Security experts consider keylogging as the most dangerous threat because it allows cyber criminals to capture everything you type on your keyboard. This includes passwords so that they can gain access to your online accounts such as your email, banking, forums, websites and etc to steal valuable information. If keystroke logging is not damaging enough, your webcam, screen, clipboard and microphone can also be secretly captured and logged without your knowledge.
There are a couple of different methods to protect yourself against keyloggers. First you can use an on-screen virtual keyboard where your mouse will be used to select the keys when entering your password instead of typing it from the physical keyboard that is logged. A good antivirus can also recognize some of the known and unknown keyloggers through virus definition or heuristic analysis. Finally, a dedicated anti keylogging tool that constantly monitors the behavior of running applications and notifies you if it detects any potential keylogging activity.
In this article we’ll be putting 3 anti keylogging programs named Zemana AntiLogger, SpyShelter Premium and DataGuard AntiKeylogger to the test with real keylogging tools that are popular and widely being used to determine the effectiveness of each program.
1. Zemana AntiLogger
Zemana AntiLogger is a program we’ve mentioned a lot over the years because it’s been one of the leading tools to block several different types of hack methods. The shareware version of AntiLogger costs $29.95+taxes although they sometimes have giveaways for a free 1 year license, worth keeping an eye out for. Zemana also claims to be fully compatible with nearly every antivirus/security package available, there is a compatibility chart on their website so you can check beforehand.
Apart from the basic keystroke protect which is what the free version of Zemana features, the full version also offers Anti-SSL logging protection against banking trojans and SSL sniffers, a screen capture prevention module to block image grabs of your desktop activity, protection against copying Clipboard data, and a module to stop hijacking of connected webcams and microphones. The System Defense feature blocks against several types of attack that try to inject DLL code, load low level kernel drivers, or modify the system registry/memory. Zemana AntiLogger is compatible with Windows XP, Vista, 7 and 8 (32-bit and 64-bit).
Note: The “Free” version of Zemana AntiLogger only encrypt keystrokes and does not notify nor block any detected keylogging activity. It’s a very different method to protecting against keyloggers and you can read more about the keystroke encryption test that we’ve done.
2. SpyShelter Premium
While SpyShelter also offers a cut down free personal version of it’s Stop-Logger application, one of the crucial advantages the premium version offers is full support for 64-bit systems, the free version is 32-bit only. Note the keystroke encryption driver for SpyShelter does not work on Windows XP systems. SpyShelter Premium is available in single or 5 user packs starting from €20 for a years protection for 1 user. Windows XP up to Windows 8 (32-bit and 64-bit) is supported.
SpyShelter Premium has a number of defense modules including kernel mode keylogger protection with keystroke encryption, webcam and VOIP audio hacking protection, clipboard data hacking prevention, an anti-screen capture module, and also a System Defense guard that acts as a Host Intrusion Prevention System (HIPS) to protect critical areas from code injection such as memory and the registry. An Internet Security module blocks trojans and hack attempts through SSL, HTTPS, POP, SMTP and FTP. Suspicious files can be sent to the Virus Total online scanner with a click of the mouse.
3. DataGuard AntiKeylogger
DataGuard AntiKeylogger is at a disadvantage from the outset because none of its product line has been updated for a few years, that also includes their more user friendly NextGen AntiKeylogger products. As a consequence, DataGuard AntiKeylogger does not work on Windows 8 and supports Windows 2000 SP4 to Windows 7 32-bit versions only. Prices range from the Free basic version up to the Ultimate version we’re looking at here, priced at $59.
DataGuard AntiKeylogger Ultimate offers protection against several different methods of keylogging, Windows clipboard monitoring, protection against capturing screenshots, and text blocking to prevent capturing text from opened documents and windows. Keyboard filters, DirectX based and kernel level keyloggers can also be blocked. The kernel level message filters will only work on Windows 2000 and XP.
Testing AntiKeyloggers with Real Keyloggers
To find the best anti-keylogger software and also to determine the effectiveness of Zemana AntiLogger, SpyShelter Premium and DataGuard AntiKeylogger, we’ve tested them against 12 different malwares (7 commercial keyloggers + 5 RAT Trojan) that are capable of logging keystrokes & the clipboard, taking screenshots, activating the webcam and capturing audio through a microphone.
