Why is winpatrol, boclean 424 and superantispayware missing legit keylogger?

Discussion in 'other anti-malware software' started by Horus37, Jun 28, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
  2. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Not trying to sound smart alecky at all but wouldn't marking a legit program/file/process be considered a false positive? :)
     
  3. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    If my wife/girlfriend installed these types of things I'd want to be able to scan for them wouldn't you?
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Not going to test it myself but have you tried SnoopFree against this?
    WinPatrol did not show that this was installed?
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Yeah, I suppose I would. Perhaps a dedicated keylogging scanner might work better. I'm not all that knowledgeable about keylogger scanners but many feel SpyCop is one of the best for that job. But it's not free http://spycop.com/ An older but free scanner that many often list in their arsenal is SnoopFree http://www.snoopfree.com/default.htm
     
  6. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83

    The reason those programs didn't detect the keylogger, is because those three programs all stink at finding keyloggers. Winpatrol is probably the best of the bunch.

    I think many popular AVs even have a higher detection rate of keyloggers. If you don't believe me try a couple more keyloggers, I'll bet you'll get similar results.

    You really need a program specifically designed for the detection of keyloggers (aka antikeylogger) if you want a higher detection success rate and/or HIPS to block them.
     
  7. jtcst

    jtcst Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    30
    BoClean is primarily an anti-trojan program so its keylogging detection probably isn't that great.

    I believe Nick of SuperAntiSpyware.com has stated that SAS is more focused on detecting/removing keyloggers bundled with malware than commercial keyloggers.

    How did you scan with WinPatrol? It doesn't have a scanner. If a keylogger was installed with Scotty patrolling, I'm pretty sure it would notify a new suspicious start up entry which could then be blocked.
     
  8. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    Sounds like you need a program like Cyberhawk or Norton Antibot (repackaged Sana Security Primary Response SafeConnect). They monitor system behavior and processes and they will alert you if something is wrong.
     
  9. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    Yes snoopfree is where I leaned of these keyloggers. The snoopfree website invites you to download these keyloggers to prove they can detect them. So when I did download them to see which of my applications could detect them, NONE of them did! Winpatrol failed, boclean 424 failed, and the newest superantispyware failed to notifiy me and they were all running as I installed these keyloggers. That's not good. I was expecting better results.
     
  10. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    You'd be wrong since winpatrol missed them. I had it running while installing and not even a peep. These keyloggers show up in your start menu and you have the option of hiding them in stealth mode so they don't appear anywhere. Sounds like something I'd want to be able to scan for and detect.
     
  11. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    We (SUPERAntiSpyware) specifically don't detect the commercial keyloggers as they are used by many companies, etc. for legitimate purposes. We may add them in the future as "warning/notification" rules/definitions.
     
  12. jtcst

    jtcst Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    30
    I enabled "Autorun at system startup", closed the program, and got this

    http://i7.photobucket.com/albums/y292/jt110/Clipboard01.jpg
     
  13. besafe

    besafe Registered Member

    Joined:
    Mar 29, 2007
    Posts:
    222
    Nick...Is SAS being used in corporate settings? I thought your target audience was primarily home PCs. I can see not wanting to detect keystroke loggers at the office.

    But for home use, I think most people want to know if their spouse, significant other, or really anyone is monitoring what they do on-line. You can always set SAS to ignore or trust certain applications if you want them on your PC. And I know that we've talked about this topic before, I just thought I would get my 2 cents in again while the topic was being rediscussed.

    I think your "warning" or "caution" is a decent compromise. Even if you choose not to be able to remove keyloggers, warning the end user that they are being watched is probably a good thing.
     
  14. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    I don't get the alert you get. I installed the keylogger and let it sit on my machine and went about browsing the internet and none of those apps pick it up. This is by design so that certain keyloggers CAN work against you at the office?
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    but remember at an office you have to sign a disclaimer before an employer can record your keystrokes using a keylogger.
    lodore
     
  16. walking paradox

    walking paradox Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    234
    According to what? Is there some law that specifies this? If so, you might want to clarify which countries this law applies to, as I very much doubt it is universal. Also, what does the supposed law entail? Is it simply that the employee must be notified, or is it that the consent of the employee must be acquired, and would such consent be optional or required to get the job? Does that vary by company policy or does the law restrict that? Sorry for the plethora of questions, but it seemed some clarification was in order.

    Lots of members here often forget or don't realize who their audience is at this forum. This is a diversified community in terms of location and nationality, and as such one should provide clarification for things that vary by country such as laws.
     
    Last edited: Jun 29, 2007
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Check your setting for how often Scotty patrols. The plus you can monitor in real time,the free no sooner then once a min.
     

    Attached Files:

  18. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I'm using the free one. I've checked the settings on how often scotty patrols. The snoopfree program catches it immediately as well as my antivirus. I know I let the program run for longer than a minute. I didn't reboot though. I installed the keylogger in a virtual environment and it went away on reboot.
     
Thread Status:
Not open for further replies.