Threatfire and other antikeyloggers

Discussion in 'other anti-malware software' started by Blue Ring, May 28, 2008.

Thread Status:
Not open for further replies.
  1. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    I read on the forums here, a while back, a post by someone saying that the antikeylogger abilities in Threatfire had been disabled by its authors. I was wondering if they have been re-enabled recently and if so anyone test Threatfire against some keyloggers lately or know of any recently done antikeylogger tests, involving Thretfire, they could point me to? Or even exactly what kinds of keyloggers Threatfire is able to currently stop (e.g. kernel, hook based etc)?

    I'm also looking for any info on other new free programs (not older programs that can cause problems like Snoopfree) that are really good at stopping keyloggers. At least able to stop kernel level and hook based keyloggers. Other uses like the ability to stop screen shot capture would be a plus. Perhaps a free HIPS that can do this?

    Thanks a mundo.
     
  2. chris1341

    chris1341 Guest

    I too am looking for a good quality (preferably free) HIPs product or similar. I intend to try a number of products to see which suits best - Threatfire (free), Mamutu (not free) and DriveSentry (not free but very cheap) along with Comodo with D+ to start with and see where that leads me.

    I've started with Comodo with D+ turned on. It's free and claims to do all of what you ask. I'm not vouching for it yet though although others on this forum might.
     
  3. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    ok thanks Chris1341. I guess D+ and Threatfire are the best free options available at this time. Maybe I'm asking too much looking for only the free stuff. ;)

    But no one can say what types of keyloggers Threatfire free would stop? :(
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Have you checked out GesWall Free?
     
  5. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    Hi,

    Here's some AntiKeyloggers :

    HookMonitor http://inside.iatp.org.ua/
    KeyScrambler Personal http://www.qfxsoftware.com/
    KL-Detector http://dewasoft.com/privacy/kldetector.htm
    MyPlanetSoft Anti-Keylogger http://www.myplanetsoft.com/free/antikeylog.php
    Snoopfree Privacy shield http://www.snoopfree.com/
    PSMAntiKeyLogger http://psmantikeyloger.sourceforge.net/prod01.htm

    BTW, personnally I'm currently running KeyScrambler on a Micropoint defended LUA+SuRun machine, and giving a try to virtual keyboards too :

    Neo's SafeKey http://www.aplin.com.au/?s=safekey
    Mouse-Only Keyboard (MOK)http://www.myplanetsoft.com/free/antikeylog.php#down
    Transaction Guard http://www.trendsecure.com/portal/en-US/to...ansaction_guard
    MiloSoft virtual keyboard http://www.march-of-faces.org/resources/vkt.html
    Click N type http://www.lakefolks.org/cnt/
    Virtual keyboard http://www.freedownloadscenter.com/Utiliti...l_Keyboard.html

    - Regards,
    - IVV.
     
  6. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    @ LoneWolf

    Isn't Geswall sort of a sandbox? I'm not really looking in that direction. I prefer classic type HIPS or antikeyloggers. I should have mentioned that. But if it's not a sandbox, I will probably give it a try. Thanks for the recommendation.

    Will Geswall run ok with Threatfire and D+ ?


    @ InVitroVeritas

    Nice list. Thanks for that. I hadn't heard of all of those programs. I bet most (if not all) of those antikeyloggers won't stop the kernel keyloggers though. Do you know if any will?
     
  7. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    Yes, most AK won't. KeyScrambler, for one, seems to do its job quite well even under the scrutiny of kernel keyloggers, since it encrypts keystrokes at the kernel level. So, while this may not prevent an efficient kernel keylogger to catch those encrypted keystrokes but it just gets gibberish randomized results, rather than actual (and usefull) key/passwords.
     
  8. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    @ InVitroVeritas

    Yeah, that what I thought about most of them. Still could be useful though. I wouldn't mind seeing some tests with most of them even if they don't stop the kernel ones.

    KeyScrambler is nice if it can prevent logging by the kernel keyloggers. Maybe worth investing some money on if it's really that good.

    Oh, and some of your link don't work correctly. ;)
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    It's more of a policy based HIPS, sort of like DefenseWall, only GesWall has a free version.


    Never tried that combo myself, but a long time member here has that combo in his sig.
     
  10. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    I use it alongside D+ and have had no conflicts. I haven't tried it with D+ and threatfire as I read that they (threatfire/Defense+) conflict when it comes to some keylogging scenarios and you end up getting infected.

    http://forums.comodo.com/bug_report..._threatfire_installed_v3018_x32-t20301.0.html
    http://www.pctools.com/forum/showthread.php?t=50792

    The problem seems to be fixed then around again before and after various builds. I don't see a definitive answer as to why and if it has been fixed for good so I don't recommend running threatfire w/ D+ currently.
     
    Last edited: Jun 2, 2008
  11. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    Thanks LoneWolf and Makav3l1.

    I decided to dump Threatfire for now. I can't have conflict on the one area I was asking about most - keylogger defense. :eek:

    I was thinking as another option maybe running OA free along with Threatfire, but I'm thinking it may not be as comprehensive as Comodo with D+ alone. Especially against keyloggers. Could I be wrong? I did notice the latest Comodo did very well against the Anti-Keylogger Tester 3.0 tests. But I didn't try Threatfire against it.
     
  12. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I use GesWall (free), threatfire (free) and AntiVir (Free). If you run the keylogger tests under Geswall, it will stop them. I believe threatfire can stop some keylogging. I do not see any conflicts running this combo. I'm also behind a hardware firewall and XP firewall/Vista firewall. I run this setup on both machines (XP Pro and Vista Basic).

    IceCube
     
  13. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    well since threatfire uses a sort of signature based detection as well it will also recognise a certain list of keyloggers...i would NOT suggest geswall free as it is the most crippled free version of any software i have seen compared to the paid version which on the other hand is brilliant...so u might wanna try it..also sandboxie can be configured to stop some keyloggers if properly configured but the greater part is that u can set in a sandbox so that only 1 certain process will have internet access :D (e.g firefox) so that even if u get a keyllogger and do get ur keystrokes logged they ain't going anywhere :D
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I think the free version is not all that bad.
    http://www.gentlesecurity.com/professional.html
    Agreed the paid version is by far much better.
    Do you know of another similar app that is better and free?
    A policy based HIPS, I mean.
     
  15. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I have to agree with you both. Geswall free will defend against keyloggers pretty good. If it gets by GesWall, Threatfire can catch it.

    Off topic, the paid version of GesWall is very good but I really don't need it with Threatfire and Avira on the back end. I basically just need GesWall for the IE session. My email is web based and it protects that also.

    IceCube
     
  16. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100
    While were on the topic of Threatfire, does anyone know if it can stop service and driver installs yet? I found this older list of hips comparisons: http://wiki.castlecops.com/HIPS/IDP_programs/services
    But it's for Threatfire v 2.0.2.12. It says Threatfire won't stop service/driver installs, but Threatfire has been improved since then and I thought maybe it does now. Anyone know for sure?
     
Thread Status:
Not open for further replies.