Completed my ultimate anti-keylogger defense

Yes,

See is a good idea, was my first option see Do-It-Yourself: Implementing Privilege Separation section in http://theinvisiblethings.blogspot.com/2007/02/running-vista-every-day.html

Plus using ACL to tighten this banking user. Only my son found it to much hassle.

 

Q1: Yes Comodo has decent keylogger intrusion detection

Q2: In theory not, but when you start a new (cleared) Sandbox and only do the bank transaction, then clear this sandbox again, the combo with CFW is in practise sufficient (meaning I would not know how a malware would come in to grab your banking data, so to me it would be 100% with current knowledge).

 

Q1: In fact if you put D+ in paraoid mode when you open spyshelter test you got more or less 20 popups asking for permision just to open the software, then you can try the different tests and if I remember well it "fails" in 2 of them but after allow 20 popups just to open the program asking for permision to inject code and modify the registry how knows...
Is the first leak test tool with this behabiour so IMO is just a marketing tool.

 

So is it the opinion that it is better to use Trusteer Rapport or Prevx SafeOnline instead of Sandboxie for banking/finance over the web? I have searched this board in the past on what is better, and the most informative post likened using Trusteer Rapport as having guards trying to protect a homosexual presidential candidate in a parade through Iran.

 

They will all provide a good level of protection - though you have to use Sandboxie in the 'correct' way in order to provide protection against keyloggers. The simplest, strongest approach is SafeOnline i.m.o. This provides system wide protection (even if a keylogger exists outside of a sandbox environment) and has performed better than Trusteer in the (admittedly limited) comparative tests that are available.
I suspect that SOL is also less likely to be targeted by trojans such as Zues, compared to Trusteer, given Trusteers' success in being deployed by online banking websites.

 

No such thing as too paranoid in Wildersworld.

 

Prevx SOL offers outstanding protection with pretty much zero config.

Personally I've gone down the route of locking down my browsers using custom D+ rules AND using Prevx SOL,but unlike Brummelchen nothing is too paranoid for me

 

Yeah it is a strange habit of bringing up simularities to make things easier to understand.

Sandboxie in itself is the strongest defense, as long as you start with a clean browsing session and clear your browser session afterwards. Only on infected systems SBIE fails keylogger tests, because its design is intended to prevent you from being infected. No software can compensate for user errors. When you want your protection to be allways on, try DefenseWall. It is a policy HIPS (policy limiting is also called sandboxing for confusions sake)/FW with very strong anti-keylogger protection.

PrevX Safe Online provides more dedicated protection, also on infected machines. It is the one which increases protection from low to max as soon as you switch from HTTP to HTTPS. It is a monkey-proof application.

Trusteer Rapport is the lightest, but it can be set, independantly for HTTP or HTTPS web pages. So when you change the defaults to their strongestt settings, Trusteer Rapport hardens your browser, also for normal HTTP webpages. It does this with relatively low overhead.

 

Interesting....I was under the impression that once a machine is infected, then its game over for all security apps as they are playing by the malware rules.

 

Kees, you should start gathering your hints to one place. They are BEAUTIFUL!

How about, like me, working as an editor at TSA? You could have own title like "Mission for ultimate lockdown" ... or something

 

He should, he really should

 

I would be very happy when Sully completes the SAFE-Admin program (will be offered as a freebie) to co-author a "How to run more securly as Administrator" section at Gizmo with you (simular to http://www.techsupportalert.com/safe-surfing.php).

For XP this would be combining Surun with PGS, Vista Norton UAC plus Safe Admin on WIndows7 Safe Admin.

Hopefully this section reference would get a prominent position in you list

 

Hi,

SBIE might prevent a KL from permanently installing, as it should get deleted with the sandbox on boot etc, but it won't prevent a KL from installing/running during a session. In that time all sorts of information "could" have been phoned home

How do you qualify that statement ? There's a test of it on here that disproves that, quite significantly. What are you comparing it with ? And do you mean CPU % and/or memory ?

Re - Prevx

The free Facebook version also provides this - https://www.facebook.com/pages/Prevx-SafeOnline/254680228961?v=app_6009294086

 

Lightest in security range offered, sorry On the other hand process modification etc can be easily set on for all sites (including HTTP).

 

I think Kees meant light on IO/read? it has high RAM usage compared to PrevxSOL though.

I need every bit of my RAM so I go with SOL.

 

Sounds good! Just tell me, when you are ready to start!

 

Well it was easy to understand and remember, so it's a good habit. Thanks for the advice. I convinced my wife to do all of our financial stuff on my computer, so now I'm trying to figure out what is the easiest way for her to do so safely.

 

I will PM you, October first considering SUlly's time line

 

I'm trying out SRware Iron.. i just don't understand how it works.. Is the sandbox feature like sandboxie? and how do i know its in a sandbox?

 

This is something I wanted to ask the first time, but I guess I forgot. Did you actually tested this, to testify its safety/security?

Other than not being redirected to other sites, only allowing IE to connect to specific websites won't, by itself, protect you against keyloggers. Also, is Trusteer Rapport that efficient?

I just don't understand how, by itself, those measures will prevent keyloggers?

Please, don't take me wrong, I also restrict what my browsers can do (and a lot), etc. It's one more security measure. But, this won't do it all, just by itself.

How is that blocking IE from connecting to other sites than not the bank and some software will become the

 

My question would be: How does the keylogger send the info out?

If it's through IE or whatever browser, then the ip restrictions in kees' post work.

If it's via the keylogger itself, then nothing has to be done if the two-way firewall blocks outbound unless specified in the program rules.

At least this is the way I see it.

 

Yes. ^^

If the firewall is default-deny for outbound.. then the keylogger should be blocked from making outbound connections.
and if Trusteer Rapport works like it says then keylogger wont get anything even if it bypassed the firewall and sucessful in phoning home.

 

OK. So, he's using Windows Firewall with Advanced Security, not only for restricting IE connections, but also blocking all other outbound.

That bit of information is lacking, so that's why I was wondering. But, in that scenario, it does make all the sense!

 

OK. Sorry for being a stubborn, but I'm just trying to figure out something.

Assuming Windows Firewall with Advanced Security is blocking all outbound traffic, except for the specifically allowed traffic, what would be the point for Trusteer Rapport?

That's what made me confused in the first place, and I forgot to mention it. The way I see it, it makes no sense, at all.

Kees, would you be kind enough to shed some lights on this doubt?


Thank you

 

Maybe there's the feeling that Trusteer Rapport can add something Win fw doesn't have? Just my guess. Personally, I see no need for it if Win fw is set up properly, and - more importantly - if a default deny policy is in place.