WSA Security Essentials Failing Spyshelter Tests

Discussion in 'Prevx Releases' started by Thankful, Feb 10, 2012.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    I tested Spyshelter's AntiTest against WSA Security Essentials (8.0.1.95) and the Keylogger and Screen Capture tests bypassed WSA. I will gladly work with you to resolve this issue.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you let me know what OS you're using and if you have any other security software installed? It's possible that we've whitelisted the leak test as well so if you could PM me a link to it, I'll take a look here.

    Thanks!
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    I'm using Windows 7, 32 bit. I have Zemana Antilogger installed, but disabled when I tested WSA Essentials. Also running Admuncher. The test tests logging and screen capture behavior, that is why I have some concern. I will send a PM with link.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting, sometime ago I tested it against Prevx SafeOnline, as well. I got the same results. I did a search, and found that user shadek found similar results quite sometime ago.

    I tested with both Chromium and IE9. IE9 was used to confirm the results. For instance, in both web browsers while on https websites, at first Spyshelter would fail to catch anything, but as soon as I used the backspace key to delete characters and rewrite them, it started to catch the key strokes.

    Just FYI. Prevx SafeOnline did protect against Zemana's tests. But, for some reason it seems to struggle against Spyshelter's test.
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    Thanks m00nbl00d.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'll be testing this shortly but could you confirm that you're seeing a padlock icon in the WSA tray when expecting it to block the keystroke/screengrabbing?

    I suspect this is indeed just due to WSA and P3 having the leaktest whitelisted, and I can see if the research team can "unwhitelist" it as we've done for the Zemana leaktests (last I checked) but these types of tests tend to not actually simulate threats accurately.
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    I am NOT seeing a padlock when running the Spyshelter tests.
    As far as the tests simulating actual threats, the same argument has been made regarding the MRG financial simulator where MRG argued there were actual threats using behaviors portrayed by the financial simulator.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Try to replicate the test while on an "https" and with the padlock icon visible.
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    Padlock not visible with Https.
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Ah... then this is why WSA fails the test, the "jamming" protection is not active.
    Probably some conflicts with other security tools installed.
     
  11. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Your issue seems different from the link... you don't even have the padlock :)
     
  13. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    All other security software removed. Still failing.
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Btw, tested here and spyshelter cannot log any keystrokes on https (and padlock visible). As soon as you minimize the https window or close https then spyshelter can log.

    So, it seems working perfectly fine :)

    WIN7 32bit WSA 8.01.95
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    I guess failing to show the padlock. Right?
    Try a reinstall... and next, time for a call to support. :)
     
  16. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    This isn't a support forum? When did that change?
     
  17. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I'm getting the same results as fax as soon as you put the Spyshelter Test in the foreground it will log keystrokes but put it in the back ground on a HTTPS site and make sure the padlock is on the tray icon keystrokes have been stopped when I try to login to Paypal HTTPS site! That's why I agree with Joe!
    And the screenshot test there is no way to check as you have to have the Test in the foreground to click the test buttons so you would not have the padlock on the tray icon on a HTTPS site!

    TH
     

    Attached Files:

    Last edited: Feb 11, 2012
  18. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    Triple Helix, it seems I am having trouble running these tests due to when Antitest has focus, the padlock is gone.
     
  19. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Tests will fail if in the background on a HTTPS site with padlock on the tray Icon! But if you bring the test to the foreground the lock disappears as it should because it can't protect the foreground anymore! That's why it's not a fair test to WSA HTTPS Identity shield capabilities the only way it to Blacklist all of these tests tools in the cloud then you would not need Identity Shield to be tested then WSA would block it the same as if it were real malware!

    TH

    EDIT: Also for a test with the Browser! Open your Browser to an HTTPS site and see if there is the padlock on the tray Icon? Now make the Browser window smaller not minimize and the Padlock will disappear as it should because WSA Identity Shield can't protect the whole foreground!
     
    Last edited: Feb 11, 2012
  20. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    With the test running in the background and maintaining the lock on the protected site (site has focus), the Keylogger test is now passing.
     
  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Identity Shield has Focus if test in the background as would Real Keylogging Malware!

    TH
     
  22. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    Actually, the padlock remains when I shrink the browser window.
     
  23. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Your right but if you click off Browser the lock disappears but clicking back on the Browser the lock comes back! It wasn't that way for a long time so they must of fixed it at some point!

    TH
     
  24. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    You're right!!
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Your right! :p You get it now? ;)

    TH
     
    Last edited: Feb 11, 2012
Thread Status:
Not open for further replies.