用了一个工具来测试。瑞星一个都没有提示。
HIPS软件一般都会报的(EQ报了几个)。瑞星要加油了。
http://www.firewallleaktester.com/aklt.htm
What is Anti-Keylogger Tester ? Some trojans includes keylogging functionalities, which can steal confidential information you are typing. To fight this threat, many HIPS software, and also dedicated anti-keyloggers software, now provides anti-keylogger features.
However, there is many ways to monitor the keyboard, and not all HIPS cover all ways to do keylogging.
AKLT is a tool using 3 different methods to monitor your keyboard, and enables you to check your defences. AKLT does not try to monitor your keyboard by using a global hook, nor any DLL/code injection, as these methods are widely known and covered by all security softwares I have tested.
Additionaly, AKLT provides two ways of taking screenshots, as a keylogger or a trojan could do. I am not aware of any HIPS providing screenshot protection, but in case one of your security software is claiming to provide such feature, you will be able to test it thanks to AKLT.
The three keylogging methods used are :- GetKeyState API : This API returns the current key state for a given key. This API must be called for every keys, constantly (e.g every 10ms) in order to not miss any key the user may press. This method is less reliable than a global hook, but is more stealthy, and does not require administrator privileges.
- GetAsyncKeyState API : This API is similar to GetKeyState, except that it can receive keys that has been pressed, and not only the one pressed at the moment the function is called. As the previous method, it does not require administrator privileges.
- DirectX : This method is using APIs from DirectInput functions family (from DINPUT.DLL). It requires that DirectX 7.0 or higher is installed, which is not a problem as DirectX is bundled with Microsoft Windows Operating Systems. It is more stealth as being less known (I've never heard of it before). Of course video games use DirectX to monitor your keyboard, but I'm not aware of any malware using DirectX for malicious purposes. As the previous method, it does not require administrator privileges.
下边是测试软件。[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 1.1.4322; MAXTHON 2.0)
