Wilders Security Forums  

Go Back   Wilders Security Forums > Security Products > other anti-malware software
Reload this Page Does PatchGuard stop kernel level keyloggers? Or rather, did it?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old October 8th, 2010, 12:12 AM
SpongeGuard SpongeGuard is offline
Infrequent Poster
  
Join Date: Sep 2010
Posts: 22
Default Does PatchGuard stop kernel level keyloggers? Or rather, did it?
I know PatchGuard made it hard/near impossible for rootkits to infect an x64 system and retain system stability, but how about kernel level keyloggers? Since PatchGuard protects the kernel, are keyloggers that don't use TDL3's method of infection still hindered by PatchGuard?
  #2  
Old October 8th, 2010, 04:56 AM
Ilya Rabinovich Ilya Rabinovich is offline
Developer
  
Join Date: Sep 2005
Posts: 1,516
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
PatchGuard can't protect against kernel-level keyloggers as they are using legitimate IRP filtering. Or it may use another trick (driver device function hook) PG does not control.
__________________
DefenseWall HIPS developer. www.softsphere.com
  #3  
Old October 8th, 2010, 08:13 AM
jmonge's Avatar
jmonge jmonge is offline
Incredibly Massive Poster
  
Join Date: Mar 2008
Location: Calgary,Canada
Posts: 11,766
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
then 64 is not as secure as they promissed
__________________
Emsisoft Anti-Malware 7.0/WebRo0t AntiVirus 2o13
  #4  
Old October 8th, 2010, 10:24 AM
shadek's Avatar
shadek shadek is offline
Very Frequent Poster
  
Join Date: Feb 2008
Location: Sweden
Posts: 1,786
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
Quote:
Originally Posted by jmonge
then 64 is not as secure as they promissed

It was only a matter of time until x64 would be exposed to threats it supposedly would be immune to.
  #5  
Old October 8th, 2010, 11:12 AM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,409
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
Quote:
Originally Posted by Ilya Rabinovich
PatchGuard can't protect against kernel-level keyloggers as they are using legitimate IRP filtering. Or it may use another trick (driver device function hook) PG does not control.
Doesn,t every kernel based keylogger needs to install a driver for its keylogging and this driver install will be stopped by PatchGuard?
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
  #6  
Old October 8th, 2010, 11:51 AM
shadek's Avatar
shadek shadek is offline
Very Frequent Poster
  
Join Date: Feb 2008
Location: Sweden
Posts: 1,786
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
Quote:
Originally Posted by aigle
Doesn,t every kernel based keylogger needs to install a driver for its keylogging and this driver install will be stopped by PatchGuard?

No. Test the Zemana keylogger or Spyshelters keylogger on a Windows x64 system and you'll have the evidence right there. Please note that those keyloggers are not actually malware, but merely testing tools.
  #7  
Old October 8th, 2010, 12:10 PM
Ilya Rabinovich Ilya Rabinovich is offline
Developer
  
Join Date: Sep 2005
Posts: 1,516
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
There is only one really working protection mechanism to prevent malware in kernel mode- loading only signed driver files. But it can be subverted with MBR trick. PatchGuard doesn't protect the system as advertised.
__________________
DefenseWall HIPS developer. www.softsphere.com
  #8  
Old October 8th, 2010, 07:22 PM
jmonge's Avatar
jmonge jmonge is offline
Incredibly Massive Poster
  
Join Date: Mar 2008
Location: Calgary,Canada
Posts: 11,766
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
agree
__________________
Emsisoft Anti-Malware 7.0/WebRo0t AntiVirus 2o13
  #9  
Old October 8th, 2010, 08:23 PM
aigle's Avatar
aigle aigle is offline
Incredibly Massive Poster
  
Join Date: Dec 2005
Location: Saudi Arabia/ Pakistan
Posts: 10,409
Default Re: Does PatchGuard stop kernel level keyloggers? Or rather, did it?
Quote:
Originally Posted by shadek
No. Test the Zemana keylogger or Spyshelters keylogger on a Windows x64 system and you'll have the evidence right there. Please note that those keyloggers are not actually malware, but merely testing tools.
They are not kernel based keyloggers I think.
__________________

Ubuntu 12.10
AX64 Time Machine, Comodo FW & Defence Plus, Sandboxie not compatible?
 

Wilders Security Forums > Security Products > other anti-malware software « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 03:31 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums