Anti-Keylog software

Hi all,

I am no doubt covering old ground that has been addressed before but....

I have carried on my daily browse through the wealth of knowledge posted on this forum (and still I am nowhere near finished .. it goes on and on) and noticed the SpyCop software mentioned in a previous and also teh AKL software mentioned in another. My next question has probably been guessed already but here goes >

Which in your opinion is the most worthwhile piece of anti-keylog software available?

If this area has already been addressed then please just point me in the right direction, thanks.

Wink

 

HI Wink:

No doubt there are heaps out there, but for a very good freebie, Spybot.
I also use TDS3

Pic denotes the listing of loggers compiled by Sypbot.

 

Thanks TD,

I also use the same so I am pretty much covered on that score

Wink

 

Tassie

Please excuse, but ComputerCops reported that Incredimail uses keylogging. True?

If true, would SpyBot detect same? If not, what's a method to search & destroy?

Thx

TEL

 

Hi TEL,

The article states PestPatrol detects the keylogger.
I will see if I can get this verified.

Regards,

Pieter

 

Pieter

Thanks

TEL

 

Incredimail? Isnt that horribly insecure even without the keylogger issue?

 

JayK

Good point. What other Icredimail insecurities are there?

Thx

TEL

 

Hi TEL.

That's the first I have heard of that, but I haven't used Incredimail for over 2 years now, not since I realised how much it enlarges your emails, plus other things I began to dislike, like it would crash on me too often, etc.

I first used it, because it was *pretty* but soon realised the folly of my ways on that score.

This isn't to say that other people are more than happy with it, just not me.

 

Tassie

Ain't it true, mate! Thx

TEL

 

What I don't get is why keyloggers need to be detected by signature instead of by behaviour. Two facts:

• Keyloggers must accumulate data
• Keyloggers must transmit data

If keyloggers accumulate in memory, then they're losers - a power down deletes it all. If keyloggers accumulate in files, they can be detected growing (writing)

If keyloggers don't transmit data, they're pointless. Destinations (either LAN or Net) can be detected and blocked

What is the problem here?

 

Hi TEL,

Really don´t know what to make of it. Downloaded PestPatrol trial and scanned. Found nothing related to Incredimail.
Uninstalled Incredimail, downloaded newest free version, installed it and scanned again. No alarms.

One funny thing though: when I uninstalled Incredimail a brwoser window opened and brought me to their website presenting me with a form to fill out. They wanted to know why I uninstalled it.

Couldn´t resist that

I´ll keep my eyes and ears wide open.

Regards,

Pieter

 

Hi Checkout,

Good to see you again.
I noticed your post too late.

The problem is (to me, at least) I´ve blocked Incredimail in my firewall ever since they forced me to upgrade.
Since I did this it keeps crashing.
No fingers pointing, but it makes you wonder

Regards,

Pieter

 

Pieter - I believe Checkout meant - why is it supposedly so hard to detect keyloggers (for exactly the reasons he stated, BTW).

I've often wondered the same thing myself (as well as why anti-keylogging programs - or a lot of them, anyway - detect mainly by sig instead of by behavior).

Obviously one of the great mysteries of the universe! Pete

 

Hi Pete,

I know what Checkout meant, but I´m not smart enough to find out where keyloggers hide their info
And, as I said, the program phones home all the time, so how do I know when it is trying to send what. Especially since I blocked it. And I´m not going to allow it now, since I sent my farewell message

Regards,

Pieter

 

From my experience with Most good keyloggers, They use your default
e-mail client to send the data if that is how the keylog file was setup.
A person used to be able to use Yahoo's mail for free. You still can but it costs you now.

Now I am going to mention again why I like NORTON AV

Wheather you have your e-mail client like say outlook opened or not
the keylogger still will use it to transmit the data. When the keylogger trys to when you have Norton set to scan all incomming and outgoing mail, The splash screen with kick up when the logger trys to send the mail. Trust me !!!!!!! I have tried this long ago.
I will also tell you I have sent some of the keyloggers now incorporated into Spybot and I will also tell you I still have a few Spybot doesn't catch. For that matter neither does TDS or NOD
And you guessed it, neither does Norton BUT Norton will tell me if I the loggers is trying to use my outlook to send the info.
Your personal firewall will also alert you.

 

Pieter,

Thx for looking into this. Glad you were amused! I sent an enquiry off to Paul, who posted the original heads-up on this over at ComputerCops.

Let you know if/what he replies.

