Anti-Keylog software

Discussion in 'other anti-malware software' started by wink, Jan 24, 2003.

Thread Status:
Not open for further replies.
  1. wink

    wink Registered Member

    Joined:
    Dec 16, 2002
    Posts:
    52
    Hi all,

    I am no doubt covering old ground that has been addressed before but....

    I have carried on my daily browse through the wealth of knowledge posted on this forum (and still I am nowhere near finished .. it goes on and on) and noticed the SpyCop software mentioned in a previous and also teh AKL software mentioned in another. My next question has probably been guessed already but here goes >

    Which in your opinion is the most worthwhile piece of anti-keylog software available?

    If this area has already been addressed then please just point me in the right direction, thanks.

    Wink :)
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Wink: ;)

    No doubt there are heaps out there, but for a very good freebie, Spybot.
    I also use TDS3

    Pic denotes the listing of loggers compiled by Sypbot.
     

    Attached Files:

  3. wink

    wink Registered Member

    Joined:
    Dec 16, 2002
    Posts:
    52
    Thanks TD,

    I also use the same so I am pretty much covered on that score :)

    Wink
     
  4. TEL

    TEL Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    25
    Tassie

    Please excuse, but ComputerCops reported that Incredimail uses keylogging. True?

    If true, would SpyBot detect same? If not, what's a method to search & destroy?

    Thx

    TEL
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi TEL,

    The article states PestPatrol detects the keylogger.
    I will see if I can get this verified.

    Regards,

    Pieter
     
  6. TEL

    TEL Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    25
    Pieter

    Thanks

    TEL
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Incredimail? Isnt that horribly insecure even without the keylogger issue?
     
  8. TEL

    TEL Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    25
    JayK

    Good point. What other Icredimail insecurities are there?

    Thx

    TEL
     
  9. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi TEL.

    That's the first I have heard of that, but I haven't used Incredimail for over 2 years now, not since I realised how much it enlarges your emails, plus other things I began to dislike, like it would crash on me too often, etc.

    I first used it, because it was *pretty* but soon realised the folly of my ways :D on that score.

    This isn't to say that other people are more than happy with it, just not me.
     
  10. TEL

    TEL Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    25
    Tassie

    Ain't it true, mate! Thx

    TEL
     
  11. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    What I don't get is why keyloggers need to be detected by signature instead of by behaviour. Two facts:

    • Keyloggers must accumulate data
    • Keyloggers must transmit data

    If keyloggers accumulate in memory, then they're losers - a power down deletes it all. If keyloggers accumulate in files, they can be detected growing (writing)

    If keyloggers don't transmit data, they're pointless. Destinations (either LAN or Net) can be detected and blocked

    What is the problem here? o_O
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi TEL,

    Really don´t know what to make of it. Downloaded PestPatrol trial and scanned. Found nothing related to Incredimail.
    Uninstalled Incredimail, downloaded newest free version, installed it and scanned again. No alarms.

    One funny thing though: when I uninstalled Incredimail a brwoser window opened and brought me to their website presenting me with a form to fill out. They wanted to know why I uninstalled it.

    Couldn´t resist that :D

    I´ll keep my eyes and ears wide open.

    Regards,

    Pieter
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Checkout,

    Good to see you again. :)
    I noticed your post too late.

    The problem is (to me, at least) I´ve blocked Incredimail in my firewall ever since they forced me to upgrade.
    Since I did this it keeps crashing.
    No fingers pointing, but it makes you wonder :rolleyes:

    Regards,

    Pieter
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Pieter - I believe Checkout meant - why is it supposedly so hard to detect keyloggers (for exactly the reasons he stated, BTW).

    I've often wondered the same thing myself (as well as why anti-keylogging programs - or a lot of them, anyway - detect mainly by sig instead of by behavior).

    Obviously one of the great mysteries of the universe! :) Pete
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Pete,

    I know what Checkout meant, but I´m not smart enough to find out where keyloggers hide their info :)
    And, as I said, the program phones home all the time, so how do I know when it is trying to send what. Especially since I blocked it. And I´m not going to allow it now, since I sent my farewell message :D

    Regards,

    Pieter
     
  16. controler

    controler Guest

    From my experience with Most good keyloggers, They use your default
    e-mail client to send the data if that is how the keylog file was setup.
    A person used to be able to use Yahoo's mail for free. You still can but it costs you now.

    Now I am going to mention again why I like NORTON AV

    Wheather you have your e-mail client like say outlook opened or not
    the keylogger still will use it to transmit the data. When the keylogger trys to when you have Norton set to scan all incomming and outgoing mail, The splash screen with kick up when the logger trys to send the mail. Trust me !!!!!!! I have tried this long ago.
    I will also tell you I have sent some of the keyloggers now incorporated into Spybot and I will also tell you I still have a few Spybot doesn't catch. For that matter neither does TDS or NOD
    And you guessed it, neither does Norton BUT Norton will tell me if I the loggers is trying to use my outlook to send the info.
    Your personal firewall will also alert you.
     
  17. TEL

    TEL Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    25
    Pieter,

    Thx for looking into this. Glad you were amused! I sent an enquiry off to Paul, who posted the original heads-up on this over at ComputerCops.

    Let you know if/what he replies.

