keylogger in logitech's software urgent update

Discussion in 'privacy problems' started by alexashka, Jan 18, 2003.

Thread Status:
Not open for further replies.
  1. alexashka

    alexashka Registered Member

    Joined:
    Jan 17, 2003
    Posts:
    2
    I've decided to post it as a separate topic so it will "catch the eye" faster. Hopefully haven't violated any of the forum's policies... :)

    I "can't" believe it.... Well.... Just enough to actually believe it. Big brother named logitech?!?!?!?...............

    Oh boy.... ANd I thought living 18 years under the watchfull eye of the all knowing uncle named kommunist party of the USSR was the end of it....

    Boy life is full of surprises and apparently there's some similarities in the human relations only in the private or commercial sector on the contrary to the gov sector as it were in USSR.. Anyways. I stopped venting... Here it goes:

    Subj: Re: Product Support for: Cordless Freedom iTouch <<#237509-236024#>>
    Date: 1/18/2003 6:02:16 PM Eastern Standard Time
    From: customer.support@logitech.globalsupport.com
    To: ___________________
    Sent from the Internet (Details)



    Thank you for using Logitech's Electronic Technical Support. My name is Liz. The following information addresses your original question. You may wish to print this out and/or save this on your computer.

    Thank you for your inquiry, if there has been a "keylogger" found within our software, this maybe due to the program called Logitech Desktop Messenger.

    Logitech DeskTop Messenger service that was installed with your Logitech product. This free service was intended to keep you up-to-date with your Logitech product software. When installing our software, you do have a choice as to if you wish to install this program or not.


    If the program has already been installed on your system and you wish to remove it, you can uninstall the Logitech Desktop Messenger by clicking on Start, Settings, and then Control Panel. (Windows XP Users can just click on Start and then Control Panel). Double-Click the Add/Remove Programs icon. Locate the Logitech Desktop Messenger program in the list and remove it

    If you have additional technical questions regarding your product, please visit our web site at www.logitech.com and submit your question.

    Thank you for your interest in Logitech.


    Regards,
    Liz
    Logitech Customer Support

    --- Original Message ---
    From: ***************
    Received: 01/18/2003 12:47am Eastern Standard Time (GMT - 5:00 )
    To: customer.support@logitech.globalsupport.com
    Subject: Product Support for: Cordless Freedom iTouch



    Date: 01/17/03 21:20:55

    Name: ***************
    Email: ***************
    Phone: ***************
    Category: 18 Keyboards
    Product: Cordless Freedom iTouch
    Software: Y-RB6
    Part Number:
    Computer Brand: Other
    Operating System: winXP

    Description of Problem: Dear Logitech,

    The antispy software from http://www.anti-keyloggers.com detected modules from your software as a veiled keylogger (a spying software that logs whatever keyboard has typed and occasionally sends it trough the net to the "mothership" so to speak). Any insights at your earliest conveniense would be greatly appreciated.

    Sincerely. Alex.

    ________________

    p.s. Knowing how rackless comments may affect company's public face I by any and no means stating that your software has a keylogger, however I'm stating the fact that one of the antikeylogger detected your software as a "troublemaker" so to speak and I think it would be honorful thing to do from you guyz by responding and.... And explaining you selves in the figure of speech. Obviously I hope for it being a "false positive" :) Thanx again. Alex.

    Request Country ID: 19

    ------ Please do not remove your unique tracking number! ------
    <<#237509-236024#>>




    Heeey everybody at wilders. I think it's time for me to grow up.... And I just did... LAter. :) Sasha.


    p.s. Liz were mentioned it being a free software. I'm confused how "free" it is if it carries some of my private information such as passwords or credit card accounts in the logs to Logitech and "what if" it will be intersepted by some third party?... It may be very very costly. I never understood two things in the west!!! :) :) :) A "free" software and the "fat free" yogurts with 35 grams of sugar in it!!!! <<laughing intensely>>

    IS THIS IS REALLY FREEo_O..... I think it's just a mental conditioning or mental programming trough the visual images or "aggresive" marketing for the lack of a better expression trough the use of commersials.. To assure tha the brain would take an illusion for the truth and the truth for illusion. Talking about reverse polarizing the thought. ;-)

    Sorry for my continued ventings... After living 18 years in oppressive system like USSR I've became really REALLY sensitive to violation of my boundaries or privacy. Cause the TRUE freedom is a sacred thing and really, really tough to attain. Later everybody and thanx for listening. :) Sasha's out.


    Removed personal name, phone number and email address to ensure your privacy - just in case they were left in unintentionally - LowWaterMark
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi alexashka,

    Well, since this topic is a continuation of the first, and was posted less than a day after the original one, it would have been best to keep them together, but, it's not a problem... ;)

    Regarding the email back from Logitech's Support, their explanation sounds reasonable - the program that anti-keyloggers found may simply be software to check for product updates. Many pieces of software contain auto-update programs now, though many people prefer to check for updates manually. (I certainly do them manually.)

    Liz did say you could deinstall that piece of the software (Logitech DeskTop Messenger) if you want to. And, at this point, we don't know that it is a keylogger, only that the anti-keyloggers scanner flagged it as a possible.

    spy1 replied in your other thread this:
    So, this could be a false positive. That happens often.

    If this is simply an auto-update program, which is likely, it isn't going to be sending your passwords or credit card numbers anywhere. In fact, if this is a false positive, then the program isn't even logging this data.

    Do you have any additional information that points to this program actually capturing your personal data? Have you tried to deinstall it as Logitech advised?

    Best Wishes,
    LowWaterMark
     
  3. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Sasha,

    It's not necessarily a keylogger. AKL is