New keylogger tests from Zemana

My test results

Online-Armor V3 beta (162):
Key Logger: PASS
Screen Logger: FAIL
Clipboard Logger: PASS

DefenseWall v2.45:
Key Logger: PASS
Screen Logger: PASS
Clipboard Logger: PASS

EQS 3.41:
Key Logger: FAIL
Screen Logger: FAIL
Clipboard Logger: FAIL

Webcam N/A

 

CFP v 3.

 

So can someone confirm how many tests Outpost passes?

 

If Matousec introduce technique of these tests at his own suite I am sure OP will pass all , for now OP can pass only first keylogg test (silencio guess).
BTW, Zemana tests are digitally signed...so uncheck your HIPS exclusions

Edit:

 

Tried another video logger like WebCam logger: Debut Video Capture Software from

http://www.nchsoftware.com/capture/index.html

CFP Passed
GesWall Failed

 

According to my tests OP has failed all the tests, in spite of the fact that it's settings were at maximum level with custom rules in which OP should alert me on all events !!

Some one has said that OP passed the Key logger test, this is weird because on my tests it fails every time in this test and all others !!

This doesn't mean that OP is a weak HIPS, not at all.

 

...and what does it means then, if OP passed test then it is weak?

 

Einsturzende - so you are saying Outpost passes the first test but fails the other two?

 

Not me, Metting said it fails all and The MUL said it passed Keylogg...

Edit: I tried now all test on Vmware, OP ver. 6.5.2355.316.0597
It passes keylogg and fails all other

 

On my pc Outpost passed the keylogger test only.It failed the clipboard,and the screenlogger.i don't have a webcam.Host protection was on advanced level.

 

Hi,

Just to let you know that the latest version of outpost pro firewall is 6.5.2358.316.607 not the version you are testing with.

THE MUL

 

I have to correct something from my last post in the old thread. Real-Time Defender (aka ProSecurity 1.43) pass the Key logger test:

 

I tried Threatfire with this, just really wanted to see what it would do.

It did nothing

 

I get the same results of course, but the screenlogger when allowed takes picture perfect screens of the desktop unabated/unalerted.

Now these type tests while easily would be stopped at first execution, are the ones i like to TEST & allow to proceed past point #1 to see if the defense app i'm testing has any secondary defense mechanism to stop them before acting. Obviously, the way windows nt systems are fashioned seem to make this second prevention unavoidable for most single security apps.

EASTER

 

You are wrong here. Such a behavior you just described is normal. To prove that DefenseWall protect against clipboard data hijack, just run the test, run notepad, type something and copy to clipboard.

 

A small correction. GesWall does pass keylogger simulation test. Screen capture is still actually not a part of GesWall,s protection but I have suggested to add it.

 

Hello Ilya,

I stand corrected. I was able to confirm that DefenseWall does in fact "pass" this clipboard data hijack test. Thanks for setting the record straight.


Peace & Gratitude,

CogitoErgoSum

 

Hello aigle,

There may be a conflict somewhere on your system or something wrong with your DefenseWall(DW) installation because I have retested the Screen-Logger test several times and have found that DW "passes" this test(blocks it silently) when it is "Run as untrusted" and "fails" when it is "Run as trusted". Out of curiosity, did you run this test with ShadowSurfer(SS) enabled or disabled? The reason that I am asking is because it has been my experience that Shadow Defender while in "shadow mode" which is similar to, but a little different than SS has impaired DW's operation on more than one occasion. I have attached my events log for your review.


Peace & Gratitude,

CogitoErgoSum

 

Anyone tried this test with KIS9?

 

Hello aigle,

Thanks for performing these tests. Your efforts are very much appreciated.


Peace & Gratitude,

CogitoErgoSum

 

not sure if antibot is supposed to alert on these threats,

but it certainly failed either way, detecting & alerting nothing....

 

Maybe I'm not sure how to test it,
but am I missing anything?
Everyone else using DW seems to pass,
but not mine?
And yes I'm only using Defensewall.

P.S. there was a warning by DW, however after I allowed it,
it doesn't pass both test (clipboard-logger test, key logger teset)

 

That's what I want to know - how does KIS 2009 do?

 

You should get a keylogger warning pop-up from DW.
You will need to Terminate, not press OK.

 

Reading this post by aigle...

Sorry I thought I had to do the samething.