I do am not a programmer and I do not know how SafeOnline works so I my be completely wrong. But I think that there may be a possible vulnerability in the keylogger protection. Many people use a password manager. While a password manager with a good master password of its own will encrypt and protect your passwords, and SafeOnline should prevent keyloggers from snooping of passwords that you type in manually, may there not be a vulnerability when the password manager transfer the password to the browser through various methods such as the clipboard? So could Safeonline be integrated with, say, KeePass which is free and open-source, in order to protect the passwords against keyloggers during the transfer to the browser? And also protect KeePass itself against keyloggers while you type in the master password for KeePass itself?
SafeOnline is compatible with KeepPass already. It protects data copied to the clipboard. This protection will be enabled if you visit a website which is secured at a level of medium or higher. You need to open the website before copying data from keepass to the clipboard to ensure you are protected. This will also protect the master password. At the moment you won't be protected if you don't open a website first (unlike zemana antilogger for example). Some means of toggling protection on/off outside the browser is long overdue and a "weakness" of the SafeOnline philosophy (just my opinion ) I think more ambitious integration with different Applications on a user's PC is planned with Prevx 4.
You are correct with all points here Prevx 4 (due out late this year) will offer configuration on a per-application basis for areas like antikeylogging, antiscreengrabbing, etc. but we've been cautious in implementing this across the board because of the myriad of strange applications that we've run into that would be conceptually incompatible. The Wilders community didn't experience this test version, but we had a test version of SafeOnline out several months ago which had global keylogger protection but unfortunately it caused problems with obscure applications that needed to read keystrokes or transmit them around in certain ways (one of the more prevalent ones is "Synergy" which lets you use a single keyboard for multiple computers - it has to read keystrokes and transmit them to the other PC - something obviously blocked by SafeOnline). Because of applications like this, we're more weary about pushing out wider, non-browser protection by default as there are too many odd applications that would require custom overrides and we feel that it may end up being too much additional complexity on the end user's part. That being said, Prevx 4 will likely contain pre-built configuration for protecting applications like Microsoft Word, email clients, IM programs, and other popular software from keyloggers as well, although this is still not finalized
Ok, I take it that Prevx protects that clipboard if the browser is active and I use a hotkey to transfer a password via the clipboard from KeePass to the active browser window. Still, this assumes that I have already used the master password to log into KeePass or alternatively if not logged in then the hotkey will make KeePass the active window in order to enter the master password. Since a browser is not the active window in these cases I assume that Prevx will not provide keylogger protection. So this would seem to provide a method for malware to circumvent SafeOnline's banking protection. Assuming that the banking passwords are entered into a password manager. The keylogger will spy on the password manager and get the master password and then use it to retrieve the banking and other passwords.
No, you're assumption is incorrect. You will be protected against key-loggers even if the browser is not the active window. The only requirement is that the browser is open. For keepass, I either open the browser first to enable SafeOnline protection or use a key file to unlock my password file (depends on which file I want to open).
Why not just leave global protection disabled by default, and let more experienced users enable it if they so wish ? I'm sure that people who are not running problematic applications would want this extra protection.
KeyScrambler takes the right approach here - you do need to have configuration on a per-application basis. There are honestly too many odd applications that break if you try to intercept/encrypt/hide keystrokes. SafeOnline uses a very different method of protecting the keyboard from many protection applications which makes it extremely secure: it makes the operating system completely unaware that the keystroke existed. Because of this, various games (which try to hook the keyboard to improve the speed of manipulating the game), browser plugins, and random applications tend to break. However, we will be adding features to optionally protect a myriad of pre-configured applications and likely add the ability to protect custom applications as well.