Defend against keyloggers, hooks, rootkits etc.

Defend against keyloggers, hooks, rootkits etc.

I'm interested to know what people here do to defend themselves against keyloggers, hooks, rootkits?

What programs do you use? Why?
Do you install anti-keyloggers, anti-hooks, anti-rootkits programs just for that?
Or do you come up with other better and more general protection against them?

Thanks for your sharing.

 

With the apps i use i feel confident that i'm pretty secure. Of the apps i use there is Prevx1, Regrun(with Unhackme), KAV and BOClean running realtime. I also run scans with Security Task Manager which is massively cool at heuristic detection of keyboard hooks. The author told me that the next version will have capability to detect Kernel level keyloggers. If anything gets by that lot then it deserves to!!!

muf

 

Key loggers-- SnoopFree
RootKits-- well I guess GeSWall should prevent them( not sure- can anybody confirm it?)
Safe surfing of course
And if something does happen-- Instant Recovery software like EAZ-Fix or Imaging software( EAZ Clone is free and works for me).
Main thing is all of them are non-signature based and all except one are free.

 

Hi

For me currently, I'm going to really try and get to grips with System Safety Monitor. It looks like one application that can lock your system down and I relish the challenge to see if I'm savvy enough to do it.

Posts by Herbalist are proving very useful.

This plus PG which I've used for a while, whilst overlapping, seem to be overkill but they don't appear to conflict.

I'm also a great fan of ShadowUser for surfing, although again this is probably overkill as I'm not adventurous.

Specific roottkit apps I have on demand are Rootkit Revealer and
the one from Sophos. Of the two I find Sophos more user-friendly but I'm not knowledgable enough to differentiate between them as to their effectiveness.

On another machine I have Snoop Free which seems very effective and lightweight purely for anti-keylogging but my laptop didn't like it.

Why? Good question. For me, purely learning as a hobby in the arena of PC security. I'm a home user with NOD, LnS and various anti-spyware scanners which seems to be ample were I not interested for interested's sake.

I've looked at other apps recent and when I get chance I intend to detail my experiences from a purely newbie point of view.

Hope that helps

 

Me? I use Online Armor, Nod, BoClean, and Comodo Firewall...soon to be replaced with Online Armor`s firewall.

 

My defend against keyloggers are Online Armor and Snoopfree

For me it's very difficult to detect in RT a rootkit or any hooking windows API so i use scanner ( all the known but i prefer icesword, gmer, Rootkit Unhooker and Darkspy )

May be i am wrong

 

Hi MaB69

I don't think there is any 'wrong' - we use apps we trust and compared to most we secure ourselves as best we can.

If SSM works as I hope I feel that I have done the best that I can with the other apps I have to protect myself from all intruders.

 

Process Guard (latest version). It runs light and handles/defends against keyloggers, hooks, rootkits better than anything else that I have come across. It was the first & is the simplest. However, as a result in being the first it does not cover everything in the same way that some of the newer pgms of the same sort of type do, ie, System Safety Monitor, Ghost Security, ProSecurity (currently a beta), etc. What PG lacks is the ability to create Advanced Rules and also protection for the Registry, that the others do.

Still, it has served me well and I am very happy using it.

 

I use a great combination...ProcessGuard and KAV 2006. KAV's Proactive Defense complements PG by protecting the registry which PG does not do but protects against keyloggers, hooks. rootkits, etc. very effectively. These two together provide full protection and work well together.

 

Hey beetlejuice,

Any idea how long before OA's firewall will be "ready"?

I've been following it some in the OA beta testing forum, and I see that some bugs are fixed, and then others will appear. But overall it seems to be making progress. While I know that he can't give a concrete time period for it, has Mike indicated any sort of a targeted timeframe for the full official release?

 

I use SnoopFree Privacy Shield and Blacklight beta. Also, scans with Ewido and A-Squared. I am not really concern bout keyloogers, rootkits etc...but at least I have "something" for detecting them..

 

Yup, I use KIS & PG...so I agree with Mele

 

I use a frozen snapshot (FirstDefense-ISR) to get rid of all threats : no change is no change.

