Monday, 28 January 2013

How does keyloggers get past anti-virus?

Most spy programs gets detected and removed by anti-virus software and security tools. redpill is one of the few (if not the only) spy software company that is continually managing to stay under the radar.

How do the redpill Spy Software Products manage to get past anti-virus packages?

First, let’s look at how anti-virus packages detect spy software and key loggers.

There are two main ways how anti-virus packages detect malware and spy software:

Fingerprint Detection:
Anti-virus companies have databases of know malware and spy software that is updated daily (virus definition files). The anti-virus software then looks for a fingerprint … a piece of code that would be unique to the specific spy program inside each file.

Behavior Detection:
Each anti-virus package has its own name for this technique (Bloodhound, Sonar Detection, Sandbox Testing, etc). In short, the software will not only look at what the program is doing, but also execute pieces of code of the program in a safe (sandbox) environment too see what it is capable of doing.

Even if the key logger or spy program is a new program, it can still be detected and removed by anti-virus software.

How does redpill then manage to get past most anti-virus packages?

redpill has a unique set of counter detection techniques to avoid detection by both the fingerprint detection method as well as the behavior detection method. For obvious reasons we can’t discuss how these techniques work but redpill is continually busy improving these techniques.

Can redpill get past all anti-virus packages and security tools?

At the end of the day, the redpill spy products still need to perform some ‘red flag’ operations like logging keys, taking screenshots, transmitting data and restarting after a reboot. Although redpill employ some advanced and unique techniques to camouflage these actions, it is impossible to hide them completely as they need to be performed.

For that reason it will always be possible for the more advanced anti-virus packages and security tools to detect, remove or block redpill products.

redpill still get past most, as these advanced detection products that can detect or block redpill products are not very popular due to a large percentage of false positives from these products.

What to do if your redpill product is detected or removed

If your redpill product is detected or removed by your anti-virus, download and install the latest version (for redpill Spy) or install again using a new install module (for redpill Detective and redpill Agent).

Never use an old install file or install module. Even if the version number is the latest, redpill products are continually updated to prevent detection.

Friday, 11 January 2013

Are spy software and key loggers legal?

Is spy software like redpill Spy legal?

YES! The software itself is not illegal. It is however possible to use the software in an illegal manner.

In most countries it would be illegal to install spy software on a computer you do not own. In some countries you would also be required to inform your employees if you are going to monitor their computers. There are obviously exceptions to these rules and would depend on the specifics of the case.

Examples of where it would (normally) be legal:
  • If you want to monitor your employees working on your computers.
  • If you want to monitor your children to protect them from the dangers of the internet.
  • If you install it on you home computer even if you are not the only one using the computer.
  • If you are doing official penetration testing for a company.

Examples where it would usually be illegal:
  • It would be illegal if you install spy software at an internet cafĂ© with the purpose of stealing credit card or other personal information.
  • If you remotely install spy software on a computer at a company with the purpose of committing industrial espionage.

Please always respect people’s privacy and do not use redpill software illegally.