marvinm

A-Squared watching for Keylogger actions?

Recommended Posts

This site: http://www.zemana.com/keylogger_test.aspx provides a Keylogger Simulation Test for the purpose of testing a system's protection level against Keyloggers. (ok, really, it's to encourage you to buy their anti-keylogger program!)

Running A-Squared Anti-Malware 30day trial, all functions active, the Keylogger Simulation does demonstrate the capture of my keystrokes, but A-Squared has raised no alarms.

Is A-Squared (and Mamutu) watching applications that may be keyloggers? I really thought I'd seen it raise the issue before on certain of my macro recording tools...

Either way, I thought it may be something you'd want to look into...

Share this post


Link to post
Share on other sites

Hi marvinm,

1st Anti-Malware and Mamutu will flag keylogers.

The main thing is that many tests are completely incorrect.

There are certain and strict conditions to be met so the behaviour can be and should be flagged as keyloger (there is a lot of information out there to read about , so I will restrain myself from reposting)

Please search our old forum and you will find quite a few discussions

Here is one of them

My regards

Happy New Year!

Share this post


Link to post
Share on other sites

Does Zemana Antilogger offer something what A2 IDS and Mamutu doesn´t?

Some features of ZA:

*** copy of the features taken from Zemana site can be read there -

therefore removed (see the reasons below) {Lynx}

Share this post


Link to post
Share on other sites

Hi zajic.v.pytli

All your post is a copy of the features taken from the Zemana site and pasted here.

The text was removed, since that was considered as advertising

Advertisments are not allowed here please read Forum Rules

In addition if you read the references posted here and can provide the test scenarios and comparatives that would be helpful, otherwise that is just a bunch of copied words and your message has no value whatsoever.

My regards

Share this post


Link to post
Share on other sites

zajic.v.pytli,

Have you ran the tests?

Below are images attached.

There should not be alerts from Mamutu and that is correct.

Please read the thread referred above as it was suggested in my previous reply.

You have deliberately and voluntarily installed the Software with the interface and what is going on in the background now are legit normal operations.

There is no difference between Zemana's Clipboard Test window and say firing up two Notepad windows and copy/pasting between them. What is wrong illegal & malicious with that?

The HIPS when activated will intercept all of them because that is how it is designed - it will Alert about any single step and activity of any unknown process - that's all. Probably the similar Zemana will do.

So again - those are not proper tests as it was explained in the old thread.

SSL test cannot be downloaded from their site.

My regards

Do A2 IDS and Mamutu provide SSL Logger protection, Clipboard Logger protection, Screen Logger protection and Webcam Logger protection? And are these features important?

Share this post


Link to post
Share on other sites

I´m not a security expert. So I had to ask if Zemana Antilogger provides some special protection which Emsisoft´s Malware IDS doesn´t provide. That´s all. I´m not Zemana´s representative and not interested in their tests.

Share this post


Link to post
Share on other sites

Good morning, zajic.v.pytli

There is no need to be an expert.

At the same time when you are choosing security it is better to run suggested tests.

Several good tests were mentioned.

Therefore, it is surprising when the questions were asked and then you are saying that you are not interested.

The point in what's shown was to stress why those tests cannot be considered as real tests after you posted long list of declared Zemana's features (keep in mind I am not saying that they are not detecting what they are declaring)

In the Offtopic there is Posting Image thread. There is a list of Screen Capture programs.

Shall Mamutu Alert their activities or even just pressing PrnScr button? Moreover one of the programs has an ability send e-mail or upload the image to the web sites.

That is understandable what you were asking and I deliberately quoted and left your question at the end of my previous reply. I'll do the same this time as well.

I hope the developers will answer.

My regards

Do A2 IDS and Mamutu provide SSL Logger protection, Clipboard Logger protection, Screen Logger protection and Webcam Logger protection? And are these features important?

... I had to ask if Zemana Antilogger provides some special protection which Emsisoft´s Malware IDS doesn´t provide...