Interesting thread. Thx all

TEL

 

QUESTION


Java applets will bypass many security programs just as if they don't exist. on any given day I may have as many as 2-10 applets sending/receiving......an as Controlar pointed out.....two of the apllets use ssl e mail port......
fortunately I have some means of constantly scanning these applets for hostle actions......however, imo its not enough.....never can be.........
so what would be the over-all opinion of how easy an applet could install a keylogger..........
I use several means of protection and scanning for keyloggers.........this applet thing however would appear to open a big hole for monitoring of keystrokes without the need for installing a keylogger.......

 

OFF-TOPIC (briefly)

I'm going to be writing something on this keylogger topic in a few. But I couldn't contain by exhilaration at seeing PETE and CHECKOUT in the same thread! I got a chance to welcome Pete back before I left (I was gone for a week), but Checkout(!) - it was so good to see you post. You add so much to this forum!! I hope you're doing okay and will stick around awhile. While I am at it --- SNOWY! I'm glad to see you haven't packed it up yet. We need you here too. This was a great surprise. be back in a bit with an on-topic post.

John
Luv2BSecure&LuvPete&Checkout&Snowy&Wilders

 

Lov@B


John

I'll much interested in reading your writing....things are beginning to really hop...not sure if I'll be here to read it...
hey, it really is great seeing checkout and pete....

John..I would not normally mention this...since re-connecting I've been "targeted" several times (not at this website) an its taking a great deal of self control for me to not respond........
on the keylogger issue....I've tested several preventive measures...each seem lacking in some regard....the applet issue being what appears as the highest risk

 

Hi all,

Thanks for the replys and the information about the Applet issues. I think at the moment due to this issue I will stick with what I run at the moment and save further searches for the ideal program for when some of you guys are satisfied that you have found something which addresses these current uncertainties.

Thanks for your time, it's much appreciated!

Wink

 

Feels like being back home, John! Thanks!

 

WINK

by no means did I want to make anyone nervous about using applets......
as you may notice other than you there were no comments on the applets..........whenever I've posted this in the past the results are the same....very little discussion on the applet issue.....or someone offer a link to a "sandbox" program. I've no idea why there is such low interest..........considering that applets can so easily bypass security programs........I have yet to have an applet ask permission to bypass a firewall..it just goes.......an a few very popular programs out there in cyberland offer no resistence to the ye ole applet
may be a good time to check to see if your anti-virus program checks for hostle applets

 

Below is a link to check your computer for Applet access.
Then some reading material
Then some more of those links for software.

ht-tp://www.nutzwerk.com/english/safersurf/security/test_applet.html


Applets implement additional security restrictions that protect users from malicious code too. This is accomplished through the java.lang.SecurityManager class. This class is subclassed to provide different security environments in different virtual machines. Regrettably implementing this additional level of protection does somewhat restrict the actions an applet can perform. Let's explore exactly what an applet can and cannot do.

What Can an Applet Do?
An applet can:
Draw pictures on a web page
Create a new window and draw in it.
Play sounds.
Receive input from the user through the keyboard or the mouse.
Make a network connection to the server from which it came and can send to and receive arbitrary data from that server.
Anything you can do with these abilities you can do in an applet. An applet cannot:
Write data on any of the host's disks.
Read any data from the host's disks without the user's permission. In some environments, notably Netscape, an applet cannot read data from the user's disks even with permission.
Delete files
Read from or write to arbitrary blocks of memory, even on a non-memory-protected operating system like the MacOS. All memory access is strictly controlled.
Make a network connection to a host on the Internet other than the one from which it was downloaded.
Call the native API directly (though Java API calls may eventually lead back to native API calls).
Introduce a virus or trojan horse into the host system.
An applet is not supposed to be able to crash the host system. However in practice Java isn't quite stable enough to make this claim yet.

Who Can an Applet Talk To?
By default an applet can only open network connections to the system from which the applet was downloaded. This system is called the codebase. An applet cannot talk to an arbitrary system on the Internet. Any communication between different client systems must be mediated through the server.
The concern is that if connections to arbitrary hosts were allowed, then a malicious applet might be able to make connections to other systems and launch network based attacks on other machines in an organization's internal network. This would be an especially large problem because the machine's inside a firewall may be configured to trust each other more than they would trust any random machine from the Internet. If the internal network is properly protected by a firewall, this might be the only way an external machine could even talk to an internal machine. Furthermore arbitrary network connections would allow crackers to more easily hide their true location by passing their attacks through several applet intermediaries.

HotJava, Sun's applet viewer, and Internet Explorer (but not Netscape) let you grant applets permission to open connections to any system on the Internet, though this is not enabled by default.








http://www.trendmicro.com/en/about/news/pr/archive/2000/pr032000.htm


www.finjan.com

Made first link unclickable. Gave me a virus warning. Will check it out. Pieter

 

Netizen must use antikeylog software !!!
Any firewall and any vaccine program can't protect against keylogging program.

Best regards

www.anti-keylog.com