how detect/defeat keyloggers?

Just have to ask this.

Wouldn't SSM help in not letting keyloggers run?

 

Controler doesn't think so. https://www.wilderssecurity.com/showthread.php?t=41388 I think it will stop some, but perhaps not all.

 

SSM can certainly catch attempts to alter Windows system hooks by programs running with user privileges - but to catch attempts by programs with system privileges you need software that runs in kernel mode. The next version of SSM may have this option, but until then Process Guard may be a better choice if you feel you are at risk.

 

Greetings

Yes the kernelmode seems to be th real topic of the day.
As Gavin mentioned. Who ever gets there first wins. I truley believe this also
and have seen it. Seems whichever programs runs at ring 0 first wins.
The thing that I wonder about is the clim to now storing executable code on your video card and running it with the video CPU.
I don't realy understand why this would be any different. I thought all processing still had to go through system ram at some point at which time
security software would be able to catch it. I want to do more reading about this.
It appears if some nasty decides to hold the same exact memory space as the security software things get wierd. lol
One thing about putting a different drive in when bringing your puter to a shop. Unless it is a hardware issue, the tech would need to try to fix your files lol Did you guys read my statements on picking up electromagnetic
waves generated by your computer and filtered? Don't get paranoid now but
quickly go turn on every incondecient light bulb i your house. I hear they really generate alot of noise.

controler

 

I've heard this mentioned elsewhere and it seems rather limited (do you have links to further discussions on this?). First, video CPUs (VPUs) tend to be limited to specific functions (like video buffer manipulation) rather than general purpose CPUs. Secondly different vendors use different VPUs and BIOSes (an exploit written for an Nvidia card should have no chance of working on an ATI one - even running on a different model from the same manufacturer would be a challenge). Finally, VPUs should only be able to directly modify memory on the video card itself - limiting their ability to affect running programs.

However video cards can have their BIOS loaded into system memory and run by the main CPU (see The Booting Process of the PC). This would seem to offer far more potential for mischief but may also require an exploit to be tailored for specific makes of video card.

 

Hi Paranoid2000


sorry for the general statement on processors. central and video is two different things.

two articls that come to mind are are the same link a above. rootkit.com

first article is about MTDwin
This driver is a precursor to any driver that wishes to store data in hardware, EEPROM, Flash, etc. Could be used to destory hardware. Could be used to store crypto keys in hardware. Lots of possibilities.

The second article is about a program called VideoCardKit.

VideoCardKit
short description:

A driver that can store executable code in a FLASH or EEPROM and submit this code to be executed from the video processor in order to patch kernel memory.

long description:

This driver combines several techniques to 'raise the bar' on rootkits. The driver stores the payload off-disk and in EEPROM, and also uses a secondary processor to perform the memory patching operations aka DKOM.

well,,, I must be off to my mundane job lol

catch you all later


controler

 

I'm not really worried about keyloggers but there's alway a chance of having on installed. The programs that do check for anti keyloggers are really highly priced. SPybot checks for like 69 or 70 Keyloggers. But I think there might be more keyloggers out there. OH well Like I said before I don't think I'll get a keylogger installed on my computer. (Keeping my fingers crossed)

 

This claims to find hardware keyloggers but I doubt it. http://www.antispy.biz/index.html I dont know much about hardware keyloggers. http://www.pestpatrol.com/pestinfo/key_logger.asp that seems to be a good list of em software keyloggers anyway is any of them hardware keyloggers? There has got to be some software that will detect hardware keyloggers well any that installs any files on your computer. Is there any that do not install files? Dumb question, couldnt you see most of the hardware monitoring devices? Look at this big thing http://spycop.com/keyloggerremoval.htm who couldnt miss that hooked to your comp

 

It does not make any specific mention of hardware keyloggers. Please see my previous post in this thread for a discussion of them. Personally I would be suspicious of any software that tried marketing itself with claims like "More than 100,000,000 computers are monitored."

Finally note that while many hardware keyloggers are in the form of easily-spotted dongles, you can get them built into keyboards.

 

Controler,

It would certain be a necessary part of any videocard rootkit - but the question then is how do you ensure that any malware loaded up is actually run?

This looks more "interesting" but has some way to go according to the author's posts:

"As of now I am very unfamilier w/ what it takes to use the video card processor - I am not even sure it can write to main memory. This kit is definately one for exploration and learning."

"Sadly you might be right - it looks at second glance like the GPU cannot access main memory. I heard some rumor about some wacked out pixel shader code that *might* be able to access main memory if the shader memory was mapped correctly. Sounds like a real *pain* tho. Plus, it would require a modded video driver I think. The GPU is not the only processor on the matrix, however.. there are the IO controller chips - I have yet to explore those but they might provide some general purpose I/O and instructions to main memory."

It does look like offering limited possibilities for exploitation - perhaps something for Gavin to add to version 3 of Process Guard?

 

greetins

Just an addition for those that have trial this program before.
Not many here seem to like it but it is small on resources. I been messing with it for a few years now. from my previous posts, I mentioned they changed the name of their exe. Now I see no entry in task manager at all.
They really have changed the core of this program.

Unlike the earlier versions of Anti-keylogger, the version 5.0+
performs no system scanning to detect working keylogging programs; it
disables these programs by blocking the very possibility of key
strokes and window text capturing.
The anti-keylogging protection starts instantly at the moment of the
operating system loading and before the user logs in the system; it
automatically deactivates all the running keylogging programs.
has unique features that favorably distinguish it from
other anti-spy products:

- No signature base
- Full UNICODE support
- Multiprocessor & hypherthreading architectures support
- Windows NT/2000/XP Workstations support
- Transparent "on-the-fly" protection
- Instant and constant protection
- Protection against keystroke capturing
- Protection against windows text capturing
- Fast and easy installation and configuration
- Free upgrades and lifetime support
- Multilanguage interface
- 30 Day money back guarantee


The thing I find unique about these guys is the stuff they post on their home page. They give links to keylogging software and tell you to go download it and test your protection. Not sure how good that is but the reading material they point you to is priceless.

controler