Best R.A.T/Keylogger protection?

mal1

Level 4
Thread author
Verified
Well-known
Oct 1, 2015
183
I was reading an old thread about Webroot Webroot questions, and people questioned its efficacy against R.A.Ts and keyloggers.

For someone who's a little paranoid about R.A.Ts/Keyloggers, does a mainstream AV provide adequate protection, or other software should be added (SpyShelter, Zemana, etc.)?

I use Avast free as my real-time AV, and may switch to Avira free or Panda free. How do these three AVs fare in terms of protection against R.A.Ts/Keyloggers?
 

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,041
Lots of free anti-keyloggers,just goggle,also virtual keyboard is available in free Comodo Internet Security, really a excellent program ,good luck, Spyshelter and Zemana are highly rated but kind of expensive
 
H

hjlbx

I was reading an old thread about Webroot Webroot questions, and people questioned its efficacy against R.A.Ts and keyloggers.

For someone who's a little paranoid about R.A.Ts/Keyloggers, does a mainstream AV provide adequate protection, or other software should be added (SpyShelter, Zemana, etc.)?

I use Avast free as my real-time AV, and may switch to Avira free or Panda free. How do these three AVs fare in terms of protection against R.A.Ts/Keyloggers?

All AVs fare poorly. Even dedicated anti-keyloggers fare poorly.

If you do an exhaustive net search about specific brand-name security softs against keyloggers, then you will find they don't do a very good job.

There is no single security soft that I have been able to find that will defeat any and all keyloggers.

Purportedly, the only freeware internet security suite that offers any kind of decent anti-keylogging is Comodo Internet Security. I say purportedly because I have seen no definitive test results against keyloggers. However, CIS did perform very well against all of Matousec's custom keylogging utilities.

From what I can ascertain, it appears CIS has robust anti-keylogging only when using the virtual kiosk. Comodo has been very secretive about it so there is scant infos available as to the extent and full capabilities of its anti-keylogger protection(s).

The only other viable freeware option is Zemana Free.

Testing anti-keylogging is tedious so very few people ever do it and report their findings. www.raymond.cc published a few reports. Even though they are old I would bet little, if anything, has changed in those findings.
 
H

hjlbx

Last edited by a moderator:
D

Deleted member 2913

From what I can ascertain, it appears CIS has robust anti-keylogging only when using the virtual kiosk. Comodo has been very secretive about it so there is scant infos available as to the extent and full capabilities of its anti-keylogger protection(s).
Robust anti-keylogging using Virtual Kiosk only or you have to use the Virtual Keyboard included in Virtual Kiosk too?
 
  • Like
Reactions: mal1
H

hjlbx

Robust anti-keylogging using Virtual Kiosk only or you have to use the Virtual Keyboard included in Virtual Kiosk too?

I think Comodo's anti-keylogging = virtual keyboard.

They won't give any technical infos... as usual, right ?
 
  • Like
Reactions: mal1

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well antivirus have their own priorities on which threats emerged dramatically as the downside may sacrifice other categories to detect them very poorly due to lack of resources besides user reports.

+ Keyloggers and R.A.T provide some techniques that can bypass easily by protection modules except to HIPS or possible BB.
 
  • Like
Reactions: mal1 and LabZero

ha14

Level 1
Verified
Oct 13, 2015
25
What is a Keylogger?

Detection and Removal
Detection of malicious keyloggers can be difficult as the applications don’t typically behave like other malicious programs. They don’t look for valuable data on a target machine and send it to a command-and-control server, nor do they attempt to destroy data on the machine, as some malware does. Keyloggers are designed to remain quiet and undetected. Antimalware products can scan for, detect and remove known variants of keyloggers. However, custom keyloggers or keyloggers built for a specific attack can present a difficult challenge, as they won’t be recognized immediately as malicious software, depending upon their actions on the compromised machine. If a user suspects the presence of a keylogger on a machine, she can employ a number of techniques to circumvent the malware, specifically by booting the PC from a CD or USB drive, or by using a virtual, on-screen keyboard, which prevents the malware from receiving any input from the keyboard.
 
  • Like
Reactions: mal1
L

LabZero

Most of the antivirus have in their database known RAT& keyloggers, offering protection against keyloggers no different from that offered to protect against other malware.

But about FUD keylogger and RAT, AVs use proactive defense and BB and the main disadvantage of this method is that the user is actively involved and must decide what action to take. If there isn't a user with a lot of technical knowledge, might take the wrong decision, with the result to allow a keylogger to bypass antivirus solution. However, if developers minimize user involvement, then the keylogger will be able to avoid being identified.... and if the applications are too strict, could be blocked as well as other useful programs with a lot of false positives.

The best solution, in my opinion, is to use specific anti keylogger as Zemana Antilogger or SpyShelter or for advanced (and paranoid) users, the @Umbra combo.;)
 
  • Like
Reactions: mal1 and frogboy

mal1

Level 4
Thread author
Verified
Well-known
Oct 1, 2015
183
I wouldn't pay for my real-time AV, much less anti-keylogger:p, so forget the paid programs.

And correct me if I'm wrong, since R.A.Ts can lay low undetected for a long time, it may take an AV engine quite a long time before it's included in its data, so in case a R.A.T is suspected, one should run a multi-engine scan; herdProtect for example?
 
H

hjlbx

I wouldn't pay for my real-time AV, much less anti-keylogger:p, so forget the paid programs.

And correct me if I'm wrong, since R.A.Ts can lay low undetected for a long time, it may take an AV engine quite a long time before it's included in its data, so in case a R.A.T is suspected, one should run a multi-engine scan; herdProtect for example?

Once RAT running on your system it is extremely unlikely any antivirus-only products will detect it. AV vendors do not create signatures for every single component of a malicious application (every single executable, dll, etc). How signatures are created varies from vendor to vender, but they generally are not all-inclusive... meaning they might detect the installer itslef, but not any components of the installed application. Once it's installed on system, well then, ...
 
  • Like
Reactions: mal1

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
With a multi engine any vendors may detect as possible but for sure its a heuristics detection. The thing will make it alarm when someone provide tip information to locate and analyze the files.

They primarily focus on prevention so the main file will be detected before execution however remnants are not considered as their plan to optimize the database.
 
  • Like
Reactions: mal1 and hjlbx
L

LabZero

Normally RAT/keylogger generate .exe file which is sent to the victim, stealing information about what he type on his keyboard and the antivirus detects malicious executable as malware spy.

You may have already heard of Binder or Crypter before.
So, If the keylogger is encrypted with crypter or binder available publicly, it will almost certainly be detected by antivirus. This is because a crypter/binder remains FUD (Full Undetectable) for about 2 weeks if it is distributed publicly. Due to the fact that an increasing use of a particular software is noted by antivirus companies. Antivirus companies updated their software, and also detect the crypter/binder and every file encrypted by it.

What is the point ?

The only way to get a FUD RAT/Keylogger is using not public crypter and then undetectable for a long time. Deep web and black market are the places most frequented by malwriters and criminals, where there is a huge malware business !

So the solution, for example, is to use a product like Comodo IS that, in expert hands, must be configured in advanced mode.
CIS, if configured correctly, makes the PC an impregnable bunker even if we lose a little bit of usability.
On our forum there are many guides to configure CIS in hardened mode.

Other mentioned apps:

Keyscrambel that encrypt keystrokes so they will be unreadable for the attacker and Zemana AntiLogger also has the task of encrypting everything you type with the keyboard sending in confusion the spy software.The key pressed by the user will be detected by the keylogger as another key.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top