Here's a handy little tool by GKWEB for testing the fucntionality of your security programs which claim to protect you against keyloggers.

Release news:

http://www.firewallleaktester.com/news.htm#66

---

What is Anti-Keylogger Tester ?

Some trojans includes keylogging functionalities, which can steal confidential information you are typing.

To fight this threat, many HIPS software, and also dedicated anti-keyloggers software, now provides anti-keylogger features.
However, there is many ways to monitor the keyboard, and not all HIPS cover all ways to do keylogging.

AKLT is a tool using 3 different methods to monitor your keyboard, and enables you to check your defences. AKLT does not try to monitor your keyboard by using a global hook, nor any DLL/code injection, as these methods are widely known and covered by all security softwares I have tested.

Additionaly, AKLT provides two ways of taking screenshots, as a keylogger or a trojan could do. I am not aware of any HIPS providing screenshot protection, but in case one of your security software is claiming to provide such feature, you will be able to test it thanks to AKLT.


The three keylogging methods used are :



Compatible : Windows 2000 / XP / 2003 server

Download page:
http://www.firewallleaktester.com/aklt.htm

First time I tested AKLT , keylogging was not detected by Processguard and AKLT could log typed text easily.. however you still had to allow it to execute in the first place to be able to log your keystrokes.

System Safety Monitor however stopped it in its tracks.



--

I tested new Outpost 4.0 against ALKT, even though it has limited HIPS functionality and doesnt claim to be able to prevent keylogging.

I think in most cases Outpost would be able to detect/block the outbound connections of the information being sent by the keylogger as well.

--

Unchecked allow injection of shared components and allow all listed actions for newtwork-enabled applications in Anti-leak control first.

Outpost failed the first two tests , GetKeyState and GetAsyncKeyState , AKLT successfully logged nearly all my keystrokes, missed one letter though in Don't ..



Outpost detected the DirectX test and allowed me to block it:





On the two screenshot tests, Outpost passed the first, all I got was a blank screenshot after blocking the injection call, failed to block the second though, screenshot successful.

-----------------------------------------------


Everyone is welcome to share their own tests of any dedicated keylogger detection software or HIPS software.

try snoopfree for a good free keylogger/screenshot blocker

snoopfree.exe

OK, maybe snoopfree is only pretty good, it seems it would be a good complement to
Outpost though, as the 2 tests it successfully blocks are ones Outpost does not.
Between them they should block both screenshot methods, and 2 of the 3 keyloggers

GetKeyState() API - Failed
GetAsynchKeyState() API - Passed, Snoopfree blocked this test
DirectX - Failed
Screenshot 1 keyb_event() API - Failed
Screenshot 2 createDC() and BitBlt() API's - Passed, Snoopfree blocked this test

Jetico V1 blocks the DirectX keylog method