Summary of Anti-keyloggers

Discussion in 'other anti-malware software' started by toploader, Aug 24, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    Last edited: Aug 24, 2005
  2. goodquestion

    goodquestion Guest

    Those are some decent anti-keyloggers Toploader. Security Task Manager is another top notch AK. http://www.neuber.com/taskmanager/

    But as good as I think STM is, I would still use it along with UnHackme http://greatis.com/unhackme/ (even though it's not a AK) for that extra line of defense against those rootkit driver based keyloggers that many of the popular AKs just can't detect at this time.

    Also many of the popular anti-spyware programs like Ad-aware, MSAS, Spybot, X-Cleaner etc... will find 'some' keyloggers as well, but no where near as many as the top AK programs that are available.

    Even many AVs will detect some keyloggers too, but your mileage may vary with them, as with the AS programs.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    There's Online Armor and Spyware Doctor, too.. both detect them generically.
     
  4. goodquestion

    goodquestion Guest

    Yes, good call Notok. I would agree that Spyware Doctor is good at detecting some keyloggers, but I think at this point I would still use a program that is Anti-keylogger specific, for a more complete protection against keyloggers. It probably wouldn't be a bad idea to have the free version of SD though, it makes a good backup, or the full version if you don't mind paying for it.
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Anti-Spy.Info and Security Task Manager are the same program. Same author. Different names. And are very good at detecting keyloggers. :)

    muf
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The paid version of SD also has generic behavior-based keylogger detection.. much like Online Armor. OA is my preference, though, as SD uses a lot more resources. ProcessGuard would stop them as well.
     
    Last edited: Aug 24, 2005
  7. goodquestion

    goodquestion Guest

    Hi Notok, Have you actually tested the realtime "Keylogger Guard" in SpywareDoctor full version? I was wondering how good it really is. I have only done limited testing on it and so far it doesn't seem as good as something like STM. I do have the Full version of SD, but I never run it realtime because like you said it seems to use a lot of resources. I only run occasional manual scans with SD.
     
  8. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    I have always for better or worse depended on BoClean to handle this. ;)
     
  9. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707

    thanks for your reply GQ - the reason i posted this is because PC Magazine's test of popular spyware scanners showed that they are pretty bad at dealing with keyloggers, freebies like ad aware, spybot and microsoft beta didn't detect any at all.

    there is clearly a need for specialist keylogger detectors - this is what we are up against, programs like Advanced Keylogger (link to their site) it claims to run in stealth mode - won't show up in task manager - claims to be completely undetectable.
     
    Last edited: Aug 24, 2005
  10. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    having looked at their website they do make a persuasive case - though it looks like all the best things in life (trojan control) are not always free :D
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455

    Are you really afraid of KEYLOGGERS ? Open your wallet and buy this : never ever a keylogger again !!!

    Advanced Anti Keylogger ... = $89.95 ($59.95 until 2005.08.31)
    Anti-keyloggoer v6.1 ...... = $59.95
    Anti-Spy.Info v1.6.5 ...... = $29.00
    Keylogger Hunter v2.0 ..... = $24.95
    Snoopfree v1.0.7 (XP) ..... = $0.00
    SpyCopy v6 ................ = $69.95 ($49.95 before midnight)
    Security Task Manager v1.6F = $29.00
    UnHackMe v2.5 (Single)..... = $19.95
    Online Armor v1.1 ......... = $39.95
    Spyware Doctor v3.2 ....... = $29.95
    Hacker Eliminator v1.2..... = $11,95 (crap or not, the prize is right)
    BoClean v4.12.............. = $39.95 (on toploader's request)
    ----------------------------- -------
    Total prize for paranoids . = $444.60 and you get Snoopfree on top as a bonus !!!
    :D :D :D
     
    Last edited: Aug 25, 2005
  12. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hmmmm don't seem like enough to me Erik - perhaps one or two more like bocleaner just to be on the safe side :D

    snoopfree is looking mighty attractive at the moment
     
  13. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    BTW i think you should update your time estimates to include extra keylogger scanning - 2 hours working 6 hours scanning :D
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Toploader,
    Well, I ran out of jokes and Americans like practical jokes.
    I agree with the new total scan time :D
     
  15. goodquestion

    goodquestion Guest


    Ok, I downloaded that keylogger you mentioned [Advanced Keylogger 1.8 build 215] and tried to detect it with a few different anti-spyware/anti-keylogger programs that I have and here's the breakdown of which programs detected it on XP home sp2.

    1. Spyware Doctor 3.2 full version: Detected the install of AK 1.8 upon install and blocked it from installing. SD also detected it through a manual scan. Nice job SD.

