     
  13. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Thx subset for your additionnal tests
    sound record test returns an error without crash or notifications from OA. Honestly i was not aware that OA has this protection :oops:

    regards,

    MaB
     
  14. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    These are results of my testing with following security apps running:

    Online Armor Premium 3.5.0.50
    DefenseWall HIPS v2.56
    DataGuard AntiKeylogger Ultimate
    Zemana AntiLogger 1.9.2.169
    Prevx free
    MBAM Pro
    Avira AntiVir Personal

    The last three (Avira, MBAM and Prevx) didn't react at all (and I didn't expect them to).

    When I ran AntiTest.exe, it was by default untrusted by DefenseWall (but I didn't get any other warnings from DW).

    What I got is this:
     

    Attached Files:

  15. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    AntiTest.exe Screenshot:
     

    Attached Files:

  16. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    AntiTest.exe Clipboard monitoring:
     

    Attached Files:

  17. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    AntiTest.exe System protection:
     

    Attached Files:

  18. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Below results for DefenseWall Personal Firewall v3.00 (Beta 6):

    Keylogging --- Pass (no notification, blocked by default)
    Webcam --- Fail
    Screen Capture-- Pass (no notification, blocked by default)
    ClipBoard --- Pass (notification: AntiTest.exe receives all the clipboard data - there is option to Terminate this event)
    System Protection( must run it as admin) -- Pass
    Sound Record--- Fail
     
    Last edited: Mar 6, 2010
  19. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    I don't have a webcam, so I didn't test that.

    When it comes to sound recording, I am not sure what happened.

    I played a sound file, clicked on Start recording, after some time clicked on Stop recording, clicked on Play file; the AntiTest window showed a process of running a file bit there was no sound at all - so I am not sure how to explain that.
     

    Attached Files:

  20. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Just to clarify:

    Every time I got a pop-up window from Zemana AntiLogger and Online Armor I would click "Allow", so AntiTest was blocked either by DataGuard or by DefenseWall (both without any notifications).
     
    Last edited: Mar 6, 2010
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    ZoneAlarmPro 9.1.008.000 OS Firewall throws up lots of warnings while trying to conduct these tests. If I tell ZAP to allow the 'Suspicious Behavior', then GeSWall warns me that an untrusted program is trying to run. That's 2 layers right there that have to be breached before this test gets any traction.
     

    Attached Files:

  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    cool;) my defensewall is rock solid:)
     
  23. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Now I tried another test with making AntiTest.EXE trusted by DefenseWall
    (and allowing it in Zemana and OA):

    Keylogging ------------PASS (thanks to DataGuard)
    Screen capture--------FAIL
    Clipboard monitoring---FAIL
    System protection-----FAIL
     

    Attached Files:

    Last edited: Mar 6, 2010
  24. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    So, the conclusion is this:

    Zemana AntiLogger and Online Armor notify on any attempt by AntiTest.exe.

    If I allow it, DataGuard blocks ONLY the keylogging attempt, and DefenseWall blocks everything.

    Other active protection on my PC (Avira, MBAM, Prevx and TrojanHunter THGuard) didn't show any reactions whatsoever.
     
  25. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Malware Defender (Win 7 and XP SP3)

    Keylogging -- Pass
    Webcam -- Pass
    Screen Capture-- Fail
    ClipBoard -- Fail
    System Protection -- Pass
    Sound Record -- Pass (AntiTest.exe crashes)

    Both failures are not bypasses, as MD does not explicit protect against screen or clipboard loggers, so it is as it is.

    Cheers
     
    Last edited: Mar 6, 2010
Loading...
Thread Status:
Not open for further replies.