- Apr 13, 2013
- 3,224
HitmanPro Alert vs a Keylogger
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Jul 27, 2015
- 5,458
Thanks for the review. 
Can guess you probably would get the same result also with KeyScrambler.
Can guess you probably would get the same result also with KeyScrambler.
- Mar 23, 2015
- 555
I do not think so.
According to the official website, keystrokes in text editors are also encrypted by KeyScrambler Pro and Premium.
- Jul 27, 2015
- 5,458
- Apr 13, 2013
- 3,224
Totally correct. HMP alert will protect the browser, whereas KeyScrambler will scramble anything typed on the system, no matter where or when.
It is why i said on another thread Keyscrambler is the ultimate keystroke encryptor.
- Apr 13, 2013
- 3,224
- Mar 23, 2015
- 555
Em...I do not think so.
The options of Spyshelter Premium and Spyshelter Firewall indicate that they can also "encrypt keystrokes for all processes".
In addition, they provide two more modes: encrypting keystrokes for user-specified processes, and encrypting keystrokes for all processes except user-specified processes.
In my opinion, these modes make Spyshelter more convenient to use.
For example, I find that when this feature is enabled, I cannot type the verification code in an online bank. By contrast, Keyscrambler has no problem in that online bank.
I used and test both before, keyscrambler is most welcomed by sec geeks already having other kinds of layered protection, while SS is more an all-in-one antilogger package.
- Apr 13, 2013
- 3,224
I would write that with CF you wouldn't need to worry about such stuff at all, but everyone already knows that.
Em...I do not think so.
The options of Spyshelter Premium and Spyshelter Firewall indicate that they can also "encrypt keystrokes for all processes".
In addition, they provide two more modes: encrypting keystrokes for user-specified processes, and encrypting keystrokes for all processes except user-specified processes.
In my opinion, these modes make Spyshelter more convenient to use.
However, in my test, Spyshelter keystroke encryption also has some problems.
For example, I find that when this feature is enabled, I cannot type the verification code in an online bank. By contrast, Keyscrambler has no problem in that online bank.
KeyScrambler encrypts better because it specifically targets processes. SpyShelter uses generic encryption - which is not as effective. I do not know specific technical details, but testing verifies SpyShelter keystroke encryption only protects against approximately 50 % of keyloggers.
SpyShelter needs improvement. KeyScrambler is more polished, refined.
There is one scenario where a security config comprised of several "one trick ponies" bests a packaged solution like AVs... and that is when malware can disable the packaged protection. With a layered config consisting of multiple individual apps, it is very unlikely malware will be able to disable them all. However, the cost to user is complexity and extra administration.
There are some things to consider...
What about session\in-browser keyloggers ? Those that bind to legitimate processes and bypass Comodo's "Block Unrecognized application" firewall setting ? Not to mention phishing.
In-browser keylogger not common scenario, but not as rare as it once was. Malicious browser extensions can go undetected by Comodo even in HIPS Safe Mode.
Comodo very unlikely to protect user in those cases except while using Paranoid Mode and. even then, HIPS alert will say all processes are safe... so take very experienced user to know something is not quite right.
Not bashing. Just pointing out something to consider. Any security soft has holes. Comodo is good protection, but not perfect protection.
This is why KeyScrambler is good addition to system. It works independently of all other protections.
Last edited by a moderator:
Uses kernel mode driver to encrypt keystrokes when using any application.
KeyScrambler somehow injects directly into specific processes. Those specific processes are on a per-application basis. It is not universal\generic.
- Apr 13, 2013
- 3,224
If you mean the Man-in-the-Browser attack, there still has to be a payload. It could be the initial installation of a compromised browser, a trojan of some sort that will use things like BHO, API call attacks, or a script run locally to create augmented browsing. This sort of thing (like Shylock) can be stopped. As far as installing a compromised browser extension for a DOM attack, you make an excellent point. For those that just HAVE to install extensions from whatever source the kiosk comes in handy to protect against MITB.
Make no mistake- I'm not disparaging KeyScrambler in any way (I actually used it in the past); just pointed out that HMPA does other things, so a comparison between them isn't fair.
Make no mistake- I'm not disparaging KeyScrambler in any way (I actually used it in the past); just pointed out that HMPA does other things, so a comparison between them isn't fair.
Users are always in a quandry when it comes to security softs. A conundrum...
Fileless MitB are proliferating. Browser session keylogging among easiest to accomplish. Sandbox does contain any potential payload, but does not prevent the keystroke recording in all cases (it does protect clipboard capture). HIPS Paranoid Mode does alert to it, but alert might indicate all files are safe since this type infection uses rundll32.exe, dllhost.exe, etc.
Who uses Paranoid Mode ? System unusable... 100s of alerts per user session. Useful only when trying to track-down suspected infection...
Need "infected" site to host the attack. User has to spend time at the site. Site has to be designed to engage\entrap user into typing valuable infos. Infection\keylogging is not persistent. So, all in all, not very productive for malware authors. Almost flaky "vector," but design the site correctly and it could be really dangerous.
Anyhow, eventually, it will get reported and blocked by web-filter. Well, with Comodo web protections, one hopes so...
There is more\additional anti-keylogging protections in Comodo, but Comodo quite secretive about it. Comodo engineering will not divulge even basic technical infos.
@Umbra would say Comodo uses CCE against annoying user questions they can't answer. (Inside joke).
Last edited by a moderator:
- Mar 23, 2015
- 555
Kernel mode driver sounds more reliable
, while I am afraid that the behavior of injecting into specific processes might cause compatibility issues...Kernel mode driver sounds more reliable
You would think, but KeyScrambler very stable. I don't have all technical infos. Just my own experience and that of others.
Hooking, injecting - whatever the case may be... many softs do it. Almost all security softs do it.
- Jul 10, 2014
- 917
nice review, just a question @cruelsister what do you think about zemana products? premium ver will mess up all typed info no matter if is a browser or not, but i have not tested against real keylogger, can you please tell me?
Similar threads
