Keyloggers and Privacy

I have read that some of the antivirus/antispyware products intentionally allow commercial keyloggers. The disingenuous rationale is that they sometimes have legitimate uses. I posted about this on the superantispyware forum. I'm pretty upset about this issue.

Businesses log. They monitor. And they tell people right up front that they are being monitored.. Everyone knows it. So why would it matter if a commercial keylogger shows up? I have never worked for a company that would allow me to install a scanner on their system anyway. They would have thrown me out on my ass.

I wonder what the percentages of sales would be for keyloggers purchased by businesses in comparison to keyloggers purchased by individuals? I can't help but wonder if there is some cash being exchanged as an incentive to allow some of these keyloggers.

Putting a keylogger on a private citizen's computer is like putting a video cam in their bedroom. It's sick. And I think that it is incredibly irresponsible for a company to tell people that they protect against malware when they are intentionally allowing some of the worst to be installed on your computer. They should tell people right up front that if someone puts a commercial keylogger on your computer, their product will allow the keylogger to spy on you. And they should list the ones that they intentionally allow.

Does anyone know of an antivirus or antispyware product that protects against all known malware?

 

Hello.

I was reading quite an interesting article at sophos.com here the theme is much similar to what you're concerned about. The reasurance that a security vendor is going to flag malware nomatter where its coming from.

I think the question of whether a security vendor is capable and willing to flag corporate/government malware will go a long way to decide which security products customers trust enough to put on their computer, certainly in the foreseeable future.

Police hacking computers to gain intelligence, who are the bad guys?

If you are in the position of flagging a government agency/corporate created malware ... will you?

When you look at the problems some vendors have got themselves into for handing out SSL certs to rogue sites for $$$ ... it makes you wonder if some have the ethical balls to flag.

I like what Sophos is saying about this matter. So well done them.

Don't agree with their bashing other products to promote their own, though.

 

They have been given free reign in the UK to abuse as they please. They do not have to answer to anyone. Try and tell me that they won't be abusing the Hell out of that. They will spy on anyone for any reason. And I am quite confident that it will be used for personal reasons as well...if it hasn't already.

I just wonder how good Sophos is.? I haven't seen it mentioned much. I see that they have a free scanner. I think I'll give it a shot.

I think a list needs to be made of the antivirus/antispyware companies who deliberately allow keyloggers, and the ones who do not. People have a right to know. Otherwise, maybe some lawsuits for false advertising are in order.

 

On any computer that you don't own, you have no realistic expectation of privacy. On your own, you can allow, block or remove whatever you choose. The best way to keep keyloggers off of your system is with a default-deny security policy. Instead of worrying if your AV, AS, etc will detect all keyloggers, take the opposite approach. Specify what is allowed to run and block everything else by default. It takes a while to set up and requires that you know or learn what applications and processes need to run for normal operations, but when it's done, you're system will not allow an unknown process to run. Software keyloggers, malware, trojans, etc are processes or are installed by processes. Short of someone entering your home and concealing keylogging hardware, a properly enforced default-deny policy will prevent keyloggers or any other unknown processes from running on your system.

 

Such configuration is not suitable to the average home user, who needs to install, uninstall, change configurations of different software. What you say is done in high security structures, where there is no need for computers that change dynamically, and it is possible to specify the few needed services that are allowed to run.

 

Mine is a home unit. Several people use it. It's got everything they need.

A home PC doesn't need to be changing all the time. How often does the average home user actually "need" a new piece of software? As long as users can install whatever they want, you're stuck with relying on detection software and the problems that come with it, missed detections, false positives, etc. The user needs to decide which matters more to them. Here, if someone needs or wants a new app or game, they tell me. If it's clean, I'll install it. The biggest inconvenience is a slight delay. That slight delay has saved a lot of time, work, and worry in the long run. Default-deny works fine in a home environment. The only thing the users can't do is change things whenever they get the urge.

 

What kind of program do you use to specifically allow or deny?

Prevx confirmed that they don't differentiate between commercial and noncommercial keyloggers.

