Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Spybot is weak against loggers:(

  1. #1
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default Spybot is weak against loggers:(

    Hello,
    There is a security software in Turkey which blocks all types of loggers like keylogger, webcam logger, screenlogger with not a databse but with heuristcs. They have a test section in their site and given download links to a keylogger, screenlogger,webcam logger, clipboard logger and SSL logger. Well i don't know what the last two loggers are But i have tried all loggers and spybot didn't give any warnings and i was logged :(
    In our turkish security forum, we have discussed the test and we saw that also webroot spy sweeper, eset IS, avira personal didn't detect the loggers. But spywareterminator did. Looks like most security software looks weak against loggers. They can't detect them with heuristcs. I am giving the links to the loggers. You can select english from the lower left side.
    keylogger
    http://download.zemana.com/Products/Simulations/keyboard.exe
    screen-logger
    http://download.zemana.com/Products/Simulations/ScreenLogger.exe
    webcam logger
    http://download.zemana.com/Products/Simulations/WebcamLogger.exe
    clipBoard logger
    http://download.zemana.com/Products/Simulations/ClipBoardLogger.exe

    Umm by the way they haven't given the ssl logger link.

    3 Notices:
    1) I haven't opened the topic to the new or undetected forum as these files aren't malware and I wanted to discuss the active protection of spybot.
    2) The loggers are not a malware really. They have no connection to the web and doesn't report anything to anywhere. These links are provided by a trusted turkish security program's producers.
    3) I have the latest version of teatimer and of course the latest version of spybot
    Hope that I won't be misunderstood. I always support safer-networking products everywhere. The reason why i opened the topic is maybe i can help spybot advance.
    Last edited by tashi; 2008-08-27 at 03:31. Reason: Links revealed,disabled
    DOCTUS.ORG Turkish security forum

  2. #2
    Guest
    Join Date
    Jun 2008
    Posts
    478

    Default

    spywareterminator has hips, so maybe hips was on when you tested them.

    you shouldnt give out direct links to such .exe files in this way, they are unknown to me. this is unnecessary, no anti-malware can find everything.

    do you trust this files yourself? because i dont. i would not recommend anyone to download them.

  3. #3
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    I trust the files. Don't you trust eicar i suppose you do, this is also a test file like eicar. I know what to give in a forum. If i didn't trust the files i wouldn't give them.,
    ed: btw i am not talking about finding the malware. Of course all malware can't be detected. But what i am talking here is about the proactive detection capabilites of spybot. Proactive protection can be improved.
    Last edited by dj.turkmaster; 2008-08-26 at 22:55.
    DOCTUS.ORG Turkish security forum

  4. #4
    Guest
    Join Date
    Jun 2008
    Posts
    478

    Default

    as i said this is unnecessary.

    why is it important to you to give out this links?
    Last edited by blues; 2008-08-26 at 22:58.

  5. #5
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    I find it necessary. Thanks for your attention.
    And new results: Avira free + threatfire also didn't pass the test.

    ed: It is important because the files can be examined by spybot's officials.
    Last edited by dj.turkmaster; 2008-08-26 at 22:59.
    DOCTUS.ORG Turkish security forum

  6. #6
    Guest
    Join Date
    Jun 2008
    Posts
    478

    Default

    this is your old thread: http://forums.spybot.info/showthread.php?t=13562

    and you got a response: http://forums.spybot.info/showpost.p...7&postcount=11

    spybot has changed since that time so you should wait for someone else that knows more about this to reply to you.

    i am just doing some detective work

  7. #7
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Spycar has been discussed before and I believe the discussion exposed that a behavior based protection product would be requred in this case.
    Yeah, and what i wanted to say was exactly this. Is it possible to add a behavior based protection?
    But as i said be sure that this topic was opened by good means. So please be sure that the files are clean, i guarantee that, otherwise i wouldn't give those files. I understand your concerns dear blues. But if giving some executables like this are against forum rules they can be deleted from there by the editors.
    Cheers
    DOCTUS.ORG Turkish security forum

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello dj.turkmaster,

    Quote Originally Posted by dj.turkmaster View Post
    These links are provided by a trusted turkish security program's producers.
    That may be, however the source is not known so please don't hide urls and make sure they are disabled. Thanks.

    The security community spends much of its time educating users not to be click happy.

    Best regards.

    Edit: I left a link to post #1 for Team, thanks.
    Last edited by tashi; 2008-08-27 at 03:56. Reason: PS)
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Quote Originally Posted by blues View Post
    as i said this is unnecessary.

    why is it important to you to give out this links?
    Hi blues,

    Please allow me to do any modding necessary, a PM will suffice.

    Thank you.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  10. #10
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Okay than. Sorry for that
    But what about the proactive detection, is there anything that can be done? Is the team spybot thinking of implementing behavior based protection. I know it is a very difficult thing but maybe for version2 ?
    DOCTUS.ORG Turkish security forum

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •