Defend against keyloggers, hooks, rootkits etc.

Discussion in 'other anti-trojan software' started by Wai_Wai, Sep 21, 2006.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Defend against keyloggers, hooks, rootkits etc.

    I'm interested to know what people here do to defend themselves against keyloggers, hooks, rootkits?

    What programs do you use? Why?
    Do you install anti-keyloggers, anti-hooks, anti-rootkits programs just for that?
    Or do you come up with other better and more general protection against them?

    Thanks for your sharing. :D
     
  2. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    With the apps i use i feel confident that i'm pretty secure. Of the apps i use there is Prevx1, Regrun(with Unhackme), KAV and BOClean running realtime. I also run scans with Security Task Manager which is massively cool at heuristic detection of keyboard hooks. The author told me that the next version will have capability to detect Kernel level keyloggers. If anything gets by that lot then it deserves to!!!

    muf
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Key loggers-- SnoopFree
    RootKits-- well I guess GeSWall should prevent them( not sure- can anybody confirm it?)
    Safe surfing of course
    And if something does happen-- Instant Recovery software like EAZ-Fix or Imaging software( EAZ Clone is free and works for me).
    Main thing is all of them are non-signature based and all except one are free.
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    For me currently, I'm going to really try and get to grips with System Safety Monitor. It looks like one application that can lock your system down and I relish the challenge to see if I'm savvy enough to do it.

    Posts by Herbalist are proving very useful.

    This plus PG which I've used for a while, whilst overlapping, seem to be overkill but they don't appear to conflict.

    I'm also a great fan of ShadowUser for surfing, although again this is probably overkill as I'm not adventurous.

    Specific roottkit apps I have on demand are Rootkit Revealer and
    the one from Sophos. Of the two I find Sophos more user-friendly but I'm not knowledgable enough to differentiate between them as to their effectiveness.

    On another machine I have Snoop Free which seems very effective and lightweight purely for anti-keylogging but my laptop didn't like it.

    Why? Good question. For me, purely learning as a hobby in the arena of PC security. I'm a home user with NOD, LnS and various anti-spyware scanners which seems to be ample were I not interested for interested's sake.

    I've looked at other apps recent and when I get chance I intend to detail my experiences from a purely newbie point of view.

    Hope that helps
     
  5. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Me? I use Online Armor, Nod, BoClean, and Comodo Firewall...soon to be replaced with Online Armor`s firewall.
     
  6. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    My defend against keyloggers are Online Armor and Snoopfree

    For me it's very difficult to detect in RT a rootkit or any hooking windows API so i use scanner ( all the known but i prefer icesword, gmer, Rootkit Unhooker and Darkspy )

    May be i am wrong o_O
     
  7. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi MaB69

    I don't think there is any 'wrong' - we use apps we trust and compared to most we secure ourselves as best we can.

    If SSM works as I hope I feel that I have done the best that I can with the other apps I have to protect myself from all intruders.
     
  8. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Process Guard (latest version). It runs light and handles/defends against keyloggers, hooks, rootkits better than anything else that I have come across. It was the first & is the simplest. However, as a result in being the first it does not cover everything in the same way that some of the newer pgms of the same sort of type do, ie, System Safety Monitor, Ghost Security, ProSecurity (currently a beta), etc. What PG lacks is the ability to create Advanced Rules and also protection for the Registry, that the others do.

    Still, it has served me well and I am very happy using it.:D
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I use a great combination...ProcessGuard and KAV 2006. KAV's Proactive Defense complements PG by protecting the registry which PG does not do but protects against keyloggers, hooks. rootkits, etc. very effectively. These two together provide full protection and work well together.
     
  10. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Hey beetlejuice,

    Any idea how long before OA's firewall will be "ready"?

    I've been following it some in the OA beta testing forum, and I see that some bugs are fixed, and then others will appear. But overall it seems to be making progress. While I know that he can't give a concrete time period for it, has Mike indicated any sort of a targeted timeframe for the full official release?
     
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I use SnoopFree Privacy Shield and Blacklight beta. Also, scans with Ewido and A-Squared. I am not really concern bout keyloogers, rootkits etc...but at least I have "something" for detecting them..:D :cool:
     
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Yup, I use KIS & PG...so I agree with Mele:D
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use a frozen snapshot (FirstDefense-ISR) to get rid of all threats : no change is no change.