 

spy sweeper is very good in zipping commercial and noncommercial keyloggers...but spy sweeper itself is a tricky and touchy software for most.

 

My choice is SSM, but you can use any application that allows you to build a process whitelist. There's a good thread regarding using software restriction policies to protect against the unknown. I'm sure that several of the available "HIPS" or process firewalls can also do this. The choice of software or utilities used is not that critical. It's the policy and how well the tools are configured to enforce it that's important. Regardless of how the policy is enforced, it's just much easier to keep tract of the 50 to 100 known good applications and system executables that you need or use than it is to keep up with the hundreds of thousands of malicious apps, files, bits of exploit code, etc.

Default-deny doesn't have to be restrictive, unless you're one who is always trying new software. For those users, something like VM would be ideal. Even that can run on a default-deny protected OS. If your PC is equipped the way you want it, a default-deny policy can make sure it stays that way. When the policy is matched to the users needs and the users software runs as it should, there's no indications that the policy is even there. My operating systems predate software restriction policies and limited user accounts, Win2K being the most recent. Even on these, I used SSM to define separate user and administrative modes. For normal usage, I run in user mode. All of the software I use on any regular basis is whitelisted and runs as it should. Default-deny is only restrictive when it doesn't match the users needs.

 

That sounds pretty involved but I think over time I can learn. Thanks for the tip.

 

I have heard that is a good product. I will probably give it a try. Thanks. I like your avatar.

 

I do not know how well the Spy Sweeper (which version ?) deals with (commercial) keyloggers.

Just a few words of caution: last time I checked, I really didn't like their privacy policy. There is some kind of community network, and I don't know if you can opt out of that. The default install would install the ask.com toolbar, possibly more. The quality of their technical customer support is often very bad.
Again, last time I checked.

 

6.1 and read here

and

WARN....is the name of the communnity and you can opt out
and

you can opt out..simply untick

as i said earlier spy sweeper itself is a tricky and touchy software for most.

 

What is tricky about it? Will an average user be able to make sense of it?

 

Where is the problem? If you have a good security setup you don´t have to worry.

 

I thought an antivirus and antispyware product was part of a security setup.

But anyway, I do use Keyscrambler Premium and Zemana. Eset Nod32. Zone alarm free firewall.

What would you recommend?

Oh and I use Sandboxie and Returnil too.

 

Apps like Sandboxie are good for keeping malicious code from installing or becoming permanent on your OS. They will not stop malicious code from running. Remember when the Bank of India was hacked and started serving up malware? A compromised financial site serving up a keylogger is a very real possibility. A keylogger doesn't have to be installed to be costly. It only needs to be running when you're entering a password it's owner wants to capture. Security packages based on isolation, virtualization, or "reboot to restore" would not be sufficient in such a scenario. An anti-keylogger that depends on signatures or other means of identifying known threats could suffer from the same shortcomings as AVs. Something to think about while you plan your defenses.

 

DefenseWall is a good tool - System sandboxing and HIPS to detect keylogging.

 

So why do you worrie? It is a good setup.

 

I've read where one of the tech editors at PC World actually puts a brand-new "perfect image" on every morning. Not just a Returnil/Deep Freeze-like IR solution, but does the whole image from disk everyday. Seems like a hassle - but he says he's got it down to two minutes flat. That would keep you protected from keyloggers about as well as anything else I can think of.

 

Thanks for that. I do delete my browser sandbox often, but i download a lot of music, movies, and art. And i collect animated gifs. So I really do expose myself to a lot.

I think that I need to take the plunge and learn how to use a HIPS program. I also use Prevx and Sandboxie.

I am looking forward to the new XB Browser though. From what I understand, it will be pretty amazing.

 

I guess Defensewall is my next step. I hear it's really good.

 

For easy daily use (no pop-up hassles) DefenseWall is the ideal choice. It has default denial rules ... all launched applications run as unsafe, unless you wish to grant full rights, such as P2P downloads - create a default downloading folder, and so on. Updating applications is simply a case of remembering to Run with full rights. As you've used Sandboxie it should be a breeze to figure. Of all the HIPS around Defensewall is the easiest to use, IMO.