anti keylogger

Discussion in 'malware problems & news' started by tom772, Jul 23, 2005.

Thread Status:
Not open for further replies.
  1. tom772

    tom772 Guest

    Snoopfree is a good free anti-keylogger that may detect the password stealer and any other keyloggers that could be hidden on your computer. http://www.snoopfree.com/

    Hi all, i read about this on one of the treads at wilders. My question is what do people think of this and is it worth donloading to add as a back up scanner.

    Thanksfor any replys,

    Good night

    Tom
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm.. I thought a firewall would take care of keyloggers (denying the app access to the internet).
     
  3. coast2coast

    coast2coast Guest

    I like Snoopfree and think it's a very good anti-keylogger. If you don't have anything else for keylogger detection, I would highly recommend it. Not bad at all for a freebie.



    Brian N,

    How can a firewall stop a keylogger from logging keystrokes? While many firewalls will stop some keyloggers from accessing the net behind your back, they aren't a complete solution.

    The Windows firewall for example has NO outbound protection, so it's worthless against malware accessing the net behind your back.

    Also if you allow the keylogger through your firewall, that does have outbound protection, not knowing what it is, then it's game over plain and simple.

    And what if someone has physical access to your computer, what then?

    What it comes down to is we still need anti-keylogger software, if we want a chance to stop keyloggers from stealing our privacy away.
     
  4. sekuritas

    sekuritas Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    19
    This must be one of the top most FAQ. There is also a discussion elsewhere but I do not have a satisfactory answer bcz it really depends on the user's security needs. Everyone seemed to be satisfied that as long as your PC is "secured", you'd be right. I am not happy with that answer bcz it does not really offer me a solution.

    Maybe if I rephrase my question to ... since I am a normal profile person and my normal activities are just logging occassional to the internet bank on my company's PC which I have just inherited from god knows who, what should I do to make sure at the very least, no one is capturing my internet bank password? I am not worry about the keyboard logger capturing other things (bcz I do not have anything sensitive for them to capture). Is there a simple answer to this simple requirement?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    How do you think a keylogger might get onto your computer?

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  6. sekuritas

    sekuritas Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    19
    Hi Rich,

    One scenario is that I have just joined this new company and I've inherited a used PC so the keyboard logger may be there in the first case. Hope this would narrow down the scope.

    sk
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, sk, then the solution is an easy one: don't do any personal business on that computer.

    At work, I use a new computer, but would never do personal business on it. Too many unknowns.

    Good rule of thumb: at work, always assume you are being watched - and not just on the computer!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  8. Tom772

    Tom772 Guest

    But say if you are unlucky enough to get a keylogger, how would you go about finding it and killing it, T
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I wouldn't know what to do, so I would post to Wilders for expert advice. Someone would probably recommend a program, and I would try it.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  10. If your looking for a few good programs to find and remove keyloggers, then I would go with Snoopfree as already suggested. It is a nice freebie that can only help you in the battle against keyloggers.

    Another nice program for finding keyloggers is Security Task Manager http://www.neuber.com/taskmanager/index.html while it is not a free program, it is very good at finding keyloggers. It does have a 30 day free trial too.

    Of course programs like Spybot, Ad-aware & MSAS will find some keyloggers too, but they're nowhere near as good as Snoopfree, or STM in this area, but still certainly worth having in your anti-malware arsenal.

    Prevx free does an excellent job at stopping keyloggers from being installed in the first place, as does AntiHook, another very good freebie.

    If you want to keep yourself clean from keyloggers it really takes a combination of preventative programs (Prevx & AntiHook) combined with some good scanners (STM & Snoopfree) that will detect and remove keyloggers IMO. Layers gentlemen, layers. Layers of different security programs combined is what will save the day, and keep those nasty keyloggers far far away. ;)

    But never forget plain old common sense, like don't open strange emails, don't download programs from untrusted sources, and have a good firewall and AV that is fully up to date, at all times.
     
  11. sekuritas

    sekuritas Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    19
    The situation has arised that I have to do some internet banking on a foreign PC. It is more common than one would think - let's say I am asked to work outstation; say in Woodland Hills when my usual home is in Washington DC.

    Already one of my good rule. I saw one guy got sacked bcz he was downloading some porn, and another reprimanded for something else (he spent too much time on one gaming site).

    I think keyboarddestoryer suggestion is sensible which some of it I have done myself
    1) Scan the foreign PC first (I used spybot and MSAS).
    2) Use hijackthis to check all startup apps. (I disable all those that I do not need or recognize).
    3) This is my extra procedure - monitor various directories (c:\temp, c:\windows, c:\windows\system32, c:\windows\temp, %userprofile%\application data) for a week. - this I am trying to detect if there is any foreign data files (maybe the keyboard logger's)
    4) I delete all c:\temp, c:\windows\temp and all IE temporary internet directories

    Since all the internet traffic is probably proxied, the above prodcedure are useless if someone decided to put monitor the middle part or put a middle man in between. Then it will end up how much I trust the company. I will probably inform my bank that I will be based elsewhere so that they can also watch for suspicious activities on my account. Hmmm.... any more good ideas?
     