    Interesting thread. Thx all

    TEL
     
  18. snowy

    snowy Guest

    QUESTION


    Java applets will bypass many security programs just as if they don't exist. on any given day I may have as many as 2-10 applets sending/receiving......an as Controlar pointed out.....two of the apllets use ssl e mail port......
    fortunately I have some means of constantly scanning these applets for hostle actions......however, imo its not enough.....never can be.........
    so what would be the over-all opinion of how easy an applet could install a keylogger..........
    I use several means of protection and scanning for keyloggers.........this applet thing however would appear to open a big hole for monitoring of keystrokes without the need for installing a keylogger.......
     
  19. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    OFF-TOPIC (briefly)

    I'm going to be writing something on this keylogger topic in a few. But I couldn't contain by exhilaration at seeing PETE and CHECKOUT in the same thread! I got a chance to welcome Pete back before I left (I was gone for a week), but Checkout(!) - it was so good to see you post. You add so much to this forum!! I hope you're doing okay and will stick around awhile. While I am at it --- SNOWY! I'm glad to see you haven't packed it up yet. We need you here too. This was a great surprise. be back in a bit with an on-topic post.

    John
    Luv2BSecure&LuvPete&Checkout&Snowy&Wilders
     
  20. snowy

    snowy Guest

    Lov@B


    John

    I'll much interested in reading your writing....things are beginning to really hop...not sure if I'll be here to read it...
    hey, it really is great seeing checkout and pete....

    John..I would not normally mention this...since re-connecting I've been "targeted" several times (not at this website) an its taking a great deal of self control for me to not respond........
    on the keylogger issue....I've tested several preventive measures...each seem lacking in some regard....the applet issue being what appears as the highest risk
     
  21. wink

    wink Registered Member

    Joined:
    Dec 16, 2002
    Posts:
    52
    Hi all,

    Thanks for the replys and the information about the Applet issues. I think at the moment due to this issue I will stick with what I run at the moment and save further searches for the ideal program for when some of you guys are satisfied that you have found something which addresses these current uncertainties.

    Thanks for your time, it's much appreciated!

    Wink :)
     
  22. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Feels like being back home, John! Thanks!
     
  23. snowy

    snowy Guest

    WINK

    by no means did I want to make anyone nervous about using applets......
    as you may notice other than you there were no comments on the applets..........whenever I've posted this in the past the results are the same....very little discussion on the applet issue.....or someone offer a link to a "sandbox" program. I've no idea why there is such low interest..........considering that applets can so easily bypass security programs........I have yet to have an applet ask permission to bypass a firewall..it just goes.......an a few very popular programs out there in cyberland offer no resistence to the ye ole applet
    may be a good time to check to see if your anti-virus program checks for hostle applets
     
  24. controler

    controler Guest

    Below is a link to check your computer for Applet access.
    Then some reading material
    Then some more of those links for software.

    ht-tp://www.nutzwerk.com/english/safersurf/security/test_applet.html


    Applets implement additional security restrictions that protect users from malicious code too. This is accomplished through the java.lang.SecurityManager class. This class is subclassed to provide different security environments in different virtual machines. Regrettably implementing this additional level of protection does somewhat restrict the actions an applet can perform. Let's explore exactly what an applet can and cannot do.

    What Can an Applet Do?
    An applet can:
    Draw pictures on a web page
    Create a new window and draw in it.
    Play sounds.
    Receive input from the user through the keyboard or the mouse.
    Make a network connection to the server from which it came and can send to and receive arbitrary data from that server.
    Anything you can do with these abilities you can do in an applet. An applet cannot:
    Write data on any of the host's disks.
    Read any data from the host's disks without the user's permission. In some environments, notably Netscape, an applet cannot read data from the user's disks even with permission.
    Delete files
    Read from or write to arbitrary blocks of memory, even on a non-memory-protected operating system like the MacOS. All memory access is strictly controlled.
    Make a network connection to a host on the Internet other than the one from which it was downloaded.
    Call the native API directly (though Java API calls may eventually lead back to native API calls).
    Introduce a virus or trojan horse into the host system.
    An applet is not supposed to be able to crash the host system. However in practice Java isn't quite stable enough to make this claim yet.

    Who Can an Applet Talk To?
    By default an applet can only open network connections to the system from which the applet was downloaded. This system is called the codebase. An applet cannot talk to an arbitrary system on the Internet. Any communication between different client systems must be mediated through the server.
    The concern is that if connections to arbitrary hosts were allowed, then a malicious applet might be able to make connections to other systems and launch network based attacks on other machines in an organization's internal network. This would be an especially large problem because the machine's inside a firewall may be configured to trust each other more than they would trust any random machine from the Internet. If the internal network is properly protected by a firewall, this might be the only way an external machine could even talk to an internal machine. Furthermore arbitrary network connections would allow crackers to more easily hide their true location by passing their attacks through several applet intermediaries.

    HotJava, Sun's applet viewer, and Internet Explorer (but not Netscape) let you grant applets permission to open connections to any system on the Internet, though this is not enabled by default.








    http://www.trendmicro.com/en/about/news/pr/archive/2000/pr032000.htm


    www.finjan.com

    Made first link unclickable. Gave me a virus warning. Will check it out. Pieter
     
  25. :)
    Netizen must use antikeylog software !!!
    Any firewall and any vaccine program can't protect against keylogging program.

    Best regards

    www.anti-keylog.com
     
Loading...
Thread Status:
Not open for further replies.