Keylogger detection feature

Discussion in 'Ghost Security Suite (GSS)' started by rdsu, Sep 1, 2006.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi,

    On the new incoming version, the Keylogger feature will work?

    If yes, it will detect Hook and Kernel based keyloggers?

    Thanks
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Vamp.

    I think the current ver already does as its got a 'Keylogging' part to the permissions,i haven't tried yet though (thanks for the reminder) so i can't comment on how effective it is.

    On a side note,have you heard of or tried 'SnoopFree' http://www.snoopfree.com/

    It protects from apps - Reading the screen / Hooking the keyboard / Reading unowned windows (eg the windows of other applications)

    I've had for a while,it loads very quick (first to load on my system) it very light on resources and it's free.
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I saw somewhere that the Keylogger feature didn't work on the current version, so...

    I already use the SnoopFree some time ago, but I'm waiting for the next version of AppDefend... :)
     
  4. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    AD should already give you a warning whenever a program starts for the first time. If the keylogger is trying to run the user should get the pop up. So why is a keylogger function necessary in AD?
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    The detection when a new program starts doesn't say that this program is listenning your keyboard...

    AD already have this feature on the current version, but it isn't enabled...

    And I don't like to have a program that always alert me when a new programs starts, I just disabled that on AD...

     
  6. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    hi.

    The current version of appdefend have some keyloging ability by blocking global hook.

    However there are many way to do keyloging and some of them dont use hook at all, for example one can ask window each 10 ms if a key is pressed.

    such advanced keyloging protection should(may) be part of the next release
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Thanks for the info, f3x ;)

    Kernel keylogger are impossible to detect...
     
  8. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    But ... kernel keylogger need to install their driver first and can be stopped there.

    After that, kernel keylogger will need to attach themself somewhere in the kernel to monitor things. Some program might be able to stop them there, i beleive antihook is one of them.
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I'm waiting for the last version of AppDefend and AntiHook :)
     
  10. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    What about snoopfree? Is this tool able to detect them all?
     
  11. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Only hook keyloggers, but it's better than almost sharewares out there...
     
  12. Kuffi

    Kuffi Registered Member

    Joined:
    Sep 15, 2006
    Posts:
    13
    I'm a bit confused - I always thought that GSS would prevent any global hooks or other things that can be used to log my keyboardevents?

    It does not?
    Can ProcessGuard handle with such things?

    Thanks
     
  13. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Kuffi,
    GSS does already prevent the most simple types of keylogging with the global hook protection and stopping process modification via thread injection and memory manipulation. There are other methods that keyloggers can use (see f3x's comment earlier) as well

    My understanding is that the "Keylogging" permission relates to the more advanced methods and the "Process Modification" permission covers the more standard methods used.
     
  14. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The next beta of AppDefend is already successfully blocking actual keyloggers (apart from the common SWH ones which are already protected). It isn't 100% coverage of every keylogger individually (though with driver protection it generally is) but it certainly adds to AppDefends featureset.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Good news Jason ;)
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    excellent i'm jumping ship now.
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Jason,

    Can I try the next beta?
     
Thread Status:
Not open for further replies.