I have read that some of the antivirus/antispyware products intentionally allow commercial keyloggers. The disingenuous rationale is that they sometimes have legitimate uses. I posted about this on the superantispyware forum. I'm pretty upset about this issue.

Businesses log. They monitor. And they tell people right up front that they are being monitored.. Everyone knows it. So why would it matter if a commercial keylogger shows up? I have never worked for a company that would allow me to install a scanner on their system anyway. They would have thrown me out on my ass.

I wonder what the percentages of sales would be for keyloggers purchased by businesses in comparison to keyloggers purchased by individuals? I can't help but wonder if there is some cash being exchanged as an incentive to allow some of these keyloggers.

Putting a keylogger on a private citizen's computer is like putting a video cam in their bedroom. It's sick. And I think that it is incredibly irresponsible for a company to tell people that they protect against malware when they are intentionally allowing some of the worst to be installed on your computer. They should tell people right up front that if someone puts a commercial keylogger on your computer, their product will allow the keylogger to spy on you. And they should list the ones that they intentionally allow.

Does anyone know of an antivirus or antispyware product that protects against all known malware?

Hello.

I was reading quite an interesting article at sophos.com here (http://www.sophos.com/blogs/gc/g/2009/01/05/sophos-police-hacking/) the theme is much similar to what you're concerned about. The reasurance that a security vendor is going to flag malware nomatter where its coming from.

I think the question of whether a security vendor is capable and willing to flag corporate/government malware will go a long way to decide which security products customers trust enough to put on their computer, certainly in the foreseeable future.

Police hacking computers to gain intelligence, who are the bad guys?

{QUOTE-> The Association of Chief Police Officers has said that in 2007-2008, British police carried out 194 remote hacking operations, including 133 in private homes, 37 in company offices and 24 in hotel rooms. It isn't clear how many of these attacks used spyware software or keylogging hardware to examine information held on a suspect computer. <-QUOTE}

If you are in the position of flagging a government agency/corporate created malware ... will you?

When you look at the problems some vendors have got themselves into for handing out SSL certs to rogue sites for $$$ ... it makes you wonder if some have the ethical balls to flag.

{QUOTE-> One thing I can promise you though: If Sophos encounters any malware written by the police, we won't turn a blind eye. We will add detection for it. <-QUOTE}

{QUOTE-> For anti-virus vendors to know which spyware Trojan horse to ignore, the British police would need to provide us with a sample of their code. For security reasons, it seems unlikely that this would happen. As a result, how will we (and other security vendors) know which code is written by the cops and which originates from traditional hackers? After all, it's not likely to say <-QUOTE}

{QUOTE-> In order to properly protect customers, Sophos continues to protect against all the malicious code that we see.

Even if security vendors were made aware of the code, how would we know that our customer was the intended target of police surveillance? You see, by planting spyware on the PCs of those under suspicion, the police could essentially be placing a weapon directly into the hands of their enemies. <-QUOTE}

{QUOTE-> Spying and remote-hacking code could easily be adapted and new variants created with far more sinister intentions in mind. Once the Trojan was released, there would be no way of knowing who would use it to spy on whom, and with what consequences. In an ironic twist of fate, the police could even find itself to be the victim of its own code.

So we will continue to defend computer users against malware and spyware, regardless of who might have written or installed the code. <-QUOTE}

{QUOTE-> And if that puts us at loggerheads with our friends in the police, so be it. <-QUOTE}

I like what Sophos is saying about this matter. So well done them.

Don't agree with their bashing other products to promote their own, though.

{QUOTE-> Sophos outshines Symantec, McAfee, Trend, and Checkpoint <-QUOTE}

They have been given free reign in the UK to abuse as they please. They do not have to answer to anyone. Try and tell me that they won't be abusing the Hell out of that. They will spy on anyone for any reason. And I am quite confident that it will be used for personal reasons as well...if it hasn't already.

I just wonder how good Sophos is.? I haven't seen it mentioned much. I see that they have a free scanner. I think I'll give it a shot.

I think a list needs to be made of the antivirus/antispyware companies who deliberately allow keyloggers, and the ones who do not. People have a right to know. Otherwise, maybe some lawsuits for false advertising are in order.