I still need a software that prevents the execution of threats :
1. Faronics Anti-Executable AND/OR
2. Prevx1
seem to do that.

If some threat bypasses AE or Prevx1 or Look 'n' Stop, my frozen snapshot will remove them anyway during the next reboot.
Total removal in 90 seconds + stopping the execution seems to be a good protection with a mnimum of security softwares.
Scanners take too much time and have too many holes and HIPS asks too many annoying questions.

 

Hello there JR. The way things going I wouldn`t be surprised if it`s out for public beta next week. Things are looking up now. As far as a time frame...I can`t give. Sorry.

 

My settings improved by nLite and covered by Firewall will protect me against everything.
I use MWAV to scan suspisous downloaded files and I use HijackThis and GMER to scan PC.

 

do i have anything that can protect against root kits?

 

Prevx1 protects you against rootkits.
http://individual.prevx.com/features.asp

 

BOClean protects against trojans & worms & pestilences & rootkits &.... things that go bump in the night (oh my).

BOClean began protecting against rootkits long before most folks even knew how to spell the word. BOClean has done the job for many years for many satisfied users. And those satisfied, well--protected users are all still around to tell about it. Websites can be instructive BUT -- I recommend you do a search & read actual posts by users of BOClean before you decide.

 

But Prevx offers much more as well.

 

Ok but It can,t detect preinstalled rootkits? Am I true?

@bellgamin
What about BOClean in the regard?

 

I'm not a malware or internet genius, so I can't answer your question and I'm still learning Prevx1 since the day before yesterday.
Nevertheless it seems very logical to me, that you must install Prevx1 on a CLEAN computer.
I had the impression that Prevx1 creates a whitelist of executables during its installation, just like Faronics Anti-Executable. If your computer is infected with evil executables then they could be whitelisted too during the installation of Prevx1 and run forever.

IMO you have to split the malware problem in 4 smaller problems.
1. The installation of malwares. How can I prevent the installation, which is still the very best method.
2. The execution of malwares. How can I stop the execution of the malware, when it is installed on my computer ? Some malwares executes themselves immediately, others are sleeping until they are triggered.
3. The detection of malwares. Some scanners detect malwares, but don't always remove them completely or can't remove them. So detection and removal are two different things.
4. The removal of malwares. The removal isn't always easy and sometimes dangerous : false positives (scanners), wrong actions of users (HIPS). Removal has to be as complete and fast as possible.

I don't trust my router, firewall, Anti-Executable and Prevx1.
That's why I installed them in a frozen snapshot, that removes everything during the next reboot.
But I don't trust my frozen snapshot either.
That's why I keep an archived snapshot on my external harddisk, that contains the original clean install of my frozen snapshot.
I also have a backup file of an original clean install of my system partition [C:]

Because I'm a newbie in malware and internet, I have to create something like this, because I don't have the knowledge of a malware expert to create a balanced security setup and I don't want 30+ security softwares on my computer either.

 

I think that is not correct. After installation Prevx1 is health checking your computer using its own malware database which is stored localy on your machine and will alert you for excisting malware.

Gerard

 

If that is true, then Prevx1 is also based on blacklists and such softwares aren't good enough, too many holes. I have to check this, because I don't know Prevx1 that well.

 

I am sorry I said it wrong and it should be:

Gerard

 

No need to apologize. I can think for myself.

IMO there is a big difference between Anti-Executable and Prevx1 regarding the local database.

Anti-Executable (AE)
The local database of AE requires a CLEAN computer from the beginning and is based on the
actual executables on your computer. So each executable is accepted, even when it is a bad executable.
After that anything what is not whitelisted is refused by AE and that is a pretty good protection.

Prevx1
The local database of Prevx1 doesn't really require a CLEAN computer, because the executables are verified by the community database before they are accepted in the Local Database.
However if a bad executable isn't blacklisted in the community database, then it will be also accepted as a valid executable in the local database and that is a weak point.
So you better install Prevx1 on a clean computer also, just like AE.

---------

For the fun I installed Prevx1 and AE together in a frozen snapshot to see what happens. LOL.