Why Anti-Loggers?

When you have an outbound filter, wouldn't anti-logging applications become pretty much unneeded? Even if these sneaky little pests are lurking around and spying on confidential information, as long as you have an outbound filter regulating network accesses, all of them are almost, completely rendered useless.

 

No outbound protection is 100 % safe

 

Perhaps, but I prefer to block/kill them before they have a chance to infect.
Prevention is better then blocking once you get one.

 

.
With security programs a little redundancy is a good thing, so if a problem is not caught by one it will be caught by another. Regarding key and screen loggers I would rather target them specifically since their purpose is to steal critical personal information (I use Zemana AntiLogger).

 

Can you expound on that?

In my opinion, "infection" in the language of "data-theft" is leaking of the data, and as far as I know, data-logging softwares don't harm the integrity of the OS. When you successfully block the attempt of a leak, "infection" is prevented.

 

Hi OP

Your correct. If you have full outbound protection you don't need a specific anti-keylogger app.

This confused me ( not saying your confused btw ) , when I started reading this sort of stuff , as I couldn't see the logic of why people had anti-key loggers when they also had firewall configured to the max , and loads of other apps as well.

But basically it comes down to definitions of what you need for "full protection" , "100%" , "layered defence"..

My current view is
1)
some virus ( malware whatever ) are really good at keylogging but crap at sending data home.
so any AV etc will catch them.
2)
some virus etc is bad at keylogging , but really good at sending data home.
so your AV etc will prob catch that too.

So your left protected against anything except a virus thats
really good at keylogging and sending data home.

At that stage your real world risk is pretty low.
If you have another proctection product / or use LUA etc
its much much lower again.

So now what % are we talking ?

Well for me I throw in a free & quiet anti-keylogger as well.

So now we have 0.00001% chance of getting data out.

A Paid anti-keylogger is overkill I think.

One qualification is the idea that key-loggers are a special case thats v difficult for any type of security to spot.
I don't know enough to say if thats really true or not.

If your still reading at this stage my current fav real world case is the MBR virus . Its as close to a "state of the art" virus at the mo , its worth reading about if you have the time.

http://www.trustdefender.com/blog/2...ally-undetected-and-more-dangerous-than-ever/


http://blogs.techrepublic.com.com/networking/?p=787

All the best
J

 

I share the exact, same view. Protection against exposure of sensitive data is a prerequisite for me. But my belief - adequacy is enough - holds at least a minimum sense of logic, especially since anti-loggers, except for the detection part, don't provide a lot extra. Such a feature in these cases doesn't account for much.

Concerning my security setup, I am looking for a pure outbound filter, if I can't find one, then I might think of installing a separate anti-logger application.

The huge thread about the MBR rootkit did arouse my interest. But reading the article would do no good, since most of the information entering my head would only become one with the hollowness within.

 

Yeah the articles goes a bit nuts in a lot of places.
What I like about it is that ( the bits I can read )

1. Even this super duper rootkit still needs to loaded onto your PC somehow ( via old version of adobe in this version of the rootkit ) .
so up to date adobe and your ok - yet how often do you see that mentioned here

2. It still needs to create an exe itself and to access the hard disk directly - a LOT of AV's e.g KAV ,other products - behaviour blockers , HIPS etc will block this , as would a Windows User account .

So even for the most super duper rootkit stopping it is still relatively easy !

 

That is good to know.

2. It still needs to create an exe itself and to access the hard disk directly - a LOT of AV's e.g KAV ,other products - behaviour blockers , HIPS etc will block this , as would a Windows User account .



So even for the most super duper rootkit stopping it is still relatively easy ![/QUOTE]

Would be interesting to find out is whether the HIPSs and the BBs are able to detect the rootkit after it has intruded the PC.

 

I've never used an anti-keylogger.

I don't think there is much use for it.

With the proper antimalware setup, an anti-keylogger is pretty much redundant for most people.

Sure, you can install a huge list like AntiExecutable and more of those 'extras'. Not bad per se, but there is always the potential for conflicts. If security is your hobby, go for it.

If what you're typing is so critical and sensitive, an anti-keylogger should be the least of your worries.

I'm not sure, how many anti-keyloggers whitelist commercial and 'government' keyloggers ?

Btw, some software, like the version of Kaspersky I tested recently, give you the option of clicking on a virtual keyboard with your mouse, so a traditional keylogger couldn't do a thing.

 

Yeah I really like the KAV feature , then read somewhere that virtual keyboard do nothing cause they call the same windows codes as real keys so don't protect you from software keyloggers at all.

So I don't know
Seems odd to me that KAV wouldn't know this, or that "physical keyloggers" , (which under this theory it would stop) are so common as to be worth targeting

Its turns into its own little sub-set of the IT security world , & at this stage I think its mainly a marketing angle cause people can latch onto "keylogging" idea easily.

 

No, because some malware hijacks programs such as web browsers to sneak out information. Having said that, personally I don't use an anti-keylogger, or even the keylogging detection abilities in my HIPS, because I am careful about what I allow outbound access (I make very specific rules by default in my firewall), and I use a behavioral blocker (Prevx 3) to spot sneaky leakers.

 

Keyloggers need to be installed Permanently. Software such as Comodo Internet Security have Keylogger Protection disabled by default (Specifically Defense+ Part) Because the Firewall or AV will catch it anyway. You enter your bank details online, If a Keylogger is trying to do something over the internet to record it, Firewall will go off. and even if a Keylogger is trying to be installed permanently CIS will prevent it.

Cheers,
Josh

 

for what i experienced i know that almost all hips are capable of blocking all kind of malware and that includes keyloggers