To download SSL-Logger Test Program, I had to contact them, therefore I do not have that tool yet.
CFP with Defense+ set to Safe Mode blocked 100% with the exception of the WebCamLogger Test Program. The Defense+ did alert me and I blocked the 2 attemptives by this test, still it succeded to log what the cam was seeing (in this case me ).
It still succeded with Defense+ set to Paranoid Mode.
I’ve just tested my system. I skipped WebCamLogger because I do not have a webcam and SSL-Logger for obvious reasons. I use the lastest version of CFP 22.214.171.124 and my system didn’t pass the Clipboard-Logger test .
Windows XP Pro 32-bit SP3
Avira Antivir PE 8
Tested on Defense+ mode: Safe Mode and Paranoid Mode
Keylogger test uses the ‘RawInput’-method, which fails with CFP 3 when choosing to now allow it to access the keyboard.
Screenlogger test fails when choosing to not let it access the screen.
For clipboard test, no alert is shown, so it succeeds to to the job.
I’m running CFP 126.96.36.1998 with Defense+ in Paranoid Mode on Windows XP SP3.
I have seen the wilderssecurity forum before, and it seems that SafeSpace did a good job.
I made a test with Emsisoft Mamutu (paid product) which only bases its protection on behavior. Quite amazing. It intercepted the tests. And people can add rules to allow or block applications, so they have a better experience with this tool, and get no alerts in case of a trusted application. Pretty cool. Better than threatfire by PC Tools, except it is paid and no free version.
Now a little off-topic: Mamutu behavior alerted for two actions for Thunderbird. One as a trojan alike threat and one other as spyware. I blocked both behaviors and allowed Thunderbird and I still can send and receive emails. It is one amazing piece of software.
I get two alerts from this keylogtest.exe in Paranoid Mode and in Safe Mode as well.
First is for direct monitor access and the second one is for direct keyboard access.
If I choose to block both of them then the .NET framework reports an exception and I can close it or continue. If I choose to continue then this testing application cannot log anything.
But if I choose to block only direct screen access then the colors still change when a key is pressed, I don’t know if it’s an expected behaviour.