good antilogger?

Discussion in 'other anti-malware software' started by zagmarfish, Feb 27, 2017.

  1. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,844
    Location:
    Nebraska, USA
    Bullfeathers! For one, it is not trivial for any malware to disable Windows Defender, the antimalware program. To say so is just rumor-mongering and spreading FUD. If this were even remotely true, there would be 100s of millions of infected users out there. But that obviously is not happening. If it were even remotely true, forums, repair shops (like mine) and tech support call centers at Dell, HP, Best Buy, etc. would be inundated with reports of this happening. But that is not happening.

    Second, as far as your off-handed, inappropriate comment about Microsoft fanboys, if you knew anything about me, you would know I am one of Microsoft's biggest critics. But I will also defend them with equal vigor when they are falsely accused by the obviously misinformed and clearly biased.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    In regards to these comments, I reply:

    1. The average PC user, wisely so, will install a third party AV solution. Many of those have on-line banking protection.
    2. Banking malware is designed to remain in stealth mode. It's whole objective is to remain hidden and avoid detection when executing. Any AV bypassing it performs is targeted and will be reversed once its objectives are accomplished. Finally, most banking malware will uninstall itself after achieving its objectives such as harvesting bank account numbers and passwords.

    BTW - the Microsoft fanboy comment was a general one and not directed specifically toward you.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,844
    Location:
    Nebraska, USA
    That's just not the case. You just don't understand the big picture. The "average" user leaves Windows totally in its default settings. That is, with Windows Defender, Windows Firewall, Windows Update in automatic, etc. The "average" user does not care to mess with settings. They just want their computer to like their toaster. And for most users, it does.

    This is a bunch of malarkey. Virtually all malware is designed to remain hidden. What good will it do if it waves red flags saying "Click me! I'm want your bank account info!"?

    The big flaw in your FUD is you have assumed such malware can simply jump onto your computer like a flea onto a dog. That is, past your firewall, pass your spam filter, pass your browsers phishing filter, pass your antimalware solution, pass the OS's own security features, then conduct suspicious and malicious behavior that even basic antimalware programs like Windows Defender actively look for in real time - all without being detected. Yeah right. That would only happen if the user is grossly negligent by not keeping Windows current, not keeping their security program current, and by being click-happy allowing socially engineered software in.

    I frankly don't care which antimalware solution some one uses, as long as they use one and keep it, and Windows current. What I don't care for is Microsoft bashers who make unjust, unsubstantiated claims, as you have done here.

    I might suggest others reading see what I and others have said about those "synthetic" tests antimalware testing labs here.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    o_O What does that have to do with this discussion? If you are referring to the MRG tests, their botnet tests were not done using "synthetic" malware. In fact, they didn't even employ any 0-day malware in the on-line banking tests if you read the reports thoroughly.
     
  5. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Lots of companies use Key logger type software. I was testing out Ghost key logger many years ago and since it was a legit commercial software AV were whitelisting it. Spouses were using it on there partners. Parents were using it on their children. I really have not been following key loggers in a while. in fact many years. I did get a free lic to one once for finding that when you used special characters in an -email message, the program would not log them or even a instant message.

    Anyway this thread has gone was off topic. Get my drift?
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Example for the home or job worker. http://www.keylogger.net/

    The big claim:

    "We're fully confident Spytector is the computer monitoring program you're looking for. Spytector key logger is the best monitoring software you can buy on the Internet and we guarantee it's undetected when scanned with the following antivirus programs: Norton AV, Kaspersky AV, McAfee, Panda, AVG, Avast, TrendMicro. While the *full* version is undetected, the *trial* version (publicly available on our website's download section) is detected by all the AV programs so you should temporarily disable your AV for proper testing."
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,844
    Location:
    Nebraska, USA
    You are now (with this side discussion about WD) suggesting Windows Defender is inadequate to protect our systems, therefore we need an anti-keylogger too. That is just not true. The fact is, the anti-malware solution used does not matter.
    Yes, this is true because employees typically don't care about security discipline when it is not their computers. Employees often have a false sense company networks are more secure. Plus in offices and such, there are often strangers walking around who could put a keylogger device on an unattended computer. And company management is allowed to put keyloggers on company owned computers to make sure employess are spending their time doing company work.
    That's different. Parents are allowed, and even have a responsibility to know what their children are doing. In that case it is protect one's security, not violate it.
     
