good antilogger?

Discussion in 'other anti-malware software' started by zagmarfish, Feb 27, 2017.

  1. guest

    guest Guest

    If ZAL or SpS didn't have their HIPS , they won't be even worth mentioning. Their HIPS does all the preventive job, the anti-logging features as many said are just "fail-safe", so i rather use Comodo or any anti-exe than buy SpS; i tested it years ago, and wasn't really impressed compared to Comodo.

    The only real pure anti-logger is Keyscambler , but even it was bypassed because it doesn't have any tamper protection. You also have Covert Pro which use a kind of limited desktop.
     
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Rasheed- AK apps won't block all instances (or any currently extent) injectors. And I brought up Dyzap for a reason- try that against something like Outpost. But anyway, keyloggers are recently descending into the realm of Script-Kiddie and the novice blackhat camp. There are much more efficient ways of data being harvested- all having nothing to do with any sort of local acquisition.

    For me, currently anti-keylogging obsession is Much Ado about Nothing.
     
  3. guest

    guest Guest

    I agree.

    Keyloggers are obsolete as are dedicated anti-keyloggers; any modern RAT, MITM will do better are collecting datas, using more complex mechanisms.

    Your only way to block datas leaks (if you are already compromised) , use a tighten FW.
     
    Last edited by a moderator: Mar 3, 2017
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Yeah- and instead of bogging down a system with numerous anti-whatevers to protect financial data, better would be:

    1). NEVER use a Debit Card
    2). NEVER use an ATM
    3). NEVER file taxes online
    4). NEVER use any public cloud email thingy when confidential financial info is to be transmitted.

    Disregarding any of the above can lead to a result that ends in Tears and has nothing at all to do with one's computer.
     
  5. guest

    guest Guest

    @cruelsister lol, it is why users have to find their own balance between convenience and security (aka paranoia ^^ )
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Yeap...and than you read such texts, drink vodka and cry
    http://www.cbc.ca/news/technology/antivirus-software-1.3668746
    http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html
    And perhaps you know that are only two...not so old...examples. You can find similar opinions in each year during last 10 years.

    If you want to be heavy "full-metal" tank - your choice...let me be the "light armored cyclist" :)
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    @ichito - I particularly like your 2nd link above to the article titled, "Disable Your Antivirus Software (Except Microsoft's)" where it says,
    I also found the author's comment about leaving Mozilla interesting. I've been avoiding FF for several years now. If you follow security trends, FF has consistently had more reported newly discovered vulnerabilities than any other major browser for the last several years. In their defense, they patch them quickly, but still that is not a good record. I recommend everyone subscribe to Department of Homeland Security's US-CERT Cyber Security Bulletin Vulnerability Summaries if you want to stay current on software vulnerabilities and trends.

    FF also has not been that good in blocking socially engineered threats compared to IE or Chrome. I actually prefer IE but I am beginning to suspect MS is dinking with it to entice :rolleyes: users to Edge. Since Edge came out, I've noticed more and more IE freezes/not responding issues. :(
    With over 2700 miles on my Emonda last year, I'm with you on that! :)
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "Since Edge came out, I've noticed more and more IE freezes/not responding issues"

    same here. in fact until my latest update today I could not even use edge anymore. it would open and crash and close right away.

    Windows 10 Insider Preview 15046 (rs2_release)
     
  9. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    Well, unlike IE, Edge has worked fine. I just don't feel Edge is mature, or even finished product yet capable of replacing IE. :(
     
  10. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Right ;)
     
  11. guest

    guest Guest

    at the same time it is insider builds, so not very meaningful.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Actually, that's incorrect. Like 10 years ago, HIPS already had the ability to block keyloggers, but the end decision was left to the user. Tools like KeyScrambler, Zemana and SpyShelter introduced keystroke encryption which will auto-block most keyloggers. Zemana and SS then even introduced "anti-browser hooking", this will interfere with already installed banking trojans. SS can even block kernel based keyloggers, by monitoring drivers that try to modify the keyboard. So that is what makes them unique, not the standard HIPS.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Actually, when I speak of anti-loggers, Zemana and SS are the most popular and they are designed to block standard code injection methods. Like I said, Outpost's App Guard was designed to block access to stored password files and reg-keys, so it should have interfered with Dyzap. Of course this is all in theory, because the most advanced and nasty malware will probably bypass most HIPS. And apparently Zemana and SS even have difficulties blocking popular keyloggers, see link 2.

