Try your anti-keylogger protection

Discussion in 'other anti-malware software' started by aigle, Apr 1, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I tried some interesting POCs from here:

    http://www.zemana.com/list/list.asp?ktgr_id=413

    My observations:

    CFP

    Key Logger Simulation Test - - - - - PASS
    Screen-Logger Simulation Test - - - PASS
    Webcam Logger Simulation Test - - PASS
    Clipboard Logger Simulation Test - - FAIL
    SSL Logger Simulation Test - - - - - POC not Available so far

    EQSecure

    Key Logger Simulation Test - - - - - PASS
    Screen-Logger Simulation Test - - - FAIL
    Webcam Logger Simulation Test - - FAIL
    Clipboard Logger Simulation Test - - FAIL
    SSL Logger Simulation Test - - - - - POC not Available so far

    GesWall

    Key Logger Simulation Test - - - - - PASS
    Screen-Logger Simulation Test - - - FAIL
    Webcam Logger Simulation Test - - PASS
    Clipboard Logger Simulation Test - - FAIL
    SSL Logger Simulation Test - - - - - POC not Available so far

    SafeSpace

    Key Logger Simulation Test - - - - - PASS
    Screen-Logger Simulation Test - - - PASS
    Webcam Logger Simulation Test - - PASS
    Clipboard Logger Simulation Test - - PASS
    SSL Logger Simulation Test - - - - - POC not Available so far
    :thumb: :thumb:

    OA Free Run Safer

    All FAIL

    ThretFire

    All FAIL ( Solcroft! I know what u will say and I understand and agree with you to some extent, though not fully).

    Have fun!!

    Anyone can try:

    ProSecurity
    DefenceWall
    SSM
    SBIE

    Thanks

    Edit: I have edited the reults, there were some wrong copy/ paste before.
     

    Attached Files:

    Last edited: Apr 1, 2008
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    LUA's kicking some ass :D
     
  3. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    "You can repeat the same test by installing Zemana Antilogger into your system."
    Anti Logger License Purchasing: 1 user License 39.50 USD
    "Zemana AntiLogger, with its proactive protection method provides you real time , powerful protection." :cautious:

    Has anyone tested Zemana AntiLogger against a real keylogger?
    Or does it just pass their own tests?

    Cheers
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  5. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Keyscrambler passes the keylogger simulation test.
     
  6. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Under Vista 32 SP1:

    DefenseWall v2.30

    Key-Logger Simulation Test - Pass(*Note: Detected and gave me the option to terminate this test on the spot via the pop-up notification.)
    Screen-Logger Simulation Test - Pass(*Note: Blocked silently.)
    WebCam-Logger Simulation Test - Tentative Pass(*Note: Although, I do not have a webcam, I ran this test anyway and observed in DW's log that all attempts to make changes to the registry were blocked silently.)
    Clipboard-Logger Simulation Test - ?(*Note: Does not appear to work when run as "untrusted". I will have to get Ilya to look at this particular test.)

    :D :thumb: :thumb: :thumb:


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Apr 2, 2008
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It will be best to have this test done with a web cam I think. The only way to know.

    Thanks for the reults.
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Actually, no I won't. You know the facts, and I'm beginning to sound like a broken record anyway. :D

    I test with real malware. POCs are to behavior blockers what the EICAR test file is to antivirus software: just a weak replacement used by sissies who feel the need to trick themselves into thinking they're doing any meaningful tests. But I'm sure you already know that. :shifty:
     
  9. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Simple as that,most all reputable antimalwares are smarter the n the users of these fakes. LOL :D
     
  10. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Had no problems with it.

    As about webcam- I still didn't made my mind if need to implement it. The reason is following: there are too many software nowadays (ICQ and other popular IM software, Skype and other VoIP clients) that are using webcam. Not sure if I need alert on each of it as it is impossible to automatically block it out. Also, in future, more and more software will be using webcams in order to improve its functionality. So- I'm in doubts about this point. Is it really about security?
     