  8. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,632
    Location:
    U.S.A.
    Let's Focus On The Topic Only, and Not Each Other. Thank You!
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Assumed in the full version, it is installing a kernel mode driver. A good test for this one would be SpyShelter since it claims to be able to detect kernel mode drivers. Ditto for HMP-A and Zemana AL paid vers..
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    We are talking about "anti-logger" what it means as you now not only "key-". Please show us an example of AV/AM/IS that is as effective as SpyShelter in protection against loggers in so wide range protection.
    Some of us...some of users...prefers non-signature based protection so paraphrasing your words I can say
    "using a decent anti-logger program and keeping your computer updated, you will never need an anti-malware"
    :thumb:
     
  11. guest

    guest Guest

    Any HIPS/BB based AVs , so mostly all of them.

    This it another topic , we are discussing (at least it was my purpose) the necessity of antiloggers if you have an AV/suite.
    Now if you don't use any AV/suites at all (maybe because you are on WinXP/7) my statement won't be accurate, because your antilogger (i guess SpS) has enough features to keep you safe even without any AV ; but if you have one, you AL is redundant and pointless.
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    It's the reason SpS is built upon a HIPS foundation. The keystroke encryption is a fail-safe just in case something gets past the HIPS. But of course if the user creates HIPS allow rules for the logger, then the keystroke encryption won't protect against anything.
     
  13. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,844
    Location:
    Nebraska, USA
    You seem to be under the impression the ability to detect keystrokes takes some mystical powers that only magical wizards understand. That could not be further from the truth. The keys on our keyboards are mapped, interpreted, and processed by all operating systems using standard, widely published and understood protocols. This is critical to understand and accept as fact. Not accepting that as fact is just burying ones head in the sand.

    Because interpreting how keyboard strokes are interpreted and processed is common knowledge, it really is simple for any anti-malware solution to detect if malicious code is designed to do something non-standard with those keystrokes, and then block it, BEFORE any damage can be done. And since it really is simple for any anti-malware solution to detect and block code that has no reason to be looking at key strokes in the first place, as said long ago there just is no need for specialized anti-keyloggers.

    Again, the exception might be for a publicly accessible computer you don't have 24/7 control over. But then you should not be using that computer for sensitive tasks anyway - surely not for your banking, on-line shopping or the like.

    Years ago, it was not uncommon to have installed on our systems an anti-virus program, anti-worm program, anti-rootkit program, anti-spyware program, anti this and anti that. It is just not necessary and a waste of system resources today because anti-malware programs are designed to thwart all sorts of malware.

    For that reason, your following statement and paraphrasing is simply invalid.
    Of course we need anti-malware software. What is phasing out, or at least is becoming less important is the need for signature/definition files. Why? Because virtually all "real-time" anti-malware solutions today, even the basic Windows Defender, already look for malicious behavior without referring to signature/definition files. And when such "activity" is detected, the anti-malware program acts BEFORE such malicious code is able to "deploy" and set any hooks.

    If your anti-malware solution has a real-time component, unless it is some obscure anti-malware program nobody heard of, it is using behavior monitoring, most likely in addition to a database of signature/definition files.

    Bottom line is this, if believe you need an anti-keylogger, you really should analyze the rest of your security and your own security discipline to see if they need tightening up. Because frankly, if you keep Windows and your security apps current, and are not click-happy and a sucker for socially engineered methods of malware distribution, there is no way a keylogger could get past your security and on to your computer. It would be blocked long before that could happen.

    To not accept that would suggest 100s of millions (if not more than a Billion) of users are infected with keyloggers as the bad guys would be all over that. And it is just not happening.
     
  14. guest

    guest Guest

    @Bill_Bright exactly, it is why i said Anti-loggers are obsolete, they are products of the past decades, when AVs were just signature-based scanners without decent system monitoring.
     
  15. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    @guest
    @Bill_Bright

    I just couldn't stop myself for digging up this video from SpyShelter's blog. It shows perfectly how bad antivirus "system monitoring" is.

    You people, of all, should understand that antivirus is a consumer product made for ladies buying a new laptop at walmart, so even at maxed settings it is not supposed to interfere with the process of buying new nail polish online.

    Antivirus HIPS = crap. Simple as that. 2017 and dedicated hips software is still strong.

    https://www.youtube.com/watch?v=DEHz0JCT-SM
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Slight bias in that video. Not that I disagree, but there are no true plain Antivirus software anymore.
     
  17. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    Well, I don't see any bias there, I have tested plenty of antiviruses back in the day and they all shared one common thing: most of spyware (advanced keyloggers mostly) i compiled after acquiring them from various shady forums bypassed antivirus software without any issue.

    It really is just a matter of will and basic programming knowledge to bypass them. They still rely in 99% on signatures.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    I wouldn't say that is accurate.

