Yes, there is no need for SiberLynx to talk about keyloggers when there is no proof of keylogging activity.
IMO this POC is a non-issue anyway, which was why I stated that I was very curious to see how a criminal could make use of this.
Thanks axl for your “input”
If you read all the above carefully
AFAIK keyloggerthat’s where it was mentioned first. The ability of “stealing info” - was your question and nobody asked “why?” but were trying to answer.
Other things please reread and see images again, if you want: about the Alert; events in Defense+ and ability to continue working with “blocked” application - that is different.
I found it was no need for your empty remark when we stopped talking about this.
You comment was made purposely in order to add some tension to what is not an issue at all here and was resolved in our conversation with Endymion.
Please don’t do that anymore. That is not nice and not constructive.
Thanks
I find this response rather amusing.
IMO, Endymion’s last reply to you was to try to clear up some confusion which you may have inadvertently introduced to this discussion; I was simply trying to add to that by stating that there is no evidence of keylogging, and that IMO this is a non-issue.
Why you apparently took personal offense, I do not know, but let me assure you that none was intended.
but let me assure you that none was intended.I do appreciate that. Thank you. Thing is – there is no need to clear up anything since I never considered that being keylogger problem. I know what keylogger is and how it works and who it has to be stopped. But if we will discuss it again and “playing words” differently like “keyboard related test”, as you can see above we'll go circles. So let's really not return to that and concentrate on the main issue and developers' response.
Thanks again for clarifying “no intention” and let’s forget about tensions and relax a bit 
My regards
SiberLynx I’m glad you see no need to play around with words that’s why I’m still waiting for you to provide the result of the test against CIS itself whenever I now found axl post mentioning “stealing info” I previously read all your posts in this topic starting from the one you replied to his question mentioning your "keyboard related test”.
That what you could not find, Endymion?
Please leave me alone. Thanks
added
That is good that you found that eventually. I did not play around with words, sorry - you changed the wordings I mentioned.
You should not wait me providing anything to you.
If I do - I’ll do that contacting developers as I did previously in order to fix one of the problems which was fixed.
Then SiberLynx you are begging the question at hand in this topic as Testing that so called PoC against CIS itself is no negligible detail whenever you could be willing to focus on whatsoever additional aspect or conjecture.
If there was no concern to be involved in another pointless argument I wouldn’t have minded to ask you what you indirectly implied with “exactly what was indirectly pointed above 
” when you replied to tsek wondering if “is it possible for the code to be modified / added to in order to convey a more destructive or intrusive payload?”
Whereas I got the definite impression it would be more easy for you to clarify what you didn’t mean with such vague wording than carry a simple test against CIS and post the results. Sure you have been willing to overlook that test for a long time now. :-\
Despite I never expected I had to repeatedly ask you for such a simple test (as I carried it without any effort), I won’t “nag” you or “wait” about that anymore (even considering your notepad focused test triggered alerts nobody else confirmed) though I hope at least other members won’t mind to test that against CIS.
Any update on this?
I understand GeSWall was the only security application that passed this POS… err… I mean, POC?
All i can say is that its being looked into.
I analyzed part of the structure of the way it runs, and it appears to try to force quit applications, like commands in Linux and Mac OSX do.
I tracked its behavior, and it showed the application wanted to force kill a firewall, so it could run another application.
It appears to use Microsoft Visual Basic to construct the program to run.
This program may mock techniques used to force kill applications. The likely target is firewall applications.
I know a malware expert, OldTimer, who created a program to clean temporary files, by first killing all processes, doing the cleaning, then rebooting the computer.
I hope some of this information helps.
What application you tested?
It doesn’t look like the one attached in this topic. ???
BTW anyone willing to test the application against CIS and not only notepad?
Did you get a modify user interface (windows message) alert when you tested against CIS, too?
TEST.EXE — FAILED!
Application tried to force quit CIS, and failed.
The first time it ran, I blocked the request. The second time I ran it, CIS caused test.exe to freeze.
Test.exe is harmless. It is used to force kill applications. A great utility, and definitely cannot be incorporated in to malware seeing that it can be blocked easily.
Edit,
Additional info
File size: 20480 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 9a61a1af58a695c88cd59872aff90e6b
SHA1: f6d4767abd6d09e8fa80764ccc4c9f3292bff11c
McAfee GW-edition scans and reports: Heuristic.BehavesLike.Win32.Downloader.P
http://www.virustotal.com/analisis/ac1611583cd94f41d9693f2548a738a74b65d68653f1f3203d9edad2bc04e67b-1248352736
The only reason why it would be considered to behave like Win32\Downloader.p is because of security leaks. But since, you have to do manual execution, this test.exe is harmless.
That is exacly what i got.
Although the test itself is harmless, couldn’t it be incorporated into a piece of malware that also contained other things like keyloggers? If it allows you to reopen something like Notepad and type in it, it seems to me that a keylogger could be inserted at the time of the app closing and be there the next time you use it. While Comodo would catch the activity, many other security apps might not. Yes, it is only a POC at this time, but it shows a vulnerablity that could possbly be exploited by a piece of malware using the POC as a starting point.
Hmm… I dunno.
The use of the word “definitely”, makes me a little nervous here…
IMO this is a key statement; the third response in this thread.
Has this been disproven?
Wouldn’t be reasonable to test that app against CIS (windows message monitoring enabled) to check if it trigger modify user interface alerts and post the results?