Internet Banking In A Virtual Machine

This to me implies an elevated keylogger to do this, which then it probably would record the vm's keystrokes, but it is not a realistic test scenario from my point of view to elevate the test logger, because once this occurs unintentionally it's, as the saying goes, game over already, at which time the next prudent step is to remove the malware either through cleaning, re-install or an image restore.

That all said, maybe just for kicks I will re-run the tests with the keyloggers elevated, but for sure it won't be today

 

Repeating the same tests as above, except this time elevating the loggers (High integrity level confirmed in Process Explorer) with Zemana’s keyboard.exe and Spyshelter’s Antitest.exe keylogger test programs, the results did not change: no VMWare keystrokes were logged in either test.

I don’t know the technicalities of how these programs work, but they appear to be single file executables, with the only difference between running as either Standard user or Administrator user is that the integrity level is Medium in the former case and High in the latter case. Considering I had both AppLocker and UAC disabled and the loggers running elevated with a High integrity IL (with seimpersonateprivilege and secreateglobalprivilege both enabled), and the vm’s keystrokes were still not logged, would at least appear to demonstrate how trivial it is to preclude the harmful actions these particular keyloggers were designed to produce. Of course there could be others that are more effective at hooking the system or driving other processes to carry out their keylogging actions.

In my test setup, the only security I had were some Group Policy settings (none of which, I believe, had any influence on the outcome), and running the vm in a Standard account in 64 bit Windows.