Hello,
There is a security software in Turkey which blocks all types of loggers like keylogger, webcam logger, screenlogger with not a databse but with heuristcs. They have a test section in their site and given download links to a keylogger, screenlogger,webcam logger, clipboard logger and SSL logger. Well i don't know what the last two loggers are :) But i have tried all loggers and spybot didn't give any warnings and i was logged :(
In our turkish security forum, we have discussed the test and we saw that also webroot spy sweeper, eset IS, avira personal didn't detect the loggers. But spywareterminator did. Looks like most security software looks weak against loggers. They can't detect them with heuristcs. I am giving the links to the loggers. You can select english from the lower left side.
keylogger
http://download.zemana.com/Products/Simulations/keyboard.exe
screen-logger
http://download.zemana.com/Products/Simulations/ScreenLogger.exe
webcam logger
http://download.zemana.com/Products/Simulations/WebcamLogger.exe
clipBoard logger
http://download.zemana.com/Products/Simulations/ClipBoardLogger.exe

Umm by the way they haven't given the ssl logger link.

3 Notices:
1) I haven't opened the topic to the new or undetected forum as these files aren't malware and I wanted to discuss the active protection of spybot.
2) The loggers are not a malware really. They have no connection to the web and doesn't report anything to anywhere. These links are provided by a trusted turkish security program's producers.
3) I have the latest version of teatimer and of course the latest version of spybot :)
Hope that I won't be misunderstood. I always support safer-networking products everywhere. The reason why i opened the topic is maybe i can help spybot advance.

spywareterminator has hips, so maybe hips was on when you tested them.

you shouldnt give out direct links to such .exe files in this way, they are unknown to me. this is unnecessary, no anti-malware can find everything.

do you trust this files yourself? because i dont. i would not recommend anyone to download them.

I trust the files. Don't you trust eicar i suppose you do, this is also a test file like eicar. I know what to give in a forum. If i didn't trust the files i wouldn't give them.,
ed: btw i am not talking about finding the malware. Of course all malware can't be detected. But what i am talking here is about the proactive detection capabilites of spybot. Proactive protection can be improved.

as i said this is unnecessary.

why is it important to you to give out this links?

I find it necessary. Thanks for your attention.
And new results: Avira free + threatfire also didn't pass the test.

ed: It is important because the files can be examined by spybot's officials.

this is your old thread: http://forums.spybot.info/showthread.php?t=13562

and you got a response: http://forums.spybot.info/showpost.php?p=84867&postcount=11

spybot has changed since that time so you should wait for someone else that knows more about this to reply to you.

i am just doing some detective work;)

Spycar has been discussed before and I believe the discussion exposed that a behavior based protection product would be requred in this case.
Yeah, and what i wanted to say was exactly this. Is it possible to add a behavior based protection?
But as i said be sure that this topic was opened by good means. So please be sure that the files are clean, i guarantee that, otherwise i wouldn't give those files. I understand your concerns dear blues. But if giving some executables like this are against forum rules they can be deleted from there by the editors.
Cheers:)

Hello dj.turkmaster,


These links are provided by a trusted turkish security program's producers.


That may be, however the source is not known so please don't hide urls and make sure they are disabled. Thanks.

The security community spends much of its time educating users not to be click happy. ;)

Best regards.

Edit: I left a link to post #1 for Team, thanks.

as i said this is unnecessary.

why is it important to you to give out this links?

Hi blues,

Please allow me to do any modding necessary, a PM will suffice.

Thank you. :)

Okay than. Sorry for that:oops:
But what about the proactive detection, is there anything that can be done? Is the team spybot thinking of implementing behavior based protection. I know it is a very difficult thing but maybe for version2 ?

Okay than. Sorry for that:oops:
No problem. :)



But what about the proactive detection, is there anything that can be done? Is the team spybot thinking of implementing behavior based protection. I know it is a very difficult thing but maybe for version2 ?

I will leave that question for our detectives, perhaps they will be able to answer when they come on later.

Cheers.