What (other than Zemana) catches this?

Discussion in 'other anti-malware software' started by Gullible Jones, Aug 30, 2009.

Thread Status:
Not open for further replies.
  1. http://www.zemana.com/keylogger_test.aspx

    Threatfire: FAIL, on level 4 to boot (which recognized a fullscreen game as a potential keylogger).

    GeSWall: FAIL, no notifications and no blocking of the fake keylogger.

    GMER: FAIL of course. (I'm beginning to think GMER's HIPS functionality was never completed.)

    Any other successes/failures? How do paid HIPS systems do? How about COMODO?
     
  2. Update...

    Wine under Debian: PASS. It never logs keystrokes at all, not even when focused.
     
  3. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    geswall isnt exactly a hips, and how did you test geswall against this keylogger? if you just isolated it im not sure thats what its designed to protect from.
    keyscrambler is my answer to protection against it, not catching it though.
     
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Not too sure on your answer - look forward to seeing another's reply.

    But I will vouch that Zemana is sensitive on the areas it says it targets, such as programs retrieving clipboard data. Received a popup from openoffice portable (right away) and faststone image viewer (only when copying and pasting filenames etc). Otherwise it's relatively quiet, set and forget.

    Zemana.jpg
     
  5. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    comodo defense plus with all options check
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Prevx caught it. :)
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i was going to say this;)
     
  8. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Defencewall: PASS, Prevx: Pass
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    Outpose Firewall Pro: FAILED
     
  10. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Online Armor Premium: Pass
    (Prevx flagged also)

    Tried the test opened inside Sandboxie with no file or registry restrictions.

    Online Armor Premium: Pass
    Prevx: Pass
     
  11. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    Sandboxie (rights restriction enabled): FAIL
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    GesWall deals it very well. What do u expect BTW?

    keyboard (1).png
    keyboard (2).png
    2.5.png
    keyboard (3).png
     
  13. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    101% agree with aigle.
     
  14. Ah... I expected GeSWall to recognize and ask if I wanted to isolate the keylogger test even if it was run as trusted (as it would with a browser). Guess it doesn't have as much HIPS functionality as I thought. :oops:
     
  15. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    TESTING 4 REAL

    You have to Allow this test, and any others like it, to run. Otherwise you are NOT testing at it/them ! In fact, all you are doing is blocking the initial launch .EXE from running.

    The ACTUAL test itself Never runs, so that means your defences/security against Keylogging/Screen capture etc don't even get a chance to try and prevent this, or not.
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    DefenseWall / Pass

    DW Alert.png
    DW Log.png

    MalwareDefender / Pass

    MD Alert.png
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U got it wrong. GesWall has nothing to do with trusted application execution.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Bear in mind Sandboxie isn't designed to stop this, especially if the user initiates it. But if I run it from any browser, then it never gets off the ground.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  20. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    your right, it doesnt have much hips fuctionality, because it isnt really a hips, its a control policy for browsers or anything you want it to work on.
    why would it ask to isolate a exe if you run it trusted? and if you downloaded it from a isolated browser, it would automatically run isolated unless labeled as trusted... it only does what you ask it to, its not a hips program.
     
  21. Hawk82

    Hawk82 Registered Member

    Joined:
    Feb 11, 2007
    Posts:
    29
    ZoneAlarm Pro ver 9: Pass :cool:
     

    Attached Files:

    • test.jpg
      test.jpg
      File size:
      173.3 KB
      Views:
      259
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Nice to see ZA in action. It was my first ever HIPS to try and I was so much fascinated indeed. I blocked a nasty spyware while it was hooking IE. It was not cleaned by dozens of scanners and I was almost unable to connect to internet.
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hmm i find it strange how for me Outpost Firewall Pro on Advanced mode didnt detect this test at all :/
     
  24. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i thought it wuld, i just tried and even at maximum, not a peep... can anyone else confirm this?
     
  25. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    FortiClient = Fails

    Heuristics in real time enabled and set to deny access on detection. It does offer Keylogger detection so fails for moi.
     
Loading...
Thread Status:
Not open for further replies.