App Review HitmanPro Alert vs a Keylogger

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Thanks for the review. :)

Can guess you probably would get the same result also with KeyScrambler.
 
  • Like
Reactions: Online_Sword

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Keyscrambler is a good application against keyloggers, but is a one trick pony. To be fair HMPA does protect rather more broadly (have to be nice here as I will be sort of trashing HMP this weekend).
 
  • Like
Reactions: XhenEd

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
ultimate keystroke encryptor

Em...I do not think so.
The options of Spyshelter Premium and Spyshelter Firewall indicate that they can also "encrypt keystrokes for all processes".
In addition, they provide two more modes: encrypting keystrokes for user-specified processes, and encrypting keystrokes for all processes except user-specified processes.
In my opinion, these modes make Spyshelter more convenient to use.
ked1-0x0.png
However, in my test, Spyshelter keystroke encryption also has some problems.
For example, I find that when this feature is enabled, I cannot type the verification code in an online bank. By contrast, Keyscrambler has no problem in that online bank.
 
  • Like
Reactions: XhenEd and floalma
D

Deleted member 178

I used and test both before, keyscrambler is most welcomed by sec geeks already having other kinds of layered protection, while SS is more an all-in-one antilogger package.
 
H

hjlbx

Em...I do not think so.
The options of Spyshelter Premium and Spyshelter Firewall indicate that they can also "encrypt keystrokes for all processes".
In addition, they provide two more modes: encrypting keystrokes for user-specified processes, and encrypting keystrokes for all processes except user-specified processes.
In my opinion, these modes make Spyshelter more convenient to use.
ked1-0x0.png
However, in my test, Spyshelter keystroke encryption also has some problems.
For example, I find that when this feature is enabled, I cannot type the verification code in an online bank. By contrast, Keyscrambler has no problem in that online bank.

KeyScrambler encrypts better because it specifically targets processes. SpyShelter uses generic encryption - which is not as effective. I do not know specific technical details, but testing verifies SpyShelter keystroke encryption only protects against approximately 50 % of keyloggers.

SpyShelter needs improvement. KeyScrambler is more polished, refined.
 
H

hjlbx

but is a one trick pony.

There is one scenario where a security config comprised of several "one trick ponies" bests a packaged solution like AVs... and that is when malware can disable the packaged protection. With a layered config consisting of multiple individual apps, it is very unlikely malware will be able to disable them all. However, the cost to user is complexity and extra administration.
 
H

hjlbx

I would write that with CF you wouldn't need to worry about such stuff at all, but everyone already knows that.

There are some things to consider...

What about session\in-browser keyloggers ? Those that bind to legitimate processes and bypass Comodo's "Block Unrecognized application" firewall setting ? Not to mention phishing.

In-browser keylogger not common scenario, but not as rare as it once was. Malicious browser extensions can go undetected by Comodo even in HIPS Safe Mode.

Comodo very unlikely to protect user in those cases except while using Paranoid Mode and. even then, HIPS alert will say all processes are safe... so take very experienced user to know something is not quite right.

Not bashing. Just pointing out something to consider. Any security soft has holes. Comodo is good protection, but not perfect protection.

This is why KeyScrambler is good addition to system. It works independently of all other protections.
 
Last edited by a moderator:

floalma

Level 4
Verified
Apr 5, 2015
182
What do you mean by 'generic encryption' ?

KeyScrambler encrypts better because it specifically targets processes. SpyShelter uses generic encryption - which is not as effective. I do not know specific technical details, but testing verifies SpyShelter keystroke encryption only protects against approximately 50 % of keyloggers.

SpyShelter needs improvement. KeyScrambler is more polished, refined.
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
If you mean the Man-in-the-Browser attack, there still has to be a payload. It could be the initial installation of a compromised browser, a trojan of some sort that will use things like BHO, API call attacks, or a script run locally to create augmented browsing. This sort of thing (like Shylock) can be stopped. As far as installing a compromised browser extension for a DOM attack, you make an excellent point. For those that just HAVE to install extensions from whatever source the kiosk comes in handy to protect against MITB.

Make no mistake- I'm not disparaging KeyScrambler in any way (I actually used it in the past); just pointed out that HMPA does other things, so a comparison between them isn't fair.
 
  • Like
Reactions: XhenEd and Moose
H

hjlbx

If you mean the Man-in-the-Browser attack, there still has to be a payload. It could be the initial installation of a compromised browser, a trojan of some sort that will use things like BHO, API call attacks, or a script run locally to create augmented browsing. This sort of thing (like Shylock) can be stopped. As far as installing a compromised browser extension for a DOM attack, you make an excellent point. For those that just HAVE to install extensions from whatever source the kiosk comes in handy to protect against MITB.

Make no mistake- I'm not disparaging KeyScrambler in any way (I actually used it in the past); just pointed out that HMPA does other things, so a comparison between them isn't fair.

Users are always in a quandry when it comes to security softs. A conundrum...

Fileless MitB are proliferating. Browser session keylogging among easiest to accomplish. Sandbox does contain any potential payload, but does not prevent the keystroke recording in all cases (it does protect clipboard capture). HIPS Paranoid Mode does alert to it, but alert might indicate all files are safe since this type infection uses rundll32.exe, dllhost.exe, etc.

Who uses Paranoid Mode ? System unusable... 100s of alerts per user session. Useful only when trying to track-down suspected infection...

Need "infected" site to host the attack. User has to spend time at the site. Site has to be designed to engage\entrap user into typing valuable infos. Infection\keylogging is not persistent. So, all in all, not very productive for malware authors. Almost flaky "vector," but design the site correctly and it could be really dangerous.

Anyhow, eventually, it will get reported and blocked by web-filter. Well, with Comodo web protections, one hopes so...

There is more\additional anti-keylogging protections in Comodo, but Comodo quite secretive about it. Comodo engineering will not divulge even basic technical infos.

@Umbra would say Comodo uses CCE against annoying user questions they can't answer. (Inside joke).
 
Last edited by a moderator:

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Uses kernel mode driver to encrypt keystrokes when using any application.

KeyScrambler somehow injects directly into specific processes.
Kernel mode driver sounds more reliable:D, while I am afraid that the behavior of injecting into specific processes might cause compatibility issues...
 
H

hjlbx

Kernel mode driver sounds more reliable:D, while I am afraid that the behavior of injecting into specific processes might cause compatibility issues...

You would think, but KeyScrambler very stable. I don't have all technical infos. Just my own experience and that of others.

Hooking, injecting - whatever the case may be... many softs do it. Almost all security softs do it.
 
  • Like
Reactions: Online_Sword

kiric96

Level 19
Verified
Well-known
Jul 10, 2014
917
nice review, just a question @cruelsister what do you think about zemana products? premium ver will mess up all typed info no matter if is a browser or not, but i have not tested against real keylogger, can you please tell me?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top