Does WSA Detect/Block Xenotix KeylogX?

Discussion in 'Prevx Releases' started by subhrobhandari, Jan 28, 2013.

Thread Status:
Not open for further replies.
  1. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No it doesn't, and that's by design. Browser add-ons are subject to the same sandboxing that the browser itself runs through and therefore can be managed by the user directly. There are similar add-ons which could potentially be used to leak data (like HTTP Watch and extensions which let you debug browser traffic) and disabling these interfaces would cripple most browsing.

    If you're suspicious of any add-ons, you should definitely just remove them, or, open your browser in safemode which avoids loading any add-ons.
     
  3. xboz

    xboz Registered Member

    Joined:
    Feb 2, 2013
    Posts:
    3
    Location:
    India
  4. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    wow almost concerning in a way not about wsa but about this type of keylogger, if these become the norm and somehow become auto installed then we could have a major issue. i know you should be able to see this in the addon's unless im wrong but many people that are basic users never go there to see whats installed, does this have any indication that its installed?? going to test this out now to see how this works.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Doesn't "Isolate untrusted add-ons from data" cover this?
     
  6. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    That's why the good browsers have all made it impossible for third party auto-installation and some if not all have made that decision retroactive, disabling third party add-ons and requiring the user to make choices about them.
     
  7. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    fine but what about this being hidden under another plug in? diguised as something else so the user installs it and then when it doesnt do as advertised they say forget about it and dont bother removing it. i have people come in all the time and they have a dozen add ons installed and dont even know why they are there. sadly most people dont know enough to not install things like that...
     
  8. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    True, but if you look at how many people complain about the Webroot plugin "not working", I'd think more people fail to install rather than do install. :) Plugins are not executable code though. They are extensions of the browser itself. Which means that even regular AV has to know a very well-defined signature of it that is very specific, so any modification to the plugin will evade other AV too. In WSA's case, there's no executable to evaluate, since it's the browser itself.

    But we do know that if the plugin is capturing keystrokes and tries to send them somewhere, the somewhere can get caught by WSA, because we've seen this happen on the browsers.

    Edit: I've also noticed that the people with half a dozen or more addons usually had them installed by third-party means, which is what and why was retroactively disabled. So something running outside the browser can't just plop it in and hope the user doesn't notice. Now the user actively has to choose, and most of the less-clued ones won't bother to turn them back on.
     
  9. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i agree with most of what you said. i do wish there was a switch to detect these type of things or not for those who choose to, i see in the newest avast there is a browser cleanup tool i wonder if they will implement something like this... i would not need it but again as i said there are many who would rather it be turned on then not.
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I think it definitely should detect it. Someone from Webroot informed me earlier this year that software that can be uninstalled by the user is generally not detected by WSA. I do not like that at all. I had WSA installed on my mothers computer, and I was constantly having to uninstall bundled software which sometimes contained trojans. It was bringing her computer to a very, very slow crawl. It was not even usable. The last time I removed 2 system 32 viruses from her computer. I would say it probably came with the bundled software. I think it should warn the user, and give them the option what they want to do.
     
  11. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    32 viruses from bundled software on your mums PC? - I really can't get my head round that, the only bundled software I've seen with viruses come from none legal software? - In 17 years on the net I have yet to have a more than a worm & a few bits of spyware on any PC I own or use & I've had & built heaps from the 286 onward - I've had WSA on several PC's for pushing 2 years & have yet to have any infection, that also goes for several relatives/friends etc WSA accounts I monitor including my mums :argh:

    I think WSA is fine as regards this issue as it is.
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's not technically true - if the software is malicious, it will be detected/removed. I suspect the comment was made because it is rare that malicious software includes an uninstaller. We don't leave it on the system just because it has an uninstaller.
     
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    PC_Fiddler, I believe your reading Cutting_Edgetech's post wrong, if I'm not mistaken he means 2 viruses in the system32 folder.
     
  14. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    You are absolutely 100% correct & I apologise without reservation to 'Cutting_Edgetech' - Thanks for pointing my error out!
     
Thread Status:
Not open for further replies.