Completed my ultimate anti-keylogger defense

Discussion in 'other anti-malware software' started by Kees1958, Aug 15, 2010.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes,

    See is a good idea, was my first option see Do-It-Yourself: Implementing Privilege Separation section in http://theinvisiblethings.blogspot.com/2007/02/running-vista-every-day.html

    Plus using ACL to tighten this banking user. Only my son found it to much hassle.
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Q1: Yes Comodo has decent keylogger intrusion detection

    Q2: In theory not, but when you start a new (cleared) Sandbox and only do the bank transaction, then clear this sandbox again, the combo with CFW is in practise sufficient (meaning I would not know how a malware would come in to grab your banking data, so to me it would be 100% with current knowledge).
     
  3. guest

    guest Guest

    Q1: In fact if you put D+ in paraoid mode when you open spyshelter test you got more or less 20 popups asking for permision just to open the software, then you can try the different tests and if I remember well it "fails" in 2 of them but after allow 20 popups just to open the program asking for permision to inject code and modify the registry how knows...
    Is the first leak test tool with this behabiour so IMO is just a marketing tool.
     
  4. Soujirou

    Soujirou Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    63
    So is it the opinion that it is better to use Trusteer Rapport or Prevx SafeOnline instead of Sandboxie for banking/finance over the web? I have searched this board in the past on what is better, and the most informative post likened using Trusteer Rapport as having guards trying to protect a homosexual presidential candidate in a parade through Iran.
     
  5. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    They will all provide a good level of protection - though you have to use Sandboxie in the 'correct' way in order to provide protection against keyloggers. The simplest, strongest approach is SafeOnline i.m.o. This provides system wide protection (even if a keylogger exists outside of a sandbox environment) and has performed better than Trusteer in the (admittedly limited) comparative tests that are available.
    I suspect that SOL is also less likely to be targeted by trojans such as Zues, compared to Trusteer, given Trusteers' success in being deployed by online banking websites.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    No such thing as too paranoid in Wildersworld.:p
     
  7. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Prevx SOL offers outstanding protection with pretty much zero config.:thumb:

    Personally I've gone down the route of locking down my browsers using custom D+ rules AND using Prevx SOL,but unlike Brummelchen nothing is too paranoid for me :D
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yeah it is a strange habit of bringing up simularities to make things easier to understand.

    Sandboxie in itself is the strongest defense, as long as you start with a clean browsing session and clear your browser session afterwards. Only on infected systems SBIE fails keylogger tests, because its design is intended to prevent you from being infected. No software can compensate for user errors. When you want your protection to be allways on, try DefenseWall. It is a policy HIPS (policy limiting is also called sandboxing for confusions sake)/FW with very strong anti-keylogger protection.

    PrevX Safe Online provides more dedicated protection, also on infected machines. It is the one which increases protection from low to max as soon as you switch from HTTP to HTTPS. It is a monkey-proof application.

    Trusteer Rapport is the lightest, but it can be set, independantly for HTTP or HTTPS web pages. So when you change the defaults to their strongestt settings, Trusteer Rapport hardens your browser, also for normal HTTP webpages. It does this with relatively low overhead.
     
  9. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Interesting....I was under the impression that once a machine is infected, then its game over for all security apps as they are playing by the malware rules.
     
  10. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    665
    Kees, you should start gathering your hints to one place. They are BEAUTIFUL! :thumb:

    How about, like me, working as an editor at TSA? You could have own title like "Mission for ultimate lockdown" ... or something :D
     
  11. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    He should, he really should :)
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I would be very happy when Sully completes the SAFE-Admin program (will be offered as a freebie) to co-author a "How to run more securly as Administrator" section at Gizmo with you (simular to http://www.techsupportalert.com/safe-surfing.php).

    For XP this would be combining Surun with PGS, Vista Norton UAC plus Safe Admin on WIndows7 Safe Admin.

    Hopefully this section reference would get a prominent position in you list :D
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Hi,

    SBIE might prevent a KL from permanently installing, as it should get deleted with the sandbox on boot etc, but it won't prevent a KL from installing/running during a session. In that time all sorts of information "could" have been phoned home :eek:

    How do you qualify that statement ? There's a test of it on here that disproves that, quite significantly. What are you comparing it with ? And do you mean CPU % and/or memory ?

    Re - Prevx


    The free Facebook version also provides this - https://www.facebook.com/pages/Prevx-SafeOnline/254680228961?v=app_6009294086
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Lightest in security range offered, sorry On the other hand process modification etc can be easily set on for all sites (including HTTP).
     
  15. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    I think Kees meant light on IO/read? it has high RAM usage compared to PrevxSOL though.

    I need every bit of my RAM so I go with SOL.
     
  16. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    665
    Sounds good! Just tell me, when you are ready to start!
     
  17. Soujirou

    Soujirou Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    63
    Well it was easy to understand and remember, so it's a good habit. Thanks for the advice. I convinced my wife to do all of our financial stuff on my computer, so now I'm trying to figure out what is the easiest way for her to do so safely.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I will PM you, October first considering SUlly's time line
     
  19. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    I'm trying out SRware Iron.. i just don't understand how it works.. Is the sandbox feature like sandboxie? and how do i know its in a sandbox?
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This is something I wanted to ask the first time, but I guess I forgot. Did you actually tested this, to testify its safety/security?

    Other than not being redirected to other sites, only allowing IE to connect to specific websites won't, by itself, protect you against keyloggers. Also, is Trusteer Rapport that efficient?

    I just don't understand how, by itself, those measures will prevent keyloggers?

    Please, don't take me wrong, I also restrict what my browsers can do (and a lot), etc. It's one more security measure. But, this won't do it all, just by itself.

    How is that blocking IE from connecting to other sites than not the bank and some software will become the
     
  21. wat0114

    wat0114 Guest

    My question would be: How does the keylogger send the info out?

    If it's through IE or whatever browser, then the ip restrictions in kees' post work.

    If it's via the keylogger itself, then nothing has to be done if the two-way firewall blocks outbound unless specified in the program rules.

    At least this is the way I see it.
     
  22. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    Yes. ^^

    If the firewall is default-deny for outbound.. then the keylogger should be blocked from making outbound connections.
    and if Trusteer Rapport works like it says then keylogger wont get anything even if it bypassed the firewall and sucessful in phoning home.
     
    Last edited: Sep 5, 2010
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK. So, he's using Windows Firewall with Advanced Security, not only for restricting IE connections, but also blocking all other outbound.

    That bit of information is lacking, so that's why I was wondering. But, in that scenario, it does make all the sense!
     
  24. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK. Sorry for being a stubborn, but I'm just trying to figure out something.

    Assuming Windows Firewall with Advanced Security is blocking all outbound traffic, except for the specifically allowed traffic, what would be the point for Trusteer Rapport?

    That's what made me confused in the first place, and I forgot to mention it. The way I see it, it makes no sense, at all.

    Kees, would you be kind enough to shed some lights on this doubt?


    Thank you
     
  25. wat0114

    wat0114 Guest

    Maybe there's the feeling that Trusteer Rapport can add something Win fw doesn't have? Just my guess. Personally, I see no need for it if Win fw is set up properly, and - more importantly - if a default deny policy is in place.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.