Ice Sword v.1.20 containing Keylogger?

Hi, folks: just came across that users in China indicate there are keyloggers inplanted in that app. Can someone concur?

 

I use Ice Sword and I can't concur with this satement.
Where did you get that information from?

 

Link please

 

Hi, folks: The link is in Chinese; http://www.cryky.com/soft/6947.html I also found some discussions in English at this forum;http://www.spywarewarrior.com/viewtopic.php?t=23326

 

But this issue is only related to v1.20 right? It´s not like older version were rootkits are anything?

 

According to the link to Spyware Warriors this is a false positive.

 

the above link goes to nowhere. I think it might be a typo. AFAIK, www.crsky.com is a very famous chinese website and www.crsky.com/soft/6947.html is a webpage for downloading IS, nothing special.

 

That's quite possible. What's the best way to hide a malicious rootkit? Claim to be an anti-rootkit! So you happily install, ignoring all kinds of warning flashed at you by your triple layer super duper HIPS , because all those warnings are expected...

 

That´s exactly my point DA.

After reinstalling my OS I will stay away from most of these anti-rootkit tools. I guess the key to staying rootkit free is to not allow untrusted apps to load a driver or to access Physical Memory. And I also have a feeling that if your machine is owned by a rootkit, there are not many tools that can actually detect this anyway.

 

I don't think it's just a matter of blocking drivers and what not.

I think that's the crux of the problem with HIPS, it provides little protection against trojan horses, once you decide you trust the program, you are unlikely to pay any attention to your HIPS alerts whether it is loading drivers or something else.

To be fair to some extent this applies to antiviruses too, if you have so much faith that the program is fine, you can dismiss the antivirus warning as a false positive. But I think most people trust their AV alerts to be more accurate indicator of danger than HIPS prompts.

 

Yeah but that´s the thing, if apps try to act funny without any logical reason then I´m already not trusting this app. And I have to say that according to my HIPS, most apps simply do not need to modify stuff that could compromise my system, so there is no reason to distrust them. Of course I know there are ways to bypass firewalls, but most of the time apps will need to do stuff that will most likely be spotted by the better HIPS around.

 

Define starting to "Act funny without logical reason". If you trust the app, you can easily explain away any warnings. Heck, the help document could even throw you some techno babble about why you get certain kind of alerts, and that it is harmless. Would you know the difference? I'm not sure I would.

Somehow when you say things like "modify stuff" ,"doing dangerous stuff", I don't get the sense that you are very sure what exactly counts as which. Correct? In the context of your HIPS (say SSM) can you give me a list of activities that count as dangerous?

I really wish there was a short list of stuff, we could say was dangerous and just monitor those, but when i look at the list of features HIPS have (and they seem to be keeping longer), I wonder if this is realistic.

I notice all these new tests just delight in showing how indidviually not so dangerous stuff can be combined to do malicious stuff.

Honestly, I can't figure out a lot of them myself, I'm probably guessing quite a bit when I answer prompts.

Stuff that look like they might be windows related, I just click allow, I don't want to accidently screw things up. Like I aread the threads on prosecurity where people lock themselves out by accidently, which is really scary. But it's more secure they say...

I'm also wondering if that there are stuff that might be innocent when done seperately but can be harmful when combined together. Would you be able to tell the difference?

Oh sure I have backups, but backups is the last resort.......

 

Yeah I know what you mean, but so far so good, there´s of course always a change that you might make a mistake, but that´s why I nowadays hardly download stuff, luckily I have experimented with a lot of tools the last 2 years, I do not need any more stuff. I think I´ve installed about 150 apps on my PC and none of them seem to act funny. What do I mean with funny? Well, for example, look at the stuff that Neoava Guard and SSM Pro are guarding against.

 

Must be a new policy? lol.

except for security stuff of course. You must always keep up with them.
And they are allowed to do 'funny stuff'.

I think your copy of SSM Pro and neoava guard must be broken. Given the long list of things they monitor, I would be amazed that the 150 apps don't cause any prompts on "funny stuff". They certainly do on mine.

Besides you gave the impression in your post that all one needs to do is to stop service/driver installs and access to physical memory, but the last time I checked SSM pro and Neoava guard does WAY more then that.

So you saying that these products monitor 'unfunny' stuff ? why would they do that?

 

Well I think you know what I mean, none of them do unexpected stuff, as soon as they do I get suspicious. Of course only my security tools have full control, and it´s a no brainer that you have no choice but to trust them, otherwise why install them?

But like I said earlier in the thread I´m not installing just any security tool anymore, at the moment I already have decided which security tools I need. I also do not install all kind of software on my system anymore, way too paranoid for that, you may call it a new policy if you like.