RSS Feeds

Wednesday, November 17, 2010

Spyshelter x64 Premium vs Zemana AntiLogger Testing

I have asked Zemana and Spyshelter to donate a full license for these tests. Spyshelter went ahead and forwarded a license. Zemana did not, but during a Holiday give away I acquired one and tested.

I will be using v4.56 of Spyshelter x64 Premium and the test machine will be Windows 7 x64 Pro. DEP has been turned on for all programs through the Operating System itself and will be on for both tests once I hear back from Zemana.

The settings within Spyshelter are as follows:




The two settings within the Protection tab that are grayed out are not available in Windows x64 versions due to Microsofts PatchGuard so they are not enabled. Id also like to note that the System Protection Module in the x64 enviornment only includes two areaa of protection which are: Registry protection and Driver/service registering protection. In an x86 environment the System Protection Module covers a much wider range of which are: Global Hook Installation, Rootkit Installations, Thread Context Changing, Direct Physical Memory Access, Remote Thread Creation, DLL Code Injection, Kernel Driver Loading, Program State and Memory Modification, System Critical parts and Registry Modification.

By using Windows built in DEP we eliminate the need for memory modification in the x64 environment.

All 47 selections within the list of monitored actions tab are checked.

First up I tested out Zemana's Antilogger Test Tool on Spyshelter. I have displayed what will happen if it is allowed and what will happen if it is denied. The way Zemana's Antilogger Test Tool works is if it is allowed when you type in an external program the data will display in the test tool to simulate the logging of keystrokes. If it is denied and blocked nothing will appear in the test tool.




Notice in the settings only Microsoft signed programs are allowed. Anything other than a Microsoft signed program will be asked to be allowed and denied. This is shown in the prompt at the top where it shows that the Zemana Antilogger Test Tool is digitally signed by Zemana.



I got ahold of a Zemana x64 license. Needless to say Zemana is not even close to comparable.

I configured Zemana the same way I configured Spyshelter. I auto allowed Microsoft signed drivers. Everything else was set to ask. An update was ran before testing to make sure the latest version and whitelist were available and active.

Zemana states that all modules (Key Logger, Screen Logger, Webcam Logger, Clipboard Logger) are all enabled and protecting. However running Spyshelters antitest tool reveals that Zemana doesnt warn about a single test. I am able to log keystrokes, webcam, screenshots, get clipboard copies, gain registry access, and grab sound clips without a single warning from Zemana.

Zemana doesnt even pass its own Clipboard Logger test tool, Keyogger test tool, screenshot test tool, or its own webcam test tool. It makes absolutely no peep what so ever.




Here are the screenshots with Zemana sitting quietly in the tray without warning about Spyshelters test tool.





Here are the images of Zemana failing its own test tools. With the Screen Logger I was able to move the cursor down the task bar with the image previews and the Screen Logger was able to detect the changes in the image previews as well.