Share this post


Link to post
Share on other sites
Please search our old forum and you will find quite a few discussions

I did search this forum with no relative results - I hadn't realized there was an 'old forum' - OK, this link will tie it together for the next guy... Good read by the way! Very on-topic - thanks!

But, I do take issue with a couple of arguments being presented... bear with me:

1st Anti-Malware and Mamutu will flag keylogers.

The main thing is that many tests are completely incorrect.

There are certain and strict conditions to be met so the behaviour can be and should be flagged as keyloger (there is a lot of information out there to read about , so I will restrain myself from reposting)

Looking up Emsisoft's definition for keylogger (http://www.emsisoft.com/en/kb/articles/tec080424/): Keyloggers are small programs invisibly installed on a computer that record all keyboard input. An attacker can use this to (e.g.) record passwords....

The real-world definition is not limited to 'invisibly' ( http://www.antispywarecoalition.org/documents/GlossaryJune292006.htm , http://www.parliament.vic.gov.au/SARC/E-Democracy/Final_Report/Glossary.htm - google it!)

Using the broader (in my opinion, more accurate) definition, it seems the test program does clearly capture the keyboard input, but doesn't necessarily (1) store it and/or (2) transmit it. Does this mean A-Squared is just 'smarter' than those other programs? Hmmm.... I'll come back to this...

You have deliberately and voluntarily installed the Software with the interface and what is going on in the background now are legit normal operations.

For some reason the word Trojan comes to mind... I may very well have deliberately and voluntarily installed the software & even personally executed it... but that doesn't mean everything it wants to do after that is automatically 'legit normal operations', right?

There is no difference between Zemana's Clipboard Test window and say firing up two Notepad windows and copy/pasting between them. What is wrong illegal & malicious with that?

There's nothing 'wrong, illegal & malicious' about copy/paste between two windows applications - it is built into the operating system and clearly 'normal operations' - I might add, it is also fully user controlled. However, what Zemana's test window is doing is quite different - it is capturing & recording (albeit only to the screen) keystrokes being entered in any unrelated window when it does not have focus. That's clearly 'monitoring' keyboard activity.

So, I asked before... Are we to just believe A-Squared is just plain 'smarter' than those other guys 'cause it knows it was only a test program & so ignored it'?

Seems were being asked to put considerable faith in the artificial intelligence of the program, when it would be so much easier (and safer) to simply notify the user that something unusual is taking place - and, yes - one application capturing keyboard input when i'm in a different application IS unusual.

...Operating system watching my keyboard - pretty normal.

...Word when I'm in Word - pretty normal

...Excel when I'm in Excel - pretty normal

...My photo editor when I'm in Quickbooks... not usual!

...My screen saver when I'm in Internet Explorer... not usual!!

...In fact, anything that doesn't have focus but is still capturing the keyboard should be suspect. It may be legit, but how in the heck can A-Squared be sure they have covered every possible way someone may store & transmit data? (embeded in graphics or MP3's that are 'compressed' locally & stored on a remote 'free' facility?)

Finally (yes, there is an end!): IF, in the end, I am to understand that A-Squared DOES do serious keylogger monitoring, but ONLY if I'm running in 'paranoid mode' (not if I'm only using the 'standard setup'), then we have a new problem... Under this scenario, folks are loading this thing thinking they're being protected, when they are not. I'm thinking the 'features list' and other docs need to be very clear exactly what is, or is not fully active from a default setup, or A-Squared's reputation will very quickly & inevitably take a hit it may never fully recover from.

Remember, one 'oh crap' wipes out a ton of 'atta-boys' - especially in this game!

NOW, I want to be CLEAR - I am NOT attacking this program or anyone related to it - so far, I love it! But if I'm going to rely on it, I want to be certain I know where the lines are being drawn, and if possible, help you guys stay on top of the game!

All is meant with best intentions, OK?

btw... Happy New Year!

