KeyScrambler 3.0 is released

I have 2.9.3.0 Professional working nicely on FireFox for years. Is there any advantage in upgrading to 3.0?

 

Key Scrambler has been working fine, but recently it has been pestering me to update to a new version. When I visit the site, they are still doing version 3.0.0. Any ideas? For the time being, I'm disabling auto-check for updates.

 

Yeah I disabled mine from checking for updates long ago, and just checked manually once in awhile. It never nagged me. Now I won't even check manually anymore. I decided I'm sticking with 2.9.3 until I get more info about v3. Nobody so far has chimed in about exactly HOW it works now that it no longer uses a plugin/addon through Firefox. If there's some component/service/process that's now running real-time, or what?... That could conflict with my D+, not to mention just being unwelcome bloat.

I only use it now because it brings along with it virtually 0 footprint. If that were to change it'd be out the door.

 

I decided three days ago to remove Keyscrambler and go with another solution.
First I tried Spyshelter free, now I'm using Zemana Pro which was available free for one year through a promotion.

KS 3.0 and even version 2.9.3 were, in my opinion, unstable and as best I can determine version 2.9.3 which started out working without issues became problematic once Sandboxie was upgraded to version 3.76.
I also suspect but can't prove that Keyscrambler 2.9.3.and 3.0 were both somewhat incompatible with Firefox 18 and 19 Beta.
SBIEs' software compatibility function didn't help, so I decided to replace Keyscrambler with something (preferably freeware) that wouldn't conflict with either Sandboxie or FF as I consider both to be indispensable.

I hope an update or perhaps a new version will restore Keyscrambler to the effective and unobtrusive application it was, but for me, I couldn't wait for that to happen.

 

Do you know some examples of form-grabbing malware?

 

Zeus, Carberp, Spyeye, Silentbanker,sunspot. There's a summary of some of their features here:

-https://www.owasp.org/index.php/File:Malware_Attack_Vectors2.png

Note that they all do http injection. Zeus, for example, will perform keylogging, screen grabbing and clipboard logging in addition to http injection.

 

Actually, what I meant is that I upgraded to version 3 already. It was working fine with the update, but now it's consistently bugging me to update. I've tried multiple clean re-installations but the problem is persistent. At this point, this is the first time I've had a problem with KS. I have not been particularly concerned about key loggers. I'm fairly conservative about letting anything out of the sandbox, and all my ports are sandboxed. Not to mention D+ screams rape if something tries to execute. Had that happen on my schools tutoring software. The program hijacks your mouse and keyboard in order to show you (hint) what to do. It was actually a bit amusing to watch.

 

What's the best way to stop those from compromising your browser?

 

To stop getting infected in the first place
But there are different types of software you can use:
Spyshelter Pro and Zemana paid both have a module to protect the browser from compromising and general antilogging capabilities.
WSA's Identity Shield and Trusteer Rapport(free) both protect the browser from compromising and other forms of logging.
Different AV vendors have added an isolated browser for banking in the latest versions: Avast SafeZone, Bitdefender Safepay, G-Data Bankguard and Kaspersky Safemoney. Comodo also has one and perhaps some others as well.
HitmanPro.Alert is a free tool that warns when it detects browser compromise but it's currently still in beta.
Some also use a bootable Linux cd when banking online.

 

I see, KeyScrambler is obsolete.

 

Pretty much, yes. Any comprehensive solution against the generic term "keylogging" needs to encompass keystroke logging (which Keyscrambler does), clipboard logging, screenshot logging, html injection, and form grabbing.

Banking malware tends to use most of these methods with the focus on html injection and form grabbing. Commercial keyloggers focus on keystroke, clipboard and screenshot logging. Remote Access Trojan malware tends to focus on keystroke logging, but some also provide the same logging capabilities as commercial keyloggers.

BoerenkoolMetWorst gave a great summary of what solutions are available in the market.

 

Disable Java, Use Google Chrome browser & only browse safe sites, use VirtualBox VM with MInt, Ubuntu, Fedora etc with SElinux or AppArmor set to max....

Alternative is Qubes OS, but you can't use it as a VM it must be installed on it's on, but it's a beautiful OS.

Then the rest is just luck. Most of the tools mentioned are garbage and any good malware would bypass it. Webroot? Trusteer? Rubbish sorry.

Just look at Citidel malware kit, it's a super variant of ZuESS that can screen grab, clipboard grab with keylogger and much more..Even Chrome is not safe from it

 

very true

 

Agreed... glad someone else said it first. Such tools are like painting over rust. If you're hoping for them to save you then something else in your setup must be lacking. You're much better off with some measure(s) of virtualization, comprehensive HIPS, and things of the sort. And if you do as well, what's more, something like T.R. could be conflicting with it and instead of having 2 things protecting you like you think you could really have 0.

Harden the OS/browser at the source for starters. And make your attack surface miniscule in the first place by not putting crap like Java on your box in the first place. Do you really want to put a big fat target on your back just because it helps add lots of pictures to your Facebook all at once?... The reasons I've found people use to justify having Java are petty, at best. It's just not worth it.

And how many times you do really need a PDF reader too? Some people, it's required for their work. But I came to find the only times I really needed it was to like view AV test results or something. And was thinking, man... I'm adding a significant attack surface here to read the results of a malware test. lol, talk about purpose defeating. So I removed it too and haven't once "needed" it since.

Does one really need .NET FW either? I understand you have no choice on newer OS's... but do you really need 3.5 as opposed to perhaps just 2.0... which has less surface to it? Probably not.

Things like that should be your first concern. Leave yourself less rust to paint over. Then put solid policy in place, through measures built into your OS (SRP, AppLocker, GP, etc...),the about:config in your browser, maybe in combination with a HIPS, to restrict what behavior can take place on your box. You can conceivably make it so that even if you were negligent enough to install a keylogger onto your computer in the first place it couldn't do anything but sit there looking stupid.

 

If they are "rubbish" and ineffective then you have a couple of questions to answer:

1. Why are banks experiencing declining fraud losses to online banking? You think they just pay Trusteer a shed load of money for fun year after year?

2. Why do tests using real banking malware show Trusteer to be effective?

Not getting infected in the first place is the primary aim, but the vast majority of computer users are security illiterate and these tools are effective means of protection for them.

 

I would guess the answer is because most of the people are John & Jane Q average computer user that don't know jack about security. They probably have nothing in place but an inbound FW and Nortons/Mcafee AV... the latter of which came preinstalled when they bought their box and the license ran out a year ago. In addition to online banking their machines are used only to check email, Facebook, Twitter, and look at porn.

For them using such a tool would certainly be an improvement.

For a Wilders member however, there are better options.

 

I'm afraid that "rubbish, sorry" is the best argument you are going to get.

 

LoL, same reaction when reading it. You have take it with a bit of salt as normally these statements are left unsubstaciated. So, pretty much something to ignore.