Steve,
I don't have any direct experience with support/development of KeyCapture.
My guess is that none of these three commercial products have a large development group, and I would be surprised if any had more than one primary developer/maintainer for the products. I also doubt that there are many HP engineers dedicated to the VMS terminal driver.
I would guess that all the products that are logging on the node being monitored are intercepting the traffic between the terminal port/class interface via the GETNXT/PUTNXT routine pointers in the terminal UCB (UCB$L_TT_GETNXT/UCB$L_TT_PUTNXT). At least that is the most direct (most efficient) approach that I am aware of. Just for reference, PUTNXT is used for terminal input (it puts into the typeahead buffer); GETNXT is for terminal output (gets the next character or string (burst) to output to the user's terminal.)
In my opinion, the most important question is how well the design is documented by/for the product developers/supporters and how cleanly written the code is. This will determine how easily a new person will be able to support the product. Unfortunately, I know of no way to determine this from the outside, as the code is proprietary and closed source.
One indicator is the quality of the external product documentation. Another is how long it took each vendor to release an IA64 version of the product after OpenVMS IA64 became available. Although this is an indirect indicator, it is an externally visible indicator of the vendor's ability/desire to support the VMS market. Since these products are using internal features of VMS that are not in end user documentation, it implies that the vendors need access to the VMS source code listings (or at least a contact in VMS engineering that can provide select information).
Jon
it depends
