I just reinstalled the latest WSA and notice that Keyscrambler does not work with Firefox. Seems to work OK with IE. Anyone else have this issue?

Not really sure why you need keyscrambler with WSA. Maybe someone else can inform us both.

I agree with trjam - I'd imagine they would conflict if you're using WSA Essentials or Complete. If you're on AV-only, however, that could be due to an incompatibility.

If you could let me know what product you have installed and what OS you're using, I'll take a look :)

Found that WSA was blocking it in the protected applications list so I moved it to allow and all is good. As a side note I use Keyscrambler for realtime encryption of keystrokes. Thanks for the help.

No conflicts at all here with Keyscrambler, WSA AV (only) and Firefox.

speaking of keyscrambler and wsa.....keyscrambler encrypts any keyboard input in browser(free ks for example) and wsa identity shield protects any information entered in the app listed in 'Protected Applications(Advanced)' ......now firefox is listed in wsa and ks also encrypts it.....so how does wsa protect the information entered in ff if ks encrypts that information in realtime?...........I mean ks encrypts so that apps in the pc like malware are unable to read the information entered......if wsa which is an app in that same pc cannot read the information how can it protect it.....right?........

so do wsa and keyscrambler not in effect conflict?......

Both are jamming the keyboard, so keyscrabler is fully redundant with WSA (essential and complete)

Not to sure about that as Keyscrambler encrypts the keysrokes in realtime. WSA more or less protects the user space.

-{ Quote: "Not to sure about that as Keyscrambler encrypts the keysrokes in realtime. WSA more or less protects the user space." }-

No, WSA does the same with encrypting keystrokes from kernel mode in realtime, although it goes a step above just encrypting to completely drop the keystrokes from the OS after zeroing them out to prevent any snooping.

well then keyscrambler is definitely not needed since wsa does it's job.....

but if ks is present in a system with wsa, is it possible that the duo double encrypts keystrokes?.....because I've seen ks showing encrypting keystrokes in it's bar even when wsa shows it's identity shield padlock.......

-{ Quote: "No, WSA does the same with encrypting keystrokes from kernel mode in realtime, although it goes a step above just encrypting to completely drop the keystrokes from the OS after zeroing them out to prevent any snooping." }-
Thanks for the answer. Does WSA protect the keystrokes on websites with no padalock also?

-{ Quote: "Thanks for the answer. Does WSA protect the keystrokes on websites with no padalock also?" }-

Yes, WSA in general (signature/bahaviour detection and firewall) will protect your system from keyloggers and malware components trying to connect out.
However, the specific module "Identity Shield" will be functional only with padlock.

Padlock should normally always be visible when you are on https websites or on protected applications. If not, you have problems there or changed its configuration.

You can configure WSA to protect whatever website or application:

Websites: http://www.webrootanywhere.com/sah_Identity_Protection.asp?n=Managing_protected_websites
Applications: http://www.webrootanywhere.com/sah_Identity_Protection.asp?n=Managing_protected_applications

KeyScrambler protects the Windows logon.
Does WSA also?

Does WSA cover the apps protected by KeyScrambler Premium (http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm)?

Hopefully yes. :)

-{ Quote: "KeyScrambler protects the Windows logon.
Does WSA also? Does WSA cover the apps protected by KeyScrambler Premium (http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm)? Hopefully yes. :)" }- yes, you can add whatever applications to the protection "padlock". Not sure if you can with logon. But adding an application to protect only the logon seems a bit a waste of resources :) See here: http://www.webrootanywhere.com/sah_Identity_Protection.asp?n=Managing_protected_applications

-{ Quote: "yes, you can add whatever applications to the protection "padlock". Not sure if you can with logon. But adding an application to protect only the logon seems a bit a waste of resources :) See here: http://www.webrootanywhere.com/sah_Identity_Protection.asp?n=Managing_protected_applications" }-
KeyScrambler also protects Domain Logon, and Vista UAC prompts.

-{ Quote: "KeyScrambler also protects Domain Logon, and Vista UAC prompts." }-

As any applications I guess its just a matter to identify the executables responsible for that function in the system and add it to the protected applications... :) As said already, KeyScrambler looks really redundant to me on a WSA framework. May be a sandbox could be a complement... but a jamming tool doesn't look like adding much to what already is there (and the key/screen logging protection in WSA is one of the best if not the best out there).

But if you are keen to run it anyway then I am sure its fine also! Sometimes its more important how you feel confident on your security setup than the actual protection that setup is providing you.

-{ Quote: "But if you are keen to run it anyway then I am sure its fine also!" }-
Hi fax
I'm just trying to participate in finding out if these two programs are redundant, as has been stated. Not to be flip, but I'm not keen to run WSA. Not at this time, anyway. But I enjoy keeping my eye on what is going on over here in the Prevx forum.
And I agree with your thoughts about the importance of feeling confident with your setup.
Thanks for the responses. ;)

Thanks for the input on this. I have decided to keep both WSA and Keyscrambler for now. They seem to get along ok. Mabey later I will decide that Keyscrambler is not needed.

I think the question we need answered by Joe is whether the encrypting of keystrokes happens in -all- cases full time, or whether it only occurs for applications protected by the I&P module.

If it happens full time in all situations, then WSA makes KS completely obsolete, because it does the same thing And More™. If it only does it for things that are covered by the I&P module, then trying to protect UAC and Login would be a pain.

My -guess-, based on other information, is that it does it all the time at the kernel level for the entire system, I&P module not needed to get the key scrambling from WSA. Then the I&P module also blocks Other Interesting Things™ (like Clipboard, screen capture, data access, etc). Mind you this is my guess. Feedback from Joe would be best here.

