Detect ALL Keylog Programs

Posted on 2007-10-04
Last Modified: 2008-09-03
I remember when I had ZoneAlarm a little over a year ago and placed it on the highest form of security, it detected ALL programs that attempted to monitor keyboard and mouse activity. It would say "X program is attempting to monitor your keyboard or mouse usage" Permit Deny. It detected everything including applications that I knew were safe, such as Trillian. The newer version does not seem to do this.

I am looking for a program that detects ALL programs that attempt to monitor keyboard or mouse activity. I do not want an application that uses definitions to block known keylogging applications. I want a program that looks for anything attempting to monitor usage and declares it potentially dangerous, then allows me to decide what to do.

If what I am describing doesn't exist, maybe the closest thing would be helpful. But it must be able to detect keystrokes without the usage of definitions. (It can use definitions to say THIS IS KNOWN AS BAD, but I want it to also detect ALL programs, even a little C++ app that I make myself)

I do know about rootkits, so please do not suggest rootkit revealers.

I know many of the keylog detection applications out there, but none of them seem to be working. Here are a list of programs you should not suggest:
KL-Detector by Yohanes Aristianto (This is actually the closest to what I want, but only detects if an application actually logs a file locally)
Keylogger Hunter
Keylog Detector

Thank You

Question by:xxxopenxxx
    LVL 32

    Expert Comment

    I don't think such a program exists. As far as I know even old versions of ZA would not have detected rootkits, which some keyloggers are. Until someone comes up with such a program, you'll probably have to rely on a combination of things - a malware detector combined with a rootkit revealer, e.g.

    Author Comment

    I am not talking about the ones that are rootkits. I am talking about even programs that are not rootkits. The example I gave was Trillian (which monitors your behavior so that it changes your status to away or back) The older version of ZoneAlarm (I believe it was either 5.X or 6.X) detected it. In fact, I'll try to find which version it was and install it it and see what happens.

    The following is a quote from Wikipedia:
    "Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.

    Other detection software doesn't use a signature list, but instead analyzes the working methods of many modules in the PC, allowing it to block the work of many different types of keylogger. One drawback of this approach is that it can also block legitimate, non-keylogging software. Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users."

    I would be looking for the latter of the two methods.
    LVL 4

    Accepted Solution

    You dont neet some detection software which uses signatures etc, you just need some overall sandbox software which shows you every action on your computer in realtime. at the begnning such a software is very anoying cause it pops up with every process, but after a while you have realy full control to your system ( depens on how heuristic the security settings are ). just get some sandbox software like outpost, it has a firewall and sandbox function.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
    In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now