Zemana Keylogger Test & Prevx 3.0?

Discussion in 'Prevx Releases' started by silverfox99, Aug 5, 2010.

Thread Status:
Not open for further replies.
  1. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    SafeOnline will protect keystrokes typed into a secured web browser (i.e. one that's on an HTTPS website). Could you try going to https://www.paypal.com with SafeOnline enabled and see the results? The keylogger should think that no keystrokes even exist :)
     
  3. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Yup, works on https. Thanks for this reminder, i completely forgot how this protection works.
     
  4. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    I'm not sure if this is a problem. The logger screen test by the same company is not blocked :-(
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It will be provided you are on an HTTPS website with protection on Maximum. If not, could you let me know what operating system you're using and if you have any other security software installed (namely Zemana Antilogger itself, which causes Prevx to enter into "Compatibility Mode" and lower protection to High).

    Thanks! :)
     
  6. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Hi,

    i use Win7 64bit, 8GB RAM. Tested with Firefox, IE and Chrome. HTTPS on max in SafeOnline (Vers. 3.0.5.187), tested on paypal. The another security software installed are emsisoft Antimalware.
     
  7. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Now I myself am probably come up with the cause. After the start of the Screen Logger Prevx reported an infection. I have allowed the program (for once). This program will probably also be allowed to bypass the SafeOnline protection, right?
     
  8. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    465
    Location:
    UK
    No that's not correct. You do need to allowing the program to run in Prevx. However, the SafeOnline component should still prevent screen logging.

    I just tested it and its working for me.
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's the cause :) Because of PatchGuard, not all of the Prevx screengrabber protection can be loaded. However, you're still protected against the other techniques which SafeOnline blocks (which admittedly are far more threatening than a screengrabber :))
     
  10. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    and what says MSFT about this case?

    Why there is no API for this, in order that third party software can work with PatchGuard on Win7 64bit?

    regards,

    iNsuRRecTiON
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Because wouldn't that mean malware could use the API as well? I'm not very into this sort of stuff, but wouldn't it be theoretically possible?
     
  12. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Joe,
    I am running PSO 3.0.5.187 and Zemana Antilogger together and SafeOnline protection is shown as Maximum for HTTPS websites - see screenshot.
    Has Prevx entered into "Compatibility Mode" and lowered protection to High even though it still shows Maximum in the UI?
    Or is my set up unique :D
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It will have disabled the specific protection that it incompatible with Zemana. We've contacted them and are working on getting the two products to work together, but because they both try to protect the screen, it will cause some issues :) However, there are other aspects of screen grabber protection that will still function (ones more likely used by malicious screen grabbers) as Prevx covers them but Zemana doesn't at this point.

    I do suspect this is part of the reason, but more so, Microsoft has limited access into some areas of the kernel for improved stability. The changes are overall very beneficial, but they do require some different approaches by security software developers. Personally, I'm a big proponent of Microsoft's changes even though they do require more work on our end. By including digital signature verification and implementing PatchGuard, they provide, out-of-the-box, much more security than many security solutions even have in their entire product set. Granted, they aren't perfect and like anything else can be circumvented, but it is a significant step in the right direction :)

    Prevx 4's SafeOnline will include additional protection for screengrabbers on 64bit but it won't be quite as strong as on 32bit, although it should at least bridge the gap (and frankly, if someone was to spend the effort to get around it on 64bit, they should be doing something more nefarious than taking screenshots... and anything more advanced in an information stealing trojan will be blocked by SafeOnline :D)
     
  14. freeman76

    freeman76 Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    10
    Location:
    Munich / Germany
    Thanks for the answer!
     
  15. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi,

    I don't think so, that can prevented with digital signatures and so on.

    MSFT is already providing API's to access the kernel with PatchGuard on x64, but not what is required to fix those outstanding problems.

    Symantec and others, already using these APIs, which they have requested from MSFT..

    See also here: http://www.sandboxie.com/index.php?NotesAbout64BitEdition

    And here: http://web.archive.org/web/20080325114949/www.sandboxie.com/index.php?WindowsVista64
     
    Last edited: Aug 12, 2010
Thread Status:
Not open for further replies.