Anti-Keylogger Tester

Discussion in 'other security issues & news' started by TairikuOkami, Jan 13, 2007.

Thread Status:
Not open for further replies.
  1. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    A lot of.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,597
    Location:
    The Netherlands
    But isn´t it true that a keylogger will also have to bypass the firewall? Not that I think this is difficult to do though. And I must say that new tools like KeyScrambler look very interesting. ;)
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    There's a million ways it can accomplish that without being seen.
     
  4. pwr

    pwr Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    70
    For me, it doesn't even capture any keys in the methods. o_O Tried logging into poker clients etc. no captured keys. Running NOD32 and Outpost latest
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't know if anyone mentioned this, but what about using KeyScrambler with SandboxIE? The perfect marriage?

    SandboxIE won't prevent "Windows Message Key-Loggers", but KeyScrambler would, if it's that good.
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    What's the deal about KeyScrambler? It's a Firefox "extension" that promises to prevent keylogging of what's typed in the browser yet (obviously) doesn't even prevent the most basic form of keylogging feature (http POST capture). Am I missing something here? :cautious:
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Still not seeing the "obviously" part - and KS isn't just a FF extension, since it works on IE, also.

    I'm seeing a lot of claims that keyloggers can be planted and communicate out by a lot of different mysterious mechanisms (supposedly).

    Unfortunately, I'm not seeing any proof whatsoever to back those claims up (at least not in an understandable form).

    Feel free to enlighten us. Pete
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,225
    Location:
    Sydney, Australia
    This has become an interesting thread
    : few security apps seem to detect the keylogger tests with any assurance
    :there is info presented about screencapture malware
    : there are the usual disclaimers about "not real malware", only nutters would run an untrusted exe etc

    Congrats to gkweb for starting this off with his evil little test app.

    I have had some messages about BoClean adding detection of the ALKTexe which I agree with gkweb "shortcircuits" the testing angle per se.

    PrevX warned once about "unknown exe" which I suppose discharges its' responsibility, but then no other detections function

    CH as noted with CH NOT the active window seems to pick up 2/5

    KIS ??

    Running in a sandbox is of course useless unless there is a "guaranteed" outbound blocker which may not be possible if I read some other posts correctly

    Depressing:
    More depressing
    A little better
    Encouraging:
    @Ilya
    HAve to agree that there seems to be scope for these capture apps and some hidden malware. ?!?

    :doubt:
     
  9. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yeah well, too bad. Watch my video I took and you'll see why it's obvious (as it wasn't obvious before). I repeat this, this software offers NOTHING worthwhile in terms of protecting against many existing real-life keyloggers.

    If you think you're safe against all keylogger activity in the browser with it, go ahead and "feel safe" (even though you're not).
     
    Last edited: Jan 25, 2007
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    There's no need to be a nasty asshole about it, dude. Chill why don't you? Pete
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Since i don't know keyscrambler, just read about it, that was the reason i asked.
    If it covers the only thing (well, for illustration purposes) SandboxIE doesn't, it's logical to ask.

    If it isn't that good, i ask what would help SandboxIE in that task? Theoretically nothing will pass it, but while inside the sandbox, some things can be done. So what is SandboxIE's best friend?
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Ok, sorry about that. :p
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    NP. I appreciate your bringing out the clip so I can see what the developer has to say about it.

    Hey - if I'm wrong, I'm wrong (it wouldn't be the first time).

    What's "Interceptor", BTW?

    Pete

    *NM, I'm reading up on it now.

    ** Related thread (with developers' response) : https://www.wilderssecurity.com/showthread.php?t=147469
     
    Last edited: Jan 25, 2007
  14. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    Hi there,

    to come back to the main question:

    Is there an Anti-Keylogger app. or an other app. that prevent
    keylogger from snoopingo_O?

    It would really help everybody here when we get serious expert advise on that.

    Thanks.
    true north
     
  15. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    And not just keylogging either. lol.
     
  16. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    SnoopFree does block your second screenshot method on my w2k system, it just opens a blank image. It also blocks the GetAsyncKeyState keylogging method.

    Jetico V1 - Blocks the DirectX keylogging method
     
  17. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Somehow, that's not very informative (nor is it a source of concern here). :rolleyes:

    The thought of having to worry about "things that go bump in the night" is really pretty laughable if you have any kind of decent security set up at all and half a brain. (Trust me, I know :D ).

    There's absolutely no other explanation here for having remained un-infected by anything for this long. Pete
     
  18. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    When I said "the software SnoopFree has anti-screenshot features, which unfortunately is not able to block the two AKLT's test.", I didn't mean that SnoopFree was failing both leaktests, but that it wasn't passing both, sorry if I was unclear (I mean it was passing one, kind of bizarre french like sentence I guess).

    Also, for information, I've tested AKLT on Vista :
    - under a standard user account, with medium (default) integritylevel, it is fully working (not being admin still does not help).
    - under a standard user account, with a low integritylevel, the 3 keylogging methods are not working.

    To give more explanations, the Vista's UIPI feature isolates processes with different integritylevels (IL), and by default all running processes have a medium IL (except Windows services). AKLT having been set to a lower IL than the others, it cannot capture input from them. However, it can from other apps running at the same IL. Thus, AKLT was only able to catch keys typed into IE (as it is running by default with low IL).

    Regards,
    gkweb
     
  19. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Outpost too ;-)
     
  20. Someguy

    Someguy Registered Member

    Joined:
    Mar 23, 2004
    Posts:
    31
    Concerning Keyscrambler, I wrote this in the thread:
    https://www.wilderssecurity.com/showthread.php?p=945179#post945179
    Can anyone confirm whether this is true?
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    2nd is true. The comunications is about as good (safe) as it gets, i think. But if you're infected with keyloggers and such... If you're clean, the connection is safe.
     
  22. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Actually checked Virtual PC2007 and threads showed this:

    http://i13.tinypic.com/4ggc56c.png

    DINPUT.dll

    with our knowledge of AKL it gets a totally new point of view, what do ya think about? Usual or not?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.