    I still need a software that prevents the execution of threats :
    1. Faronics Anti-Executable AND/OR
    2. Prevx1
    seem to do that.

    If some threat bypasses AE or Prevx1 or Look 'n' Stop, my frozen snapshot will remove them anyway during the next reboot.
    Total removal in 90 seconds + stopping the execution seems to be a good protection with a mnimum of security softwares.
    Scanners take too much time and have too many holes and HIPS asks too many annoying questions. :)
     
  14. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Hello there JR. The way things going I wouldn`t be surprised if it`s out for public beta next week. Things are looking up now. As far as a time frame...I can`t give. Sorry.


     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    My settings improved by nLite and covered by Firewall will protect me against everything.
    I use MWAV to scan suspisous downloaded files and I use HijackThis and GMER to scan PC.
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    do i have anything that can protect against root kits?
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    BOClean protects against trojans & worms & pestilences & rootkits &.... things that go bump in the night (oh my).:eek:

    BOClean began protecting against rootkits long before most folks even knew how to spell the word. BOClean has done the job for many years for many satisfied users. And those satisfied, well--protected users are all still around to tell about it. Websites can be instructive BUT -- I recommend you do a search & read actual posts by users of BOClean before you decide.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But Prevx offers much more as well.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok but It can,t detect preinstalled rootkits? Am I true?

    @bellgamin
    What about BOClean in the regard?
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not a malware or internet genius, so I can't answer your question and I'm still learning Prevx1 since the day before yesterday.
    Nevertheless it seems very logical to me, that you must install Prevx1 on a CLEAN computer.
    I had the impression that Prevx1 creates a whitelist of executables during its installation, just like Faronics Anti-Executable. If your computer is infected with evil executables then they could be whitelisted too during the installation of Prevx1 and run forever.

    IMO you have to split the malware problem in 4 smaller problems.
    1. The installation of malwares. How can I prevent the installation, which is still the very best method.
    2. The execution of malwares. How can I stop the execution of the malware, when it is installed on my computer ? Some malwares executes themselves immediately, others are sleeping until they are triggered.
    3. The detection of malwares. Some scanners detect malwares, but don't always remove them completely or can't remove them. So detection and removal are two different things.
    4. The removal of malwares. The removal isn't always easy and sometimes dangerous : false positives (scanners), wrong actions of users (HIPS). Removal has to be as complete and fast as possible.

    I don't trust my router, firewall, Anti-Executable and Prevx1.
    That's why I installed them in a frozen snapshot, that removes everything during the next reboot.
    But I don't trust my frozen snapshot either.
    That's why I keep an archived snapshot on my external harddisk, that contains the original clean install of my frozen snapshot.
    I also have a backup file of an original clean install of my system partition [C:]

    Because I'm a newbie in malware and internet, I have to create something like this, because I don't have the knowledge of a malware expert to create a balanced security setup and I don't want 30+ security softwares on my computer either.
     
    Last edited by a moderator: Sep 24, 2006
  22. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I think that is not correct. After installation Prevx1 is health checking your computer using its own malware database which is stored localy on your machine and will alert you for excisting malware.

    Gerard
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If that is true, then Prevx1 is also based on blacklists and such softwares aren't good enough, too many holes. I have to check this, because I don't know Prevx1 that well.
     
  24. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I am sorry I said it wrong and it should be:

    Gerard
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    No need to apologize. I can think for myself. :)

    IMO there is a big difference between Anti-Executable and Prevx1 regarding the local database.

    Anti-Executable (AE)
    The local database of AE requires a CLEAN computer from the beginning and is based on the
    actual executables on your computer. So each executable is accepted, even when it is a bad executable.
    After that anything what is not whitelisted is refused by AE and that is a pretty good protection.

    Prevx1
    The local database of Prevx1 doesn't really require a CLEAN computer, because the executables are verified by the community database before they are accepted in the Local Database.
    However if a bad executable isn't blacklisted in the community database, then it will be also accepted as a valid executable in the local database and that is a weak point.
    So you better install Prevx1 on a clean computer also, just like AE.

    ---------

    For the fun I installed Prevx1 and AE together in a frozen snapshot to see what happens. LOL.
     
    Last edited: Sep 23, 2006
Thread Status:
Not open for further replies.