    https://blog.fortinet.com/2017/02/22/keep-your-account-safe-by-avoiding-dyzap-malware
    https://www.raymond.cc/blog/what-is-the-best-anti-keylogger-and-anti-screen-capture-software/2/
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    A tool like SS is designed to block MITM malware like banking trojans, simply by blocking browser-hooking. A firewall won't help, since all outbound communication is done via the compromised browser.
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Almost all local malware based MITM activity is done by malware installing either a hidden localhost or network miniport adapter proxy. It also has to install a cert. in the Windows root CA store. I believe you are referring to MITB activity.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, and Zemana does monitor the Windows root CA store, but I'm not sure about SS. Host-file and proxy server manipulation should also be monitored.

    http://www.trusteer.com/en/glossary/man-in-the-middle-mitm
     
  17. guest

    guest Guest

    you meant MITB (Man In The Browser) not MITM. MITM is network related (attacker sitting between the computer and the router/sites/server.

    you are right but this depend of the skill of the user.
    Advanced users can seriously tweak their FWs/NAT routers like implementing specific ports and IPs restrictions so the loggers won't be able communicate to is C&C.

    Personally, in case of the very improbable chances i got a MITB, i rather use an isolation apps (like ReHIPS, that load at each sessions an isolated clean browser), than a obsolete anti-logger.
    About MITMs i dispose of them by checking the pathway of my datas , and using traffic encryption.
    So in my case MITBs/MITMs are blocked.

    Skills matters , the product just help.
     
  18. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    guest

    I agree with you on the tweaking your routers and that is good advice but how many home users even know they can do that and even look at the routers connection log?
     
  19. guest

    guest Guest

    You are right, most don't and some even don't care. They have to learn the basis of security starting first by having safe habits and make good use of what they have on their OS. Then after they can start learning about using other security apps.

    If you don't have safe habits , no apps will save you.
     
  20. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    "I've tested Comodo HIPS with SpyShelter security test tool (https://www.spyshelter.com/security-test-tool/)
    in sandboxed mode (Comodo sandbox) and tried to start keylogger test and other tests to test whether HIPS detect them,
    but it doesn't show popup alert and security test tool still can capture my keystroke even in none sanboxed apps,
    and also can run screenshot, webcam capture, clipboard monitoring successfully.

    Tested run in sandbox with untrusted restriction level, only clipboard monitoring failed to capture.

    Is there a better way to prevent unknown files from stealing password?"
    Source
     
    Last edited: Mar 5, 2017
  21. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Same Here. It loaded the hook, but failed to capture what I copied..

    SSTool1.PNG SSTool2.PNG
     
  22. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Guys- when doing testing of datastealers of any type please remember that malware such as this in addition to harvesting data MUST ALSO TRANSMIT it out for a breach to occur. By this I mean that for applications like CF and Sandboxie malware running in the box can collect data all they want; but if they are unable to send this data out to the Blackhats who really cares?

    A simple concept that is all too often overlooked.
     
  23. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    IF...:doubt:
    I hope they are unable, too.
     
    Last edited: Mar 6, 2017
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    You're totally right, I was just about to mention this, outbound control will block a lot of malware, but that's why malware is often trying to inject code into trusted system processes like svchost.exe or the browser which is not blocked by the firewall.
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    The other day I noticed a lot of svchost connections when I had to browser open and was not getting a Windows update. I did block svchost with a third party FW , while watching the connections. Even though svchost showed blocked , it kept trying new IP address connections. Then while leaving it blocked, I tried to open some of my browsers and they did all open but without svchost allowed there was no internet connection.
    And so when you say svchost and browser is not blocked, do you mean by Windows firewall?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.