Yes, that would be interesting to see. I think first SpyShelter would notice it launching, but from then on it will be interesting what our “events” might say, if anything.
Also maybe test on an older Windows OS with a Classic version of SpyShelter.
To clarify, the whole point of these tests is to see if SS can block certain keylogging methods. So even if SS 15 blocks it from running at all, it should obviously be allowed to run.
Of course the SS Classic version can easily block these keylogging methods. So did you try these simulators already, and did you ask the developer if he can add protection against these methods?
The methods are:
GetKeyState
GetKeyboardState
GetAsyncKeyState
DirectX
LowLevel Hook
JournalRecord Hook
GetRawInputData
I will share these and ask, thanks!
1 Like
Have you already heard back? I noticed that SpyShelter 12 was able to alert about apps ‘‘trying to record keyboard input’’, this alert was often triggered by browsers like Firefox and Vivaldi. You would think it should still be possible to add protection/detection against API and hook-based keyloggers. See links for more info.
We’re preparing a new software update that should be available in a few days. No, it will take quite a bit of time to research these different things I think. Sorry for the delay and thanks for your patience.
Yes, I understand.
But to clarify, if you can alert about these techniques that many keyloggers use, you might not even need to develop a new keystroke encryption method.
I can’t imagine that Windows 11 has changed so much from Windows 10, that security tools like SS can’t monitor these hooks/API’s related to keyloggers. So in my view this needs to get priority, because SS was all about ‘‘pro active’’ protection against keyloggers and spyware. 
We found the “hooks” monitoring was one of the major things we can’t seem to do anymore, but we’ll keep investigating. We’d like to have that feature also of course.
Basically I think all or more things with “hooks” can’t be done at all anymore with the modern Windows versions.
To clarify, I’m not a developer, but I did some more research.
It seems that in Windows 11 you still got certain API’s that keyloggers can use like GetKeyState, GetAsyncKeyState and GetKeyboardState. SS Classic alerted about this stuff with the ‘‘recording keyboard input’’ feature.
But most keyloggers use global hooks, I believe in Windows 11 it should still be possible to alert about global hooking. The reason why I believe this, is because I haven’t read anything about this stuff being removed in Windows 11.
If you block some app from setting global hooks, they can not monitor keystrokes. It’s of course not as cool as keystroke encryption, so if you guys can bring this feature back, I’m all for it.
Now that I think of it, SS 15 is able to monitor new processes that are being launched right? So I’m guessing you guys hooked the CreateProcess API?
I assume the same could be done when you hook for example the CreateRemoteThread API and the SetWindowsHook API functions? The first will block code injection and the second will block apps from setting global hooks.
Make sure to read the fourth link, I thought it was very interesting. It was written by the developer of Windhawk, and explains the various techniques that he considered for injecting code. Global hooking (SetWindowsHook) was one of them, but it had too many limitations for his tool.
Thank you for taking the time find and post this. I will let our lead developer know and we’ll check it out!
One thing we’re considering adding soon is the ability to prevent executables from launching OTHER executables, unless you approve it. What’s your opinion on that functionality?
Yes, we already talked about this, this could protect against malicious apps that are launching certain system processes (LOLBins) that could be used in attacks.
And it also makes sense when it comes to protecting against exploit attacks on browsers and document readers. For example, firefox.exe should not be able to launch powershell.exe, if you know what I mean. But you should obviously not alert about all child processes, because that would be pointless.
Yes, of course! That would be super annoying if child processes were always alerting. I think people would uninstall our app.
It’s interesting how this applies to LOLBins, so I will share this with our team. And of course our team reads this forum on their own all the time also.
I have enjoyed your posts/conversations! Thanks for taking the time to help us improve.
Hello, some years ago I purchased a license for KeyScrambler Professional and I just did a test on this keyboard simulator webpage Keyboard Simulator | Interactive Online Typing Tool - WebUtility.io
I don’t know if the test is reliable (I’m not a technician) but the results are:
** KeyScrambler Professional OFF**
** KeyScrambler Professional ON**
It seems that KeyScrambler Professional still works as it should.
Anyway I haven’t found on the web specific tools to test it. Many years ago DatPol, previous SpyShelter’s developers, released a tool called “SpyShelter Security Test Tool” SpyShelter Security Test Tool screenshot and download at SnapFiles.com to test the system against keylogging, clipboard monitoring etc. but it’s no more available. The SnapFiles download redirects to https://www.spyshelter.com/download/AntiTest.zip
Maybe it became obsolete but I really don’t know the reason.
I just tested KeyScrambler Professional against Firewall Leak Tester’s AKLT Anti-Keylogger Tester (AKLT) - put your anti-keylogger protection to the test It failed as the captured keys are visible but I think the reason is that KeyScrambler doesn’t encrypt the keystrokes on all apps unlike Ghostpress. Anyway, as I wrote above, I’m not a technician so I’m not 100% sure of this.
1 Like
Certain website safety services kept picking up that test keylogger as malware on SpyShelter.com and would cause us to get blocked by many websites/tools, so we decided to stop hosting it.
1 Like
Good to know, we will check it out, thanks!
Thanks for the quick answer.
1 Like
For completeness I tested Ghospress against Firewall Leak Tester’s AKLT and it passed all the tests (the captured keys weren’t visible) except test 5. I couldn’t do test 6.
1 Like
I believe I still have this tool on my PC, I will upload it soon and post the link.