How to test anti-keylogger software
Installing any good antivirus program will protect you from known keyloggers, but you’ll still be vulnerable to the very latest threats.
Specialist anti-keyloggers such as SpyShelter take a very different approach. Instead of trying to detect and remove malware, they focus on preventing anything intercepting your keypresses.
Sounds great, but -- how do you know whether any anti-keylogger is doing anything useful? That can be a challenge. Even if you install a commercial keylogger and see if it records anything, that won’t necessarily prove much (it might be a poor keylogger, real malware may be more effective).
Anti-Keylogger Tester is a portable freeware tool which supports capturing your keystrokes by seven separate methods, and immediately displays anything it manages to intercept.
The program is aimed at Windows experts who will understand API-based test names like GetAyncKeyState and GetRawInputData, but the technicalities aren’t too important. All you have to do is click a button like GetKeyboardState, Alt+Tab to another application and start typing.
Anti-Keylogger Tester displays any keypresses it intercepts in the "Captured keys" box. If your keys appear, the test has failed. But if the box stays blank or records random keypresses, your anti-keylogger has passed this test: click "Stop" and try another.
There are also a couple of bonus screenshot tests which attempt to capture images and save them to file, or the clipboard.
Anti-Keylogger Tester was written in 2012, for Windows Vista, so it’s probably no surprise that there were some issues on our Windows 10 system. For example, the "JournalRecord Hook" never worked for us, displaying an error message every time.
Despite that, the program was useful in other situations. We were able to see that the simple freeware anti-keylogger Ghostpress passed most tests but failed on one, while the commercial SpyShelter either blocked or raised an alert for everything we tried.
One small concern about Anti-Keylogger Tester is that is doesn’t work like a "real" keylogger. It doesn’t try to hide its interface. It doesn’t save its log to disk. If an anti-keylogger takes this into account, sees the program is displaying information in a visible window and therefore you probably trust it, the results may be misleading.
If you’d like to cover this extra possibility, check out the open-source vbLogger (aka "capablemonkey’s keylogger" instead). This is much more basic and only has a single capture type, but you can hide and restore it by pressing Ctrl+Shift+S, as well as have it write the log to file when the program closes, which could be a more realistic test.