Could a kernel level keylogger bypass all of this? (x64)

Discussion in 'other anti-malware software' started by SpongeGuard, Sep 16, 2010.

Thread Status:
Not open for further replies.
  1. SpongeGuard

    SpongeGuard Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    22
    I'm aware that patchguard has been bypassed now, but I'm curious if pre-patchguard keyloggers could not be hidden by rootkits or by just being kernel level?

    I'm by nature a very paranoid person when it comes to web security (suffer from several types of OCD), so I am always worrying about the latest threads (longtime lurker).
    So far my security setup consists of Sandboxie (x64 so I don't rely on it completely), Avira Antivir (with webguard/guard turned off as I find it to be more of a hassle than it's worth), Winpatrol, Comodo firewall (defense+ turned off as it prevents many games from running on my system), SUPERantispyware, Malwarebytes, Spybot Search & Destroy, spywareblaster, hitman pro, and lastly microsoft security essentials. I am also planning on purchasing a 1 year prevx license at the end of the month.

    Anyways, so I'm wondering - if none of the apps I've said detect ANYTHING, are there any steps I could go about to be 100% sure that there is nothing on my system?
     
    Last edited: Sep 16, 2010
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    My God!! you need to do some house cleaning. Get rid of Microsoft security essentials, SB, SpyBot, SAS, MBAM, Prevx etc.

    Antivir + SBIE + Comodo( I assume u have switched off it,s AV) might be enough IMO. Some scans with HitmanPro.
     
  3. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Hmmmmm.. I would suggest you try keyscrambler free.. (I thought about this setup..feel free to reject and smirk)
    Avira free + OA free + keyscrambler free ..:thumb: :thumb: :thumb: :thumb: :thumb: :thumb:
     
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    Comodo firewall + Sandbox + D+ with any other AV, (keyscrambler) and Prevx Free. You dont need more programs on real time.

    Try the latest version of comodo v5 and your problem with the games will disapear. Also due to the whitelist in the cloud the popups has been reduced drastically (1 or 2 afer reboot, and 2 or 3 a week if you install new and unknown software)
     
  5. SpongeGuard

    SpongeGuard Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    22
    Thanks for the recommendation of updating to v5. The product seems to have VASTLY improved, and I'm loving the lack of interference by defense+. I'm just hoping security hasn't been reduced, but I set security to maximum on firewall and D+ just to be sure.

    Also, I don't run any of those programs in realtime. Everything with spybot, SAS, malwarebytes, MSE, etc, is all disabled at all times. I only ever load them to scan, otherwise I use winpatrol and avira guard for defense.
     
  6. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    If you set D+ in paranoid mode you will get all those popups that Comodo had at the begining. Not recomended.
    If you set the configuration to "Proactive security" in the presets you will get the better protection almost without popups due to the cloud and local whitelist. D+ in "safe mode"

    All the excutables that are not trusted (they are not in the whitelist) are run inside the sandbox, if you trust in the app and you dont want to run it in the sandbox again you can check "dont isolate this app again" and you will make the app trusted. If you want an app to be added to the whitelist cloud you can always request it in the forum, usually in 2 or 3 days if is a trusted app they will add it.

    The firewall should be in "safe mode" in "custom policy" you can't create new rules so any new app trying to access to internet will be automatically blocked.
     
    Last edited: Sep 16, 2010
  7. SpongeGuard

    SpongeGuard Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    22
    Sorry, when I said maximum security I meant I clicked the "max security" box on installation, instead of clicking "optimum security"
    Not sure what the difference between those two is, but either way!

    I like the whole running unknown apps in sandbox. Unfortunately, however, video drivers + sandbox = not a good idea.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    For along while now. Anything at kernel mode is game over.
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Considering the recent tests, even if infected in this scenario, Prevx provides the best protection by far with its Safe Online feature.
     
  10. SpongeGuard

    SpongeGuard Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    22
    Well, Comodo defense+ is still giving me a ton of issues. Even without a dozen notifications per day, it's still minimizing my games randomly. I think I'll give onlinearmor a test.
     
  11. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    I have never had this kind of issues with the games.
    If any popups appears, just accept popup if the game is sandboxed check "dont isolate this app again" close the game and open it again.
    Another way is add to the trusted files the executable of the game and you will never have any problem with Comodo.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i believe comodo has a game mode too;)
     
  13. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    Yes, I forgot the "game mode" (right click in the icon) :D it's new in CIS 5
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  15. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,075
    here it is, you can use the "game mode"
    http://help.comodo.com/topic-72-1-155-1147-Starting-Comodo-Internet-Security.html
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes i tested the game mode when my sons play game and not a single pop up;)
     
  17. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    are you also installing all windows updates, is your instaled software fully patched?
    you can use for exsample file hippo to check
    http://www.filehippo.com/updatechecker/
    normaly its not needed to install so many programms... but to be fully updated is and good start to be secure.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ofcourse the patches:)
     
  19. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    for most users its not normal.
    you can see it in most statistiks, most people are not updating windows and other software
    i see it every day. no updates and a lot of malware.
    some are thinking its only needed to install as much tools as posible and "i'm" protected. but this is not needed and not the most important.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes agree:D even if i didnt get any updates from the the day i format my pc i turn off my updates alerts:D bad me:thumbd: :D
     
  21. SpongeGuard

    SpongeGuard Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    22

    Of course :)
    First mistake a person can make is to browse on an unpatched system!
     
  22. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    yer but not only windows updates, also flash, adobe etc must be all patched. you can also use an limmited user account, dep for all processes, sandboxie, maximum uac i use under win7.
    and someother windows configurations, i personaly had no malware since 10 years and use since 6 months no av anymore, its useless for me
    when you are using firefox, you can also use noscript + adblock+
    more secure is opera. think its one of the most secure browsers
     
  23. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Be careful and Good Luck :thumb: :thumb:
     
  24. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    I'm :d
    and if somethings goes wron, after 5 minutes my backup makes all fine :p but like i said, no malware since 10 years, only on my test pc...
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    good man;)
     
Thread Status:
Not open for further replies.