Anti-keylogger's

http://www.raymond.cc/blog/archives...pe-on-keyboard/comment-page-1/#comment-511399

 

The last time that I tried SS leak test OA was not able to block all of it, anyway I'm not sure which version it was but is not the last one, I have not tried with the latest beta 5.1 http://support.online-armor.com/showthread.php?t=14674
For example The antinetworkspy module of SS adds something that OA does not have, It's "suppose" to be able to block the specific attack of the banking malware. I think that OA and CIS would be able to show just execution popups.
I don't see anymore OA on matousec I'm not sure if it was tested with the new set of 145 leaks, but probably it would get a 100% like Comodo.

Anyway I would never run SS together with HIPS like Comodo or OA, there other programs that are a better companion for this kind of products.

 

Thats great news then Thanks

 

The problem of KeyScrambler is that is not able to block modern banking malware for stealing your passwords, but is the best one against real time capturing.

 

ah ok

 

For example KS was not able to block anything in the banking malware test done by MRG, against malware like Zeus that is able to capture what you sent in your browser (of course KS is not designed to block that but still is a way to steal passwords), anyway as you can see in the raymon test is able to pass any real time capture software/malware.
I just want to make you sure about the limitations of KS, it's protects against "real time" capture, if the capture is not done on "real time" it will not protect

 

yep I agree.

 

I'll give the latest OA beta a go against the SS tests later if I get a chance (but I can only do this on x86, not x64).

If the SS antinetworkspy is anything like Zemana's antiSSL Logger then it would probably silently block any hooking attempts of wininet.dll, nspr4.dll, chrome and opera. But I'm not certain it operates in the same way. The only evidence I have seen from the MRG screenshots from one of their test reports indicates it may not be a silent block, just that it alerts to a global hook. I sure would like to understand what this module does because I can't find any real information on it.
Either way, OA should alert to the hooking attempt also.

 

They key is to do it on x64 (at least for me that I'm using it xD), most of the HIPS does not perform the same on x64 than in x86.
I tried a couple months ago more or less and OA was not able to block everything, I got the same results than the user of the link that I posted before.

If somebody could check it with the 5.1 beta on x64 would be nice.

Anyway I don't consider those fails important.

 

interesting

 

By design, lower integrity level objects can read from higher integrity level objects.

If you want to prevent lower integrity level objects to read from higher integrity level objects, you need to apply an explicit higher integrity level to the object (say, the web browser's process) with the flag -nr.

Doing that will, effectively, prevent keyloggers running with a lower integrity level than the browser from recording the key strokes.

For those running two different browsers (or the same browser, but more than one install), you could easily apply either a medium or high integrity level to the browser used to access your bank account/other sensitive tasks, and restrict in your firewall the communications to happen only to the bank IPs.

I tested the integrity levels approach against Prevx SafeOnline, and the result being that the browser running with an explicit high integrity level with the flags -nw -nr -nx sucessfully prevented the Spyshelter keylogger simulator from reading the browser's process when entering credentials.

As long as the keylogger runs with a lower integrity level, it won't record key strokes.

But, a screenlogger protection would still be needed, though. As this would be out of the integrity level's protection scope.

We'd still need something against that.

 

m00nbl00d,

I don`t understand a word of it, but I do recognise the exceptional technical gist of it - an astonishing and very explicit post. 10/10 !

Not sure what Kees will say as he is also a Grand Maestro in PC gymnastics, but I am looking forward to reading it.

Gosh m00nbl00d, I wish my humble brain could grip what you say, it looks so relevant and helpful to those who can.

Thanks for posting a really interesting and unusual but probably a little known aspect of increased security against keylogging and compliments to Kees for prompting it.

John

 

Preaching to the choir here. I've been using Keyscrambler Personal for over a year now. I was simply inquiring about the benefits of paid versions of like software. You get the wrong impression if you think I'm neurotic for this.

I think it's flawed logic though to just think "oh well, they can get into the Pentagon, so why even bother"? The problem with big networks is that they're sometimes only as strong as their weakest link. If just 1 person with elevated privileges is lax (weak or no password, ect...), then the entire network can be compromised. For this reason it can often be harder to penetrate the defenses of 1 "neurotic" Wilders member than to hack into NASA. Just ask the guy who did the latter once (forget his name) how difficult it was. He said it could be been prevented with simple password protection and disabling Remote Registry. So I don't think we should let these examples deter us from thinking we can be safe.

I've been using only free software for the past 6 years, until recently purchasing Avira Premium AV ($1.04/mo.), Sandboxie ($43/life), and a VPN service ($8.33/mo). So I certainly haven't been breaking myself trying to obtain the unobtainable "perfect" setup. For $9.37 per month I feel a lot safer. So I believe some things are worth the investment, especially great products that offer lifetime licenses (like Sandboxie). A one time fee of $43, and I never have to worry about it again.

If Keyscrambler had a similar offer I would jump all over it. Naturally, the goal is to not get a keylogger in the first place, but the concept of a "layered" approach is so that in the unlikely event it happens, you're covered. If I could add that layer for a 1 time, nominal fee, I'd do it without thinking twice. But paying that much every year, well, one would indeed have to be neurotic to do so.

 

A successful malware keylogger must have 2 components- the keylogging module as well some component to transmit the stolen information out. It would seem to me that an adequate Network Traffic defense either through firewalls or sandboxing should be part of this discussion.

 

it's the devil and his service

 

I'm wondering if anyone knows if theres a key logger out there that i can simply download or if walmart carries these? any help about this would be fantastic!

 

Yesterday I bought two licenses of KeyScrambler Professional.

I asked about their licensing system and Qian replied that:

Honestly, I wish the license was actually lifetime (no worry about future upgrades) but one of the reasons I bought the KeyScrambler is that it unlike other anti-keyloggers (Okay, I know that the approach is different, but in practice both has the same function: To prevent theft by keyloggers) works totally on my x64 system (Unlike Zeman and others) and also not based on signatures (Another thing I avoid). Also I have entered into contact with the support of QFX Software has always been good and there is nothing to complain.

Anyway, I have 59 more days of testing, my money is guaranteed.

Excellent software!

Sorry for my English!

 

Hello,

These days Comcast high-speed Internet subscribers can download a free key scrambler:

Commercial - Xfinity.Comcast.net - Constant Guard
http://xfinity.comcast.net/constantguard/

It highlights the input fields of protected forms, but often does not and the keys aren't scrambled (particularly in pop-up window forms). I actually uninstalled the whole thing and stayed with:

Commercial - Xfinity.Comcast.net - Norton Security Suite
http://xfinity.comcast.net/constantguard/Products/CGPS/norton/

Regards,

Nathan

 

1806 browser tweak? Huh?

 

Toggle to KEY
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
add a REG_DWORD rename it to 1806 and give it a hexidecimal value 3, it should show
1806 REG_DWORD 0x00000003 (3)

 

what does this 1806 browser tweak do........

 

denny file acces to the system

 

ah! thx for explaining...........

 

your welcome

 

I don't have a "\Zones\3" in this tree.

Also, do you know if this program works when browser is running in sandboxie? I have Firefox open right now and the keylogger program tells me "your not in a protected program." I am using the free version, but shouldn't it detect it for firefox even if I was inside the sandbox? Sorry if it is a dumb question, but I am just learning sandboxie.