  12. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    If you are using a third-party PC, then you can never be fully assured that there is no software on there recording you.

    Depending on your level of comfort with the situation the I would recommend either taking a Knoppix bootable Linux CD with you, or make a bootable windows setup using BartPE and take that instead.

    Then, simply boot from CD when you want to do banking.

    Mike
     
  13. controler

    controler Guest

    Hi

    There has been alot of discussion here about keyloggers in the past.

    Most agree programs such as process Guard, PrevX ect will prevent them from being installed but what happens if you have a infected PC before the above mentioned programs were installed?

    There is getting to be more and more keylogger dectection all the time.
    Even Kav is doing a great job. The big elproblemo with "scanners" is they require
    DEF's. BoClean trys to keep up on keyloggers also.

    This brings me to something very important. proactive detection, which BTW is the new buzz word these days. As mentioned above some proactive programs
    that need to be installed on a clean system.

    Soooooo, the only keylogger program I know of that is proactive and uses NO DEF's is Anti-Keylogger found here : http://www.anti-keyloggers.com/

    They Do have a trial. Unless they have changed their ways, they offer free upgrades to newer versions. I found a few things Boclean didn't like about it but it didn't take Kevin long to fix it.

    Looking back and all the keylogger hoopla and the record breaking TDS-3 thread, I think some of these AV-AT companies envy programs like Anti-keylogger since these guys don't have to work night & day on DEF's.
    It appears after looking at the site again that 6.1 is the new version, released
    on July 19th


    controler
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Controler,

    Online Armor also implements non-definitition based detection of keyloggers. Give it a try :)

    regards

    Mike
     
  15. controler

    controler Guest

    Thanks Mike I will take a peek even though I do have a LIC for Anti-Keylogger now.

    One thing I like to mention about the Antikeylogger site, is the reference to very interinting info on Keyloggers. Look way at the bottom and click on LIBRARY.
    Don't forget to bring a beer or coffee though :D

    controler
     
  16. controler

    controler Guest

    Hi Mike

    I was just looking over this LONG thread on Onlime Armour and see you are
    from tallemu.

    Most of my LIC's were obtained by beta testing, one of my first was the dreaded word here, Norton LOL

    That is how I got some free commercial keyloggers as well. Now isn't that ironic?, finding bugs in keylogging programs?

    I can only remember two companies that didn't allow me to Beta test, Boclean
    but I didn't ask & DCS. Guess I wasn't high enough caliber for them :'(

    controler
     

  17. Using a Knoppix or other similar bootable cd is a good idea, no doubt, but if the computer your using has a hardware keylogger installed, then it won't help much.

    Hardware keyloggers used to be easy to identify and remove, see here for a description http://www.spycop.com/keyloggerremoval.htm But now hardware keyloggers can be hidden within the keyboard itself, or within the computer case, so it is very difficult to find them.

    One other way to defeat software and hardware keyloggers is to bring your own laptop, if you plan on doing any type of banking online. This is probably about the best way to avoid keyloggers, but it can be costly, but worth it IMO if your doing anything like online banking.

    Bringing your own USB keyboard along with the knoppix cd would probably be about the best alternate low cost way to defeat hardware and software keyloggers, as I saw posted on another site. Here's a good very portable USB keyboard for $20. US that can basically be rolled up and put in your pocket. http://www.compusa.com/products/product_info.asp?product_code=309746&pfp=SEARCH

    But if the computers you want to use have the USB ports blocked and won't allow the use of a cd, then you would probably have to bring your own laptop and use it in place of the other computer. A PDA could be used as well. Hth.
     
  18. AAPlus2

    AAPlus2 Guest

    Hello,To all

    I just have one thing to ask you all ok maybe not just one thing
    i was about to Install & run this prog looks like a nice one to have.

    but after looking around at the site i happen to see this here

    Then as i'm looking at this i note this here

    Protect yourself and play your part in fighting cyber crime. Download Prevx Home– there’s no need to provide any personal information or to register your product.

    Now what i was about to ask you all is

    1)Can i stop this info from being sent out using my FireWall

    2)If there is no need to provide any personal information

    3)But is this not just what i would be doing if i lit the info
    get pass my FireWall + other tools i have inplaceo_Oo_O??

    Thank you
     
  19. AAPlus2

    AAPlus2 Guest

    Hey,All

    Sorry about that lit me reword just what i was trying to say here
    if i stop this info from being sent out.

    will it keep this prog from working like it needs to
    well not sure anyone get's what i am trying to say

    Thank you
     
  20. 10x

    10x Guest

    Yes, you can block Prevx with your firewall, from transmitting the data it collects and attempts to send back to Prevx. The data has been analyzed by others though, and it is nothing to be worried about. But still if you want to block it you can, and Prevx will still function properly.
     
  21. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    We love our beta testers at Tall Emu. Especially that blonde one ;-)
     
Loading...
Thread Status:
Not open for further replies.