good antilogger?

Discussion in 'other anti-malware software' started by zagmarfish, Feb 27, 2017.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes or by third party firewall. You can not block these processes from outbound access, at least not fully. That's why I always monitor svchost.exe for suspicious outbound connections. I do block explorer.exe from outbound access, for some reason it does sometimes try to connect out.

    Monitoring the browser is a lot harder of course, because you can't know which connections are legit or not. The only thing you can do is install anti-tracking extensions, but that does not stop the browser and extensions from spying on you. So it comes down to trust.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    DNS resolution is performed by svchost.exe.

    In Win 10, svchost.exe is used for everything "under the sun." Difficult if not impossible to monitor outbound connections from it.
     
  3. guest

    guest Guest

    Only few ports on Svchost has to be allowed. so at least you will reduce the "unwanted" outbound connections.
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Rasheed
    I use Adguard for the anti tracking part. Not the extension but rather the paid desktop version.

    itman
    For sure. I was just goofing around because of too much time. I only Blocked the svchost.exe at the time.
     
  5. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    not to get too off topic but take a look at my screen shot. a million Skype connections and I have never used Skype o_O
     

    Attached Files:

  6. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
  7. guest

    guest Guest

    By default Skypehost.exe is running in the background even if you don't use Skype. You can disable it:
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Actually today is the first time I saw it's connections. Thanks, I will disable that bugger.
    I think this version came with Office that I got when I was still working and so It might be different.
     
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Rasheed- It is a simple concept and intuitively obvious. That's why I wonder why many feel comfortable using Windows Firewall (without any of the onerous tweaks) as WF at default has Zero Outbound protection.

    But again, I wonder at many things...
     
  10. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    CS yes Windosw does have outbound control but I chose to use a third party software to control it. Unless you want to get deep into the Windows Firewall
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    If you are worried about outbound connections doesn't that mean your machine is already compromised?

    If you can't trust the programs you install, then why install them?
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Yes, svchost.exe really only requires for the most part ports 53/67/68/UDP and 80/443/TCP outbound connections. The problem is allowing all services those connections is insecure. So multiple outbound svchost.exe firewall rules have to be created; one for each requesting service. And the user has to have the smarts to know what is a legit service versus a malware one.
     
  13. guest

    guest Guest

    because if you are a home user, using only your home network , being careful on what you allow on your system, and don't let RATs or keyloggers active on your system, you won't need much of "outbound control"

    Exact.

    Exact, not a easy task for beginners sure. I just use WF with advanced settings (all outbound connections, in all profiles blocked) then disabled a whole batch of rules, create manually some for my needed apps, etc...
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don't see what's wrong with the Windows Firewall, like I said you have to use a HIPS to protect against firewall bypassing methods, this means don't allow apps to inject code into network enabled processes, and don't allow apps to install drivers for no good reason. BTW, is it possible for you to test SpyShelter against popular banking trojans?
     
  15. zagmarfish

    zagmarfish Registered Member

    Joined:
    Feb 27, 2017
    Posts:
    10
    Location:
    europe
    Oh my god, I forgot about this thread.

    Well thank you to everyone participating.
    I've been busy with something lately but I'll have a look at your answers asap.

    Thank you.
     
  16. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    Good luck poster most of the topics here are off-topic not a whole lot of good information.
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It doesn't have any intrusion detection system(IDS), so you're not protected against any of the threats shown in the below screen shot. Nor does it have any botnet protection.
    Eset_IDS.png
     
  18. zagmarfish

    zagmarfish Registered Member

    Joined:
    Feb 27, 2017
    Posts:
    10
    Location:
    europe
    Yes indeed.
    I didn't think such a trivial question could generate so much debates and arguments. :argh:
     
  19. guest

    guest Guest

    not its purpose anyway, WF is just a basic FW meant to block inbound connections only, and it is enough for most users. About botnet , it is not the job of a FW to protect about it. If you are part of a botnet , it means you are compromised by a RAT , so your security setup failed already.

    If you need an IPS/IDS , then you have to add a 3rd party FW. I don't think MS will add those kind of features to its FW (i wish they do ^^ ).
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    It reminds me similar question that appears on forum from time to time- "if you want/need (optional) anti-logger/HIPS/anti-exe...or whatever you mean...doesn't that mean your machine is already compromised/infected?" How is the sense of discuss if everything comes down to such question?
    Should I be compromised if I want to control what want go out from my system? Why you don't conssider that someone want to reduce amount of leaking data also...why should I agree that some apps want to call and speak with its servers? May I have a quite "clean" network traffic or you are for idea that everything could send/receive data without our knowledge or control?
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    If you're worried about such things then I suggest you're using the wrong Operating System and / or have the wrong programs installed.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    @ichito , Don't get me wrong, it's your machine. I use O&O Shutup10 to reduce Windows 10 telemetry but I'm not obsessed by it, if I was I wouldn't be using Windows. All that said, we're going a bit off topic now about @zagmarfish 's recommendation for a good anti-keylogger, no?
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I think you try to ridicule my words...it's your matter but looking on your security setup one month ago I think you've felt more worried than happy
    https://www.wilderssecurity.com/thr...etup-these-days.111264/page-1538#post-2651568
    Cheers.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Again, off topic. :rolleyes:

    I'm not in the slightest ridiculing you, and my set up is for the fun and enjoyment of security software, not for fear of infection.

    If you wish to continue this discussion feel free to send me a PM because I will not continue to take this thread any further off topic.

    Cheers.
     
  25. zagmarfish

    zagmarfish Registered Member

    Joined:
    Feb 27, 2017
    Posts:
    10
    Location:
    europe
    Since we are off-topic let's keep being off-topic.
    I'm not in a hurry anyway.

    My point of view is that I'd rather have a program that warns me "this is trying to access the internet; this asks to be launch on startup; this is creating an Alternate Data Stream; this is program is trying to hide its process..." wether these actions are legitimate or not.

    I know most people don't want to worry about and rather leave the burden of decisions to their antimalware but I'rather decide by myself.
    As far as I'm concerned, only my browsers and my av need to access the internet. If a program needs an update I can take care of it by myself.


    With all due respect, it doesn't make sense.
    It's when your machine is compromised that you can't worry about outbound connections anymore.

    And why would you trust any program at all?
    Sourceforge was a trustworthy source for many, many years. And they took advantage of it.
    And what it your favourite software source was hacked before you know it?

    No one can predict these kind of things.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.