Kind regards, marv

Share this post


Link to post
Share on other sites

Hi Marvin,

Thank you for the detailed reply.

I will mainly try briefly (it's very hard! ...believe me :) ) comment on

I want to be CLEAR - I am NOT attacking this program or anyone related to it...

by saying just: “And I am not blindly protecting it”

Several things can be concluded for sure reading your post:

- it is clear that you want to know and find out;

- you have a knowledge that you want to widen (sorry if that is not a precise expression – English is not my 1st language)

- compare to zajic.v.pytli's remark stating “not interested in Zemana's tests” (and probably any testings) your post has a value... since it seems like you are interested …

... otherwise any answer whether that is just “Yes” or “No” should be satisfactory and it mainly doesn't matter whether that is true or false.

I have my knowledge / experience and understanding, which I expressed already.

I am pretty confident that according to all my tests IDS are working correctly as expected

At the same time we all entitled to making mistakes and we learn from that.

That will be unfair and wrong to start over again posting “what I think”, including the fact that I am not overconfident and considering overconfidence being a extremely negative quality.

Therefore as I said earlier: "I hope the developers will shed some light" regarding those particular questions,

since the issue & questions emerged again (... rather more light, since they were answering those questions before)

My regards and all the best in 2010.

Share this post


Link to post
Share on other sites

{added} a post by mikebenjamin97 about CoDefender was removed by the Admin as being advertisement

==============

Hi mikebenjamin97, welcome to the forum

If it is about advertising – advertising is not allowed in this or other forums of this nature, so please don't do that anymore

Regarding your request about compatibility I hope that you've read many posts, e.g the last reply and references here

there are many others

As for

I know many people, and myself personally, have been infected by malware even though I had an enterprise-grade up-to-date security suite installed and running.
... I personally never was ...somehow

… and especially speaking of keyloggers and alike – having anything in addition to Mamutu or full A-M suit is completely redundant (my own opinion)

As you can see from this and previous discussion many (most ) test re: keyloggers are incirrect including Zemans's tests – those are just a joke

Recently there was a big discussion in Comodo forum where Zemana and its “detection “ was questioned … and sure it turned to be a “huge” FP - practically all browsers were flagged as keylogger on startup :blink: ... just because some communication held by browsers before the actual window of the browser was displayed – that's just ridicules

I hope that developers will add to that, but I think that having anything in addition to what a-squared can offer in this kind of protection is absolutely not necessary waste of resources

I don't know about CoDefender, and basically honestly I am not interested in anything like that whatsoever

Take a keyscrambler or alike... does it really protect you ?

The answer is - No.

As soon as you are passing your “encrypted“ data and it is leaving the browser – that is the end of the protection – data / any packets are naked and can be sniffed and captured “as is” and passed to a criminals or whatever malicious sites / persons “waiting to get it” .

Preventing any key- screen- video audio logging is the goal.

but people are mixing the goals and the outcomes …

If the infection is already there – nothing you can do... except hopefully clean it / change your passwords, banking details, etc....

Speaking of the passwords - protecting those are much efficient that any Zemana and alike and there are a lot of excellent free solutions for that

The point is - all those additional keystroke protection are for those who do like overdone security and … sorry to for saying that - for people who are a bit paranoid about the security as a whole

(that condition can be treated though quite successfully.. sometimes...)

a side note: many solution that are allegedly can catch/fight keyloggers were based on hooking on a kernel level which is fine, but not really 100% effective as usual, but you can forget even about that speaking about x64 and PatchGuard

My regards

Share this post


Link to post
Share on other sites

I think A-Squared didn't show any message since that test is just simply hooking the keyboard to the program, if A2 flagged all that, every single program would need a rule :P

Edited :rolleyes:

Share this post


Link to post
Share on other sites

Hi Noobie,

If you read the above and the referred threads respectively

you wouldn't write "A-Squared fails to detect", because that is not a "failure", but rather correct analysis of the behaviour

The real keyloggers / hoking / etc. are detected when that's necessary

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.