  11. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    SRP for the win!!!!!1111 :p
     
  12. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Can anyone test Bufferzone,Prevx and Sandboxie please.
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    With the keylogger test press alt+1, alt+2, alt+3 using the num pad on the right side of the keyboard for the numbers.

    You should get ☺, ☻, and ♥ yet the keylogger shows 1, 2 and 3.

    What does this mean? Don't know, just posting as a quirk that may fool some keyloggers maybe.

    Sandboxie doesn't stop keylogging but they can't send that data out over the net when SB is configured for only your browser to connect out.
    Alt Key Codes
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Why exclude SSM & ProSecurity?

    P.S. I have the same attitude toward sandboxes as does my cat. :)
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Smart cat ya got there knowing where all the crap ends up.:D
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    A common misconception. Sandboxie cannot stop keyloggers from manipulating your browser process and use it to connect out.
     
  17. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Solcroft, Should i ditch Sandboxie because of this,or should i trust Tsuk who is actually saying that no data can escape,if configured right ?

    Can you explain a bit how this can happen ?

    AFAIK if the keylogger rename itself to akin like your browser,SBIE is aware of this and denies connection.

    But maybe there other ways to lure SBIE in allowing connections.i dont know.

    So angry waiting to teach us. :doubt:

    edit : none of my security fires up if i click keylogger exe,smart enough to distinguish !
     
    Last edited: Apr 3, 2008
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    All I'm saying that your claim was inaccurate. And now that you know that, what you choose to do with that knowledge is your own business.

    But right now, I'm trying very hard not to laugh. Oh wow, something's not absolutely flawlessly perfect, it needs to be ditched. You believed it was impenetrable just because some stranger over the Internet said so, and now you're asking another stranger if you need to ditch it. Seriously: grow up. :rolleyes:

    Like I said, run the leaktests and see for yourself. I did it some while ago, but WB3 was one of those that broke past Sandboxie IIRC. So all a keylogger would need to do is to use the same connection techniques as the leaktests do, and there you go.
     
  19. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    are you saying that keyloggers inside the sandbox can take over your browser and use the browser to connect out?

    wouldn't a good hips prevent a key logger from taking over your browser ?
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Yes.

    No, the HIPS won't do that. It will, however, give the smart user an opportunity to stop that from happening.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    hmm well the only ways I can think of to stop keyloogers inside sandboxie.

    1. use mvps hosts file and hopefully the keyloggers server is on mvps hosts file
    filter list.

    2. allways clean out sandboxie before go to log into your online bank or any other login place.

    3. hopefully your hips will give you a popup warning to block the keylogger from taking over your browser.

    Edit Actually you should be able to configure your hips to monitor your browser
    inside sandboxie.

    any one know of any other ways??
     
    Last edited: Apr 3, 2008
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It might not be so straight forward. I guess that data can be sent just by loading a dll into ur browser. SBIE will not complain at all. Just a guess, I may be wrong though.
     
  23. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    How are keyloggers typically 'installed' on ones system? Is there one specific method or do they come in all sizes and manners?
    How can one protect his system (apart from the usual AV/AS software)? Browser plugins perhaps?
     
  24. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Obscure methods exist to by bypass most security apps and a keylogger would have to authored specifically to bypass a configured Sandboxie to stop as such employing a parent/child process.

    If anyone has a poc would you be able to post it over at Sandboxie's forum so it can be looked at?

    You can only help one of the best ever security apps get better.;)
     
  25. controler

    controler Guest

    Hello

    A while back I did some tests with commercial key loggers. Some of you may remember.
    Back then you could download all new versions for free trial use. Now the makers got smart and some of them do not give a free trial. This way at least if the AV's are going to catch them, someone will have to pay for it.
    My test simply comprised of downloading the newest version and running them through Virus Total. The interesting part is only a hand full of AV' were adding them. The reasons may have been legal issues, I don't know.
    I am sure most still added for ITW key loggers, I never tested that.
    But of course the most common way for these to get installed is if someone has access to your computer such as an IT person, spouse, yo mama or dad ect.

    Can you people tell me if HIPS have become easy to use for the home user?
     
Loading...
Thread Status:
Not open for further replies.