-{ Quote: "Feedback from Joe would be best here." }-
Yep. KeyScrambler Premium protects Windows Logon, Domain Logon, and Vista UAC prompts. I'd like to hear from José too. ;)

WSA will encrypt/protect keystrokes for the configured applications in the Protected Applications list (browsers by default, but other applications can be added). You should be able to add LogonUI.exe to the list to protect its keystrokes as well. We don't protect every keystroke every time just because of the potential for stray issues - some applications do require their keystrokes to be read (i.e. Synergy, which shares keystrokes across PCs).

WSA will of course block known keyloggers with the antimalware protection so you're only ever exposed to unknown keyloggers running on your PC.

'Realtime encryption of your keystroke stream is displayed live in the unobtrusive interface so you know how and when KeyScrambler is working.' 'As you type Keyscrambler encrypts your credentials.'

'Encrypts usernames, passwords and credit card numbers'- for only complete users.

so wsa essentials and av users do need Keyscrambler, right?

-{ Quote: " so wsa essentials and av users do need Keyscrambler, right?" }- No, only WSA without the identity shield may need keyscrambler (i.e. WSA antivirus). WSA essential and complete come already with the identity shield.

-{ Quote: "No, only WSA without the identity shield may need keyscrambler (i.e. WSA antivirus). WSA essential and complete come already with the identity shield." }-
as I've already mentioned 'Encrypts usernames, passwords and credit card numbers' is only for complete users......and ks does that......so essentials users also need ks........

Those words are marketing to sell the password manager in "complete". Realtime encryption of passwords, login, etc... is also in "essential". This was already discussed here several times... for example, here :)

http://www.wilderssecurity.com/showthread.php?t=317122

-{ Quote: "as I've already mentioned 'Encrypts usernames, passwords and credit card numbers' is only for complete users......and ks does that......so essentials users also need ks........" }-
I agree with this. Also I did not hear Prevx say that Keyscrambler was not needed.

A kind of heavy lobbying for keyscambler in here, lol ;D

IMO, Prevx is currently not anymore developed (application wise) and soon to be replaced by WSA, so it could make sense to run it with keyscrambler considering it is slowly getting outdated and there may be areas not well covered (e.g. MRG effitas simulator).

For WSA Essential and complete it was said plently of times in different threads that is basically redundant. The piling up of applications covering the same areas is normally not the best strategy to improve your security. You need to look for complementary layers (HIPS, sandbox, AV)

Obviously, no one will force you not to use what you feel like to use. Soooo, you feel more safer with keyscrabler? Then use it! 8) :thumb:

-{ Quote: "Those words are marketing to sell the password manager in "complete". Realtime encryption of passwords, login, etc... is also in "essential". This was already discussed here several times... for example, here :)

http://www.wilderssecurity.com/showthread.php?t=317122" }-
hmm......marketing gimmick, ay?.......if official site clearly says things and if a user takes those as true and follows......and then finds out the opposite in forum.....I say official site does not hold credibility anymore......

-{ Quote: "hmm......marketing gimmick, ay?.......if official site clearly says things and if a user takes those as true and follows......and then finds out the opposite in forum.....I say official site does not hold credibility anymore......" }- yes, this was already pointed out several weeks ago to Prevhelp (another thread, can't find it now!)... I guess he has no influence on webroot marketing dept. ;)

-{ Quote: "yes, this was already pointed out several weeks ago to Prevhelp (another thread, can't find it now!)... I guess he has no influence on webroot marketing dept. ;)" }-
oh well I wasn't gonna use keyscrambler anyway....just wanted to point out ks is needed for essentials and av users........

-{ Quote: "oh well I wasn't gonna use keyscrambler anyway....just wanted to point out ks is needed for essentials and av users........" }- I may sound like a broken record, LOL. But your statement is again not correct. KS may be useful only on WSA AV NOT WSA Essential! Looks like marketing department messages are working well! ::)

-{ Quote: "I may sound like a broken record, LOL. But your statement is again not correct. KS may be useful only on WSA AV NOT WSA Essential! Looks like marketing department messages are working well! ::)" }-
I said I wanted to point out....not that I pointed out.....I couldn't because of marketing messages.......you , sound like a broken record? imagine that ::)

Great! Clearer, thanks.
Issue solved... hopefully :)

marketing gimmicks :thumbd:........fax :thumb:

About protecting the keystrokes on the logon screen, I added logonui.exe to the protected applications and it worked without issues. However it seems that Windows has protection of it's own as both the Zemana and Spyshelter tools were unable to log the keys(before I applied WSA protection), even not when run as Admin. This was tested on Win 7 32-bit btw.

Just to clear this for me, every time i see a padlock on the WSA icon it means the keystrokes are being encrypted?

-{ Quote: "Just to clear this for me, every time i see a padlock on the WSA icon it means the keystrokes are being encrypted?" }-

This is what Joe said so it's very clear!
-{ Quote: "No, WSA does the same with encrypting keystrokes from kernel mode in realtime, although it goes a step above just encrypting to completely drop the keystrokes from the OS after zeroing them out to prevent any snooping." }-

-{ Quote: "WSA will encrypt/protect keystrokes for the configured applications in the Protected Applications list (browsers by default, but other applications can be added). You should be able to add LogonUI.exe to the list to protect its keystrokes as well. We don't protect every keystroke every time just because of the potential for stray issues - some applications do require their keystrokes to be read (i.e. Synergy, which shares keystrokes across PCs).

WSA will of course block known keyloggers with the antimalware protection so you're only ever exposed to unknown keyloggers running on your PC." }-

HTH,

TH