- Invisible Keylogger Stealth
- Elite Keylogger
- REFOG Keylogger
- All in One Keylogger
- Revealer Keylogger Pro 2.0.8
- Advanced Keylogger 188.8.131.52
- Award Keylogger Pro 3.3
- Bozok 1.4
- DarkComet 5.3
- CyberGate Excel 184.108.40.206
- Lost Door 8.0.1
- NetWire 1.4c
Zemana AntiLogger and SpyShelter Premium are tested in Windows 8 Pro 32-bit while DataGuard AntiKeylogger in Windows 7 Ultimate 32-bit because it doesn’t support Windows 8. All Windows operating systems are fully updated during the time of testing.
In the interest of getting the fairest and most accurate results, we’ve used imaging to restore Windows back to the same state after each and every test that was conducted. This rules out possible conflicts and guarantees that each protection module is tested in the exact same Windows environment. For example, Zemana was installed, the keystroke test was performed for Invisible Keylogger Stealth, then the system was reset again for the next test and Zemana installed again for the Keylogger Stealth install test, and so on…
Test Notes for Zemana AntiLogger
1. Zemana seems to have a serious bug where all modules must be enabled for the protection to be active. For example, if the Anti-ScreenLogger is enabled but Anti-KeyLogger disabled, the hacker can still capture your screen. However when turning on Anti-KeyLogger, Zemana then detects the screen capture. The same thing happened when we only enabled System Defense but the rest of the protection modules were disabled, the keylogger is able to install without Zemana detecting any injection. So if you’re using Zemana AntiLogger, make sure that all protection modules are enabled.
2. There are some people claiming that Zemana AntiLogger doesn’t work on 64-bit (x64) Windows. We were curious to find out if it is true, so we activated the keystroke logging from Revealer Keylogger Pro on Windows 7 Ultimate 64-bit and Zemana AntiLogger instantly block the action and display the security alert popup.
3. Other than the behavior-based protection, Zemana AntiLogger offers an additional protection called IntelliGuard Cloud where it checks the files that you want to run with their servers to determine if it is safe or automatically blocking it if it is a known malicious file.
Test Notes for SpyShelter Premium
1. SpyShelter’s alert window hung a few times when detecting suspicious logging activity.
2. SpyShelter’s System Protection (HIPS) is very sensitive, notifying you of any activity with an alert popup. This is because the “High security level” option is selected by default to offer better protection rather than the medium security level with decreased alerts.
3. There is an option in Settings to allow/prevent SpyShelter from being terminated via Task Manager. Although it is not possible to terminate SpyShelter’s process from Task Manager after unchecking the checkbox, we were still able to kill the process using a third party task managing program called Process Explorer.
Test Notes for DataGuard AntiKeylogger
1. DataGuard AntiKeylogger was last updated on March 2011 and does not work on Windows 8. Even the links to purchase a license via Plimus are unavailable.
2. When DataGuard detects malicious activity such as keystroke logging, it will automatically add the process to the “Auto-detected modules” which will block other supported logging activities. However if the program is signed, the activity will be allowed. Certificate checking can be disabled in program’s Advanced Options.
3. DataGuard adds Explorer.exe to Auto-detected modules causing the Windows explorer to crash.
The table below shows the detection result of each logging behavior from all 12 keylogger program. The red colored “NO” means that the logging behavior is not detected while the blue colored “YES” means that it is detected by the antikeylogger.
* Unable to Test. Zemana kept on detecting injection.
** YES (Even without Install & Startup)
As you can see from the test results above, none of them are perfect in detecting every attack method but SpyShelter and Zemana came close.
We found that it’s possible to evade the detection from these anti keyloggers by not automatically adding the keylogger itself to Windows startup and making sure that the malware does not activate an offline keylogger. This will allow the hacker to gain a one time access to disable or tamper with any running security software and then followed up by manually adding a startup entry for the malware. During that time, the hacker can also download your files from your hard drive with a file manager found in most remote access tools. This is when you will need file encryption to keep your important files safe.