    2. Pest Patrol 4 full version: Detected AK 1.8 upon install and asked me if I wanted to delete the pest. Also PP found about 20 entries for AK through a manual scan. PestPatrol wins this battle.

    3. Prevx home free: Detected the install of AK 1.8 and gave me the option to block the install.

    4. MSAS 1.0.615: Only detected the install of AK 1.8, like it would for any other new program, no big deal here. MSAS failed to find the keylogger through a manual scan.

    5. WinPatrol 9.7.0.15: Detected the install of AK 1.8 with the option to stop it.

    6. Security Task Manager 1.6: Detected AK 1.8 at 100% as being a keylogger. I had little doubt STM would find it. This program excells at sniffing out keyloggers.

    7. X-Cleaner free: Detected AK 1.8 through a manual scan with the option to delete it. Not too bad for a free program.

    8. Spycop 6: Detected AK 1.8. I'm not a big fan of SC, but it certainly pulled through on this one.

    9. A2 free: Detects AK 1.8.

    10. Spybot 1.4: Fails to find AK 1.8.

    11. Ad-aware 1.06 free: Fails to find AK 1.8.

    I haven't tested all the anti-keylogger programs against AK, would take too long, but this should give you an idea of how easy this so-called stealth keylogger is to find. I find this keylogger to be somewhat of a wimp, there are much more difficult to find keyloggers than this one.
     
  16. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    looks like AK is all mouth and no trousers GQ - nice job - thanks for the test results - they make interesting reading - good to know that AK is more visible than it thinks - as you say there are no doubt much more sophisticated ones out there.

    gives me some faith that most scanners with trojan hunting capability are going to pick up the more commercial keyloggers. thanks again for putting those scanners thru their paces. i've got winpatrol installed so assuming i'm keylogger free at the moment then hopefully it will stop any future attempts.

    cheers
     
  17. goodquestion

    goodquestion Guest

    Glad you found it helpful Toploader. I forgot to mention that I also tested Ewido free against AK 1.8 and it also found the keylogger too, through a manual scan. Ewido is one nice AT, and it seems to do well at finding other kinds of malware too, besides just trojans.
     
  18. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi GQ - i've tried Ewido some time ago - it said it found a para dropper on my system recovery partition but after running the scan my system crashed and after reboot i removed ewido as i don't normally experience crashes of any sort.

    of the programs you tested i've got a-squared free that scans clean - pointless using spybot/ad aware - good as they are for other things.

    i downloaded x-cleaner free and tried that - it came up with adblaster which no other scanner found, i deleted it (though slightly sceptical). i like the fact it gave me the option to take a system restore point just in case - i've tried a number of free scanners over the past few weeks and find all of them give me different results so it's hard to put my faith in any one of them completely.

    security task manager looks an interesting one - i will follow that one up.
    i found this link to a list of trojans and keyloggers that have email sending capability - someone has been busy out there - there are dozens and dozens of them.

    you're doing great work GQ, keep it up - cheers
     
    Last edited: Aug 25, 2005
  19. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    heavyweight contender

    Hey GQ - if you get a chance try this one - this is classed as a heavyweight - should be interesting to see what your tests can do. :D
     
  20. goodquestion

    goodquestion Guest

    Re: heavyweight contender

    I've tested that keylogger in the past and yes it is a tough one to detect. I guess I could try it again though because I've heard some of the AS/AK scanners I tested against it have recently added the sigs for it, but when I tested it around April 2005 very few of the scanners detected it upon install or through manual scans. It would silently install right past nearly all of my scanners except Prevx free. Only RootkitRevealer and UnHackme found it then out of the manual scanners I tested against it. I know SpywareDoctor detects it now though (free and full versions).

    I think i'll test some of the other Anti-keylogger detectors you mentioned eariler too, and see what we get with this bad boy. This newer version Elite is supposed to be improved too, we'll just see how good it really is. ;) May take a while for me to do the tests though.
     
  21. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    happy hunting GQ
     
  22. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
  23. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I thought Swat-it had been replaced by Hacker Eliminator... Years ago! And from what i recall, they are both a pile of crap.

    muf
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I added Hack Eliminator and BoClean to my prize list and now you have to pay almost $445.00 for anti-keylogger softwares.
    Keep in mind that ONE anti-keylogger isn't enough.
    The good news is still : you will get Snoopfree on top as a bonus, even when you don't have winXP.
     
  25. controler

    controler Guest

    ErikAlbert


    A good point you can post is as follows.

    Which ones work at kernel level?

    Which ones work at NO SIGS needed?

    After all , Most keyloggers come out way before SIGs are added.


    controler
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.