On any computer that you don't own, you have no realistic expectation of privacy. On your own, you can allow, block or remove whatever you choose. The best way to keep keyloggers off of your system is with a default-deny security policy. Instead of worrying if your AV, AS, etc will detect all keyloggers, take the opposite approach. Specify what is allowed to run and block everything else by default. It takes a while to set up and requires that you know or learn what applications and processes need to run for normal operations, but when it's done, you're system will not allow an unknown process to run. Software keyloggers, malware, trojans, etc are processes or are installed by processes. Short of someone entering your home and concealing keylogging hardware, a properly enforced default-deny policy will prevent keyloggers or any other unknown processes from running on your system.

{QUOTE-> On any computer that you don't own, you have no realistic expectation of privacy. On your own, you can allow, block or remove whatever you choose. The best way to keep keyloggers off of your system is with a default-deny security policy. Instead of worrying if your AV, AS, etc will detect all keyloggers, take the opposite approach. Specify what is allowed to run and block everything else by default. It takes a while to set up and requires that you know or learn what applications and processes need to run for normal operations, but when it's done, you're system will not allow an unknown process to run. Software keyloggers, malware, trojans, etc are processes or are installed by processes. Short of someone entering your home and concealing keylogging hardware, a properly enforced default-deny policy will prevent keyloggers or any other unknown processes from running on your system. <-QUOTE}

Such configuration is not suitable to the average home user, who needs to install, uninstall, change configurations of different software. What you say is done in high security structures, where there is no need for computers that change dynamically, and it is possible to specify the few needed services that are allowed to run.

{QUOTE-> Such configuration is not suitable to the average home user, who needs to install, uninstall, change configurations of different software. What you say is done in high security structures, where there is no need for computers that change dynamically, and it is possible to specify the few needed services that are allowed to run. <-QUOTE}
Mine is a home unit. Several people use it. It's got everything they need.

A home PC doesn't need to be changing all the time. How often does the average home user actually "need" a new piece of software? As long as users can install whatever they want, you're stuck with relying on detection software and the problems that come with it, missed detections, false positives, etc. The user needs to decide which matters more to them. Here, if someone needs or wants a new app or game, they tell me. If it's clean, I'll install it. The biggest inconvenience is a slight delay. That slight delay has saved a lot of time, work, and worry in the long run. Default-deny works fine in a home environment. The only thing the users can't do is change things whenever they get the urge.

What kind of program do you use to specifically allow or deny?

Prevx confirmed that they don't differentiate between commercial and noncommercial keyloggers.

spy sweeper is very good in zipping commercial and noncommercial keyloggers...but spy sweeper itself is a tricky and touchy software for most.

My choice is SSM, but you can use any application that allows you to build a process whitelist. There's a good thread regarding using software restriction policies to protect against the unknown. I'm sure that several of the available "HIPS" or process firewalls can also do this. The choice of software or utilities used is not that critical. It's the policy and how well the tools are configured to enforce it that's important. Regardless of how the policy is enforced, it's just much easier to keep tract of the 50 to 100 known good applications and system executables that you need or use than it is to keep up with the hundreds of thousands of malicious apps, files, bits of exploit code, etc.

Default-deny doesn't have to be restrictive, unless you're one who is always trying new software. For those users, something like VM would be ideal. Even that can run on a default-deny protected OS. If your PC is equipped the way you want it, a default-deny policy can make sure it stays that way. When the policy is matched to the users needs and the users software runs as it should, there's no indications that the policy is even there. My operating systems predate software restriction policies and limited user accounts, Win2K being the most recent. Even on these, I used SSM to define separate user and administrative modes. For normal usage, I run in user mode. All of the software I use on any regular basis is whitelisted and runs as it should. Default-deny is only restrictive when it doesn't match the users needs.

That sounds pretty involved but I think over time I can learn. Thanks for the tip.

{QUOTE-> spy sweeper is very good in zipping commercial and noncommercial keyloggers...but spy sweeper itself is a tricky and touchy software for most. <-QUOTE}

I have heard that is a good product. I will probably give it a try. Thanks. I like your avatar.

{QUOTE-> I have heard that is a good product. I will probably give it a try. Thanks. I like your avatar. <-QUOTE}

I do not know how well the Spy Sweeper (which version ?) deals with (commercial) keyloggers.

Just a few words of caution: last time I checked, I really didn't like their privacy policy. There is some kind of community network, and I don't know if you can opt out of that. The default install would install the ask.com toolbar, possibly more. The quality of their technical customer support is often very bad.
Again, last time I checked.

