A few moments ago I was performing a search for news on security tools and I came across Zemana AntiLogger (you can see more at the offcial web site - http://www.zemana.com/list/list.asp?ktgr_id=354)
I did not download the tool, but I did download the free test tools they provide to see if CFP were able to block them and prevent them, therefore, from logging anything.
To download SSL-Logger Test Program, I had to contact them, therefore I do not have that tool yet.
CFP with Defense+ set to Safe Mode blocked 100% with the exception of the WebCamLogger Test Program. The Defense+ did alert me and I blocked the 2 attemptives by this test, still it succeded to log what the cam was seeing (in this case me ).
It still succeded with Defense+ set to Paranoid Mode.
I’ve just tested my system. I skipped WebCamLogger because I do not have a webcam and SSL-Logger for obvious reasons. I use the lastest version of CFP 3.0.25.78 and my system didn’t pass the Clipboard-Logger test .
Windows XP Pro 32-bit SP3
Avira Antivir PE 8
Tested on Defense+ mode: Safe Mode and Paranoid Mode
Keylogger test uses the ‘RawInput’-method, which fails with CFP 3 when choosing to now allow it to access the keyboard.
Screenlogger test fails when choosing to not let it access the screen.
For clipboard test, no alert is shown, so it succeeds to to the job.
I’m running CFP 3.0.25.378 with Defense+ in Paranoid Mode on Windows XP SP3.
I have seen the wilderssecurity forum before, and it seems that SafeSpace did a good job.
I made a test with Emsisoft Mamutu (paid product) which only bases its protection on behavior. Quite amazing. It intercepted the tests. And people can add rules to allow or block applications, so they have a better experience with this tool, and get no alerts in case of a trusted application. Pretty cool. Better than threatfire by PC Tools, except it is paid and no free version.
Now a little off-topic: Mamutu behavior alerted for two actions for Thunderbird. One as a trojan alike threat and one other as spyware. I blocked both behaviors and allowed Thunderbird and I still can send and receive emails. It is one amazing piece of software.
It seems that Defense+ needs to be improved, and fast!
Today I downloaded and tested the keylogtest from testmypcsecurity.com and Defense+ asked what to do, so I blocked, but the keylogtest was able to bypass Defense+ blocking.
Defense+ did not ask me to allow or block the access to the keyboard. It asked me to allow or block direct access to the screen, if I am not mistaken. So I blocked, still it bypassed Defense+ block.
I’ll retest it again. No idea why it didn’t ask me that.
I get two alerts from this keylogtest.exe in Paranoid Mode and in Safe Mode as well.
First is for direct monitor access and the second one is for direct keyboard access.
If I choose to block both of them then the .NET framework reports an exception and I can close it or continue. If I choose to continue then this testing application cannot log anything.
But if I choose to block only direct screen access then the colors still change when a key is pressed, I don’t know if it’s an expected behaviour.