xxxopenxxx
asked on
Detect ALL Keylog Programs
I remember when I had ZoneAlarm a little over a year ago and placed it on the highest form of security, it detected ALL programs that attempted to monitor keyboard and mouse activity. It would say "X program is attempting to monitor your keyboard or mouse usage" Permit Deny. It detected everything including applications that I knew were safe, such as Trillian. The newer version does not seem to do this.
I am looking for a program that detects ALL programs that attempt to monitor keyboard or mouse activity. I do not want an application that uses definitions to block known keylogging applications. I want a program that looks for anything attempting to monitor usage and declares it potentially dangerous, then allows me to decide what to do.
If what I am describing doesn't exist, maybe the closest thing would be helpful. But it must be able to detect keystrokes without the usage of definitions. (It can use definitions to say THIS IS KNOWN AS BAD, but I want it to also detect ALL programs, even a little C++ app that I make myself)
I do know about rootkits, so please do not suggest rootkit revealers.
I know many of the keylog detection applications out there, but none of them seem to be working. Here are a list of programs you should not suggest:
KL-Detector by Yohanes Aristianto (This is actually the closest to what I want, but only detects if an application actually logs a file locally)
Unlogger
Keylogger Hunter
Aklog
Keylog Detector
Thank You
I am looking for a program that detects ALL programs that attempt to monitor keyboard or mouse activity. I do not want an application that uses definitions to block known keylogging applications. I want a program that looks for anything attempting to monitor usage and declares it potentially dangerous, then allows me to decide what to do.
If what I am describing doesn't exist, maybe the closest thing would be helpful. But it must be able to detect keystrokes without the usage of definitions. (It can use definitions to say THIS IS KNOWN AS BAD, but I want it to also detect ALL programs, even a little C++ app that I make myself)
I do know about rootkits, so please do not suggest rootkit revealers.
I know many of the keylog detection applications out there, but none of them seem to be working. Here are a list of programs you should not suggest:
KL-Detector by Yohanes Aristianto (This is actually the closest to what I want, but only detects if an application actually logs a file locally)
Unlogger
Keylogger Hunter
Aklog
Keylog Detector
Thank You
I don't think such a program exists. As far as I know even old versions of ZA would not have detected rootkits, which some keyloggers are. Until someone comes up with such a program, you'll probably have to rely on a combination of things - a malware detector combined with a rootkit revealer, e.g.
ASKER
I am not talking about the ones that are rootkits. I am talking about even programs that are not rootkits. The example I gave was Trillian (which monitors your behavior so that it changes your status to away or back) The older version of ZoneAlarm (I believe it was either 5.X or 6.X) detected it. In fact, I'll try to find which version it was and install it it and see what happens.
The following is a quote from Wikipedia:
"Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.
Other detection software doesn't use a signature list, but instead analyzes the working methods of many modules in the PC, allowing it to block the work of many different types of keylogger. One drawback of this approach is that it can also block legitimate, non-keylogging software. Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users."
I would be looking for the latter of the two methods.
The following is a quote from Wikipedia:
"Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.
Other detection software doesn't use a signature list, but instead analyzes the working methods of many modules in the PC, allowing it to block the work of many different types of keylogger. One drawback of this approach is that it can also block legitimate, non-keylogging software. Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users."
I would be looking for the latter of the two methods.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.