{QUOTE-> Spy Sweeper (which version ?)deals with (commercial) keyloggers <-QUOTE}
6.1 and read here
{QUOTE-> "In a parallel test using commercial keyloggers in place of actual malware, Prevx detected 90 percent of the threats, the same as Webroot and more than any other product. But Webroot cleaned up more thoroughly, scoring 6.8 in this test while Prevx got 6.0 points."from...here..http://www.pcmag.com/article2/0,2817,2346868,00.asp
<-QUOTE}
and
{QUOTE-> There is some kind of community network, and I don't know if you can opt out of that <-QUOTE}
WARN....is the name of the communnity and you can opt out
and
{QUOTE-> The default install would install the ask.com toolbar, possibly more <-QUOTE}
you can opt out..simply untick

as i said earlier spy sweeper itself is a tricky and touchy software for most.

{QUOTE-> 6.1 and read here


as i said earlier spy sweeper itself is a tricky and touchy software for most. <-QUOTE}

What is tricky about it? Will an average user be able to make sense of it?

{QUOTE-> I have read that some of the antivirus/antispyware products intentionally allow commercial keyloggers. <-QUOTE}
Where is the problem? If you have a good security setup you don´t have to worry.

{QUOTE-> Where is the problem? If you have a good security setup you don´t have to worry. <-QUOTE}

I thought an antivirus and antispyware product was part of a security setup.

But anyway, I do use Keyscrambler Premium and Zemana. Eset Nod32. Zone alarm free firewall.

What would you recommend?

Oh and I use Sandboxie and Returnil too.

Apps like Sandboxie are good for keeping malicious code from installing or becoming permanent on your OS. They will not stop malicious code from running. Remember when the Bank of India was hacked and started serving up malware? A compromised financial site serving up a keylogger is a very real possibility. A keylogger doesn't have to be installed to be costly. It only needs to be running when you're entering a password it's owner wants to capture. Security packages based on isolation, virtualization, or "reboot to restore" would not be sufficient in such a scenario. An anti-keylogger that depends on signatures or other means of identifying known threats could suffer from the same shortcomings as AVs. Something to think about while you plan your defenses.

DefenseWall is a good tool - System sandboxing and HIPS to detect keylogging.

With regards to protection against keyloggers, check this thread out for a rather excellent method:
http://www.wilderssecurity.com/showthread.php?t=243522

{QUOTE-> I thought an antivirus and antispyware product was part of a security setup.

But anyway, I do use Keyscrambler Premium and Zemana. Eset Nod32. Zone alarm free firewall.

What would you recommend?

Oh and I use Sandboxie and Returnil too. <-QUOTE}
So why do you worrie? It is a good setup.

I've read where one of the tech editors at PC World actually puts a brand-new "perfect image" on every morning. Not just a Returnil/Deep Freeze-like IR solution, but does the whole image from disk everyday. Seems like a hassle - but he says he's got it down to two minutes flat. That would keep you protected from keyloggers about as well as anything else I can think of.

{QUOTE-> I've read where one of the tech editors at PC World actually puts a brand-new "perfect image" on every morning. Not just a Returnil/Deep Freeze-like IR solution, but does the whole image from disk everyday. Seems like a hassle - but he says he's got it down to two minutes flat. That would keep you protected from keyloggers about as well as anything else I can think of. <-QUOTE}

Except that...what if you get infected by a keylogger in the morning...the keylogger steals your data in the afternoon, evening and night...and you only start with a whole new image the next morning?

{QUOTE-> With regards to protection against keyloggers, check this thread out for a rather excellent method:
http://www.wilderssecurity.com/showthread.php?t=243522 <-QUOTE}

Thanks for that. I do delete my browser sandbox often, but i download a lot of music, movies, and art. And i collect animated gifs. So I really do expose myself to a lot.

I think that I need to take the plunge and learn how to use a HIPS program. I also use Prevx and Sandboxie.

I am looking forward to the new XB Browser though. From what I understand, it will be pretty amazing.

{QUOTE-> DefenseWall is a good tool - System sandboxing and HIPS to detect keylogging. <-QUOTE}

I guess Defensewall is my next step. I hear it's really good.

{QUOTE-> I guess Defensewall is my next step. I hear it's really good. <-QUOTE}

For easy daily use (no pop-up hassles) DefenseWall is the ideal choice. It has default denial rules ... all launched applications run as unsafe, unless you wish to grant full rights, such as P2P downloads - create a default downloading folder, and so on. Updating applications is simply a case of remembering to Run with full rights. As you've used Sandboxie it should be a breeze to figure. Of all the HIPS around Defensewall is the easiest to use, IMO.