    What I will say that many AV HIPS's in default configuration are not configured for maximum protection. There are a number of reasons for that. First, the HIPS is supplemental protection to real-time monitoring methods such as signature, heuristics, etc. detection. Additionally, the AV vendors don't want to generate a lot of HIPS alerts that the average user won't be able to respond to properly.

    Any AV HIPS can be configured for maximum protection by simply setting it to training mode to learn all existing app behavior. Once that is completed, then set it to interactive mode at which time you will receive alerts for any process activity not detected during the training period.
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    An issue with concentrating on anti-keyloggers is that it is easy for the novice to think that their data is secure with a good Anti-K program enabled. Sadly this sort of protection won't save your data (like login/password details) from being harvested and transmitted out by non-keylogger based malware (such as the little beauty Dyzap).

    So as guest intimates, a broader solution and more robust should be sought.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    From what I've seen any of the anti's (ransomware,keyloggers etc) are on your system and the anti reacts, it's too late. You have to stopped them when they first get on the system or you are at risk.
     
  21. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    A good program will react when the malware is initially run, hopefully stopping the malicious action, deleting the malware file itself as well as preventing persistence. Something like HMPA will fairly well stop and clean up ransomware (not mine, of course), and ZAK will block the harvesting of data by the keylogger.

    And of course a good virtualization solution can allow any malware to run until the Cows come Home without data breach or systemic effects.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Following up on CS's comment, ransomware has been delivering multiple malware payloads; one of which is usually a password stealer such as Pony described here: https://www.knowbe4.com/pony-stealer.

    On the other hand, most banking Trojans will employ a keylogger component. Also, these are often not permanently installed and are only used to harvest banking credentials and then deleted from the system.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    To give credit where credit is due, what the advanced anti-keylogger's such as SpyShelter do is protect against most methods in which banking data can be captured. Note that keystroke interception is only one such method.

    In this AV Lab test: https://avlab.pl/sites/default/files/68files/protection_epayment.pdf , 14 banking data capturing methods were employed. Not a single AV on-line banking product tested was able to pass all 14 tests. Of note is only one product was able to detect man-in-the-middle interception which is the most effective method of capturing banking data. That product was Eset's on-line banking protection.
     
  24. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,844
    Location:
    Nebraska, USA
    Slight? Hah! I note the source in the first comment below that video goes to https://www.spyshelter.com/blog/should-anti-keylogger-be-reviewed-as-anti-virus/ where it is so full of biased comments and self-promotion you can choke on it.

    If you (speaking to the crowd) have inherited a bunch of computers that were maintained and secured :rolleyes: by someone who has no business being around any computer, by all means run every security app you can on it. If you foolishly partake in illegal filesharing via Torrents or P2P sites, by all means, run every security app you can find. If you fail to keep Windows fully updated then foolishly click on every unsolicited link, download, popup and attachment you see, run every security app you can find.

    But if you buy a new computer from a trusted source, build your own computers, or started from scratch with a full format and reinstall, then keep your OS updated, avoid risky and careless activities, and use a decent (doesn't have to be the best!) anti-malware solution to block those key-loggers and other malicious code before they can be installed, you don't need to worry about all these extra and specialized resource hogging apps.

    I say again, if the threats were anything near as bad or prevalent as some here make them out to be, 100s of millions of computers would already be compromised. And that is just NOT happening!

    If you have a key-logger on your system YOU FAILED (not your anti-malware solution, but YOU failed) to block and prevent the malicious code from coming in in the first place. You (or an undisciplined/unauthorized user of your computer) opened the door and invited the bad guy in, then tried to get rid of him when it was already too late. :(

    If you (again, speaking to the crowd) refuse to accept that, look around. The facts don't support your claims.
    A good security setup will react when the malware tries to sneak in, BEFORE it has a chance to run. A good security setup will react when malicious activity is noticed BEFORE any payload can be delivered. And a good program will react when malicious code attempts to phone home, re-distribute/propagate itself, send spam or draft the computer into a bot army and participate in a DDoS attack.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,825
    Location:
    The Netherlands
    I wouldn't go that far, but I don't see anything against using a standalone solution. Like you said, HIPS/Anti-logger are for paranoid people who don't blindly trust on AV's, it's as simple as that.

    Actually, keystroke protection protects against all hook and message based loggers, even if apps are trusted. Also, tools like Zemana and SpyShelter are supposed to protect against banking trojans that are already installed on the system, so yes it works like a fail-safe.

    It depends a bit on the HIPS/AL, Outpost for example protected against malware trying to get access to stored passwords from browser and other apps. Also, if code injection is blocked, then most malware will have a hard time doing any damage.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.