Ice Sword v.1.20 containing Keylogger?

Discussion in 'other anti-malware software' started by Perman, Nov 17, 2006.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: just came across that users in China indicate there are keyloggers inplanted in that app. Can someone concuro_O?
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I use Ice Sword and I can't concur with this satement.
    Where did you get that information from?
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Link please
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    But this issue is only related to v1.20 right? It´s not like older version were rootkits are anything? :ninja:
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    According to the link to Spyware Warriors this is a false positive.
     
  7. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
  8. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    That's quite possible. What's the best way to hide a malicious rootkit? Claim to be an anti-rootkit! So you happily install, ignoring all kinds of warning flashed at you by your triple layer super duper HIPS , because all those warnings are expected...
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    That´s exactly my point DA. :D

    After reinstalling my OS I will stay away from most of these anti-rootkit tools. I guess the key to staying rootkit free is to not allow untrusted apps to load a driver or to access Physical Memory. And I also have a feeling that if your machine is owned by a rootkit, there are not many tools that can actually detect this anyway. :rolleyes:
     
  10. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I don't think it's just a matter of blocking drivers and what not.

    I think that's the crux of the problem with HIPS, it provides little protection against trojan horses, once you decide you trust the program, you are unlikely to pay any attention to your HIPS alerts whether it is loading drivers or something else.

    To be fair to some extent this applies to antiviruses too, if you have so much faith that the program is fine, you can dismiss the antivirus warning as a false positive. But I think most people trust their AV alerts to be more accurate indicator of danger than HIPS prompts.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yeah but that´s the thing, if apps try to act funny without any logical reason then I´m already not trusting this app. And I have to say that according to my HIPS, most apps simply do not need to modify stuff that could compromise my system, so there is no reason to distrust them. Of course I know there are ways to bypass firewalls, but most of the time apps will need to do stuff that will most likely be spotted by the better HIPS around. :shifty:
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Define starting to "Act funny without logical reason". If you trust the app, you can easily explain away any warnings. Heck, the help document could even throw you some techno babble about why you get certain kind of alerts, and that it is harmless. Would you know the difference? I'm not sure I would.

    Somehow when you say things like "modify stuff" ,"doing dangerous stuff", I don't get the sense that you are very sure what exactly counts as which. Correct? In the context of your HIPS (say SSM) can you give me a list of activities that count as dangerous?

    I really wish there was a short list of stuff, we could say was dangerous and just monitor those, but when i look at the list of features HIPS have (and they seem to be keeping longer), I wonder if this is realistic.

    I notice all these new tests just delight in showing how indidviually not so dangerous stuff can be combined to do malicious stuff.

    Honestly, I can't figure out a lot of them myself, I'm probably guessing quite a bit when I answer prompts.

    Stuff that look like they might be windows related, I just click allow, I don't want to accidently screw things up. Like I aread the threads on prosecurity where people lock themselves out by accidently, which is really scary. But it's more secure they say...

    I'm also wondering if that there are stuff that might be innocent when done seperately but can be harmful when combined together. Would you be able to tell the difference?

    Oh sure I have backups, but backups is the last resort.......
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yeah I know what you mean, but so far so good, there´s of course always a change that you might make a mistake, but that´s why I nowadays hardly download stuff, luckily I have experimented with a lot of tools the last 2 years, I do not need any more stuff. I think I´ve installed about 150 apps on my PC and none of them seem to act funny. What do I mean with funny? Well, for example, look at the stuff that Neoava Guard and SSM Pro are guarding against. :)
     
  14. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Must be a new policy? lol.

    except for security stuff of course. You must always keep up with them.
    And they are allowed to do 'funny stuff'. :)

    I think your copy of SSM Pro and neoava guard must be broken. Given the long list of things they monitor, I would be amazed that the 150 apps don't cause any prompts on "funny stuff". They certainly do on mine.

    Besides you gave the impression in your post that all one needs to do is to stop service/driver installs and access to physical memory, but the last time I checked SSM pro and Neoava guard does WAY more then that.

    So you saying that these products monitor 'unfunny' stuff ? why would they do that?
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well I think you know what I mean, none of them do unexpected stuff, as soon as they do I get suspicious. Of course only my security tools have full control, and it´s a no brainer that you have no choice but to trust them, otherwise why install them?

    But like I said earlier in the thread I´m not installing just any security tool anymore, at the moment I already have decided which security tools I need. I also do not install all kind of software on my system anymore, way too paranoid for that, you may call it a new policy if you like. :)
     
Loading...
Thread Status:
Not open for further replies.