• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 606
  • Last Modified:

Detect ALL Keylog Programs

I remember when I had ZoneAlarm a little over a year ago and placed it on the highest form of security, it detected ALL programs that attempted to monitor keyboard and mouse activity. It would say "X program is attempting to monitor your keyboard or mouse usage" Permit Deny. It detected everything including applications that I knew were safe, such as Trillian. The newer version does not seem to do this.

I am looking for a program that detects ALL programs that attempt to monitor keyboard or mouse activity. I do not want an application that uses definitions to block known keylogging applications. I want a program that looks for anything attempting to monitor usage and declares it potentially dangerous, then allows me to decide what to do.

If what I am describing doesn't exist, maybe the closest thing would be helpful. But it must be able to detect keystrokes without the usage of definitions. (It can use definitions to say THIS IS KNOWN AS BAD, but I want it to also detect ALL programs, even a little C++ app that I make myself)

I do know about rootkits, so please do not suggest rootkit revealers.

I know many of the keylog detection applications out there, but none of them seem to be working. Here are a list of programs you should not suggest:
KL-Detector by Yohanes Aristianto (This is actually the closest to what I want, but only detects if an application actually logs a file locally)
Keylogger Hunter
Keylog Detector

Thank You

1 Solution
I don't think such a program exists. As far as I know even old versions of ZA would not have detected rootkits, which some keyloggers are. Until someone comes up with such a program, you'll probably have to rely on a combination of things - a malware detector combined with a rootkit revealer, e.g.
xxxopenxxxAuthor Commented:
I am not talking about the ones that are rootkits. I am talking about even programs that are not rootkits. The example I gave was Trillian (which monitors your behavior so that it changes your status to away or back) The older version of ZoneAlarm (I believe it was either 5.X or 6.X) detected it. In fact, I'll try to find which version it was and install it it and see what happens.

The following is a quote from Wikipedia:
"Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.

Other detection software doesn't use a signature list, but instead analyzes the working methods of many modules in the PC, allowing it to block the work of many different types of keylogger. One drawback of this approach is that it can also block legitimate, non-keylogging software. Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users."

I would be looking for the latter of the two methods.
You dont neet some detection software which uses signatures etc, you just need some overall sandbox software which shows you every action on your computer in realtime. at the begnning such a software is very anoying cause it pops up with every process, but after a while you have realy full control to your system ( depens on how heuristic the security settings are ). just get some sandbox software like outpost, it has a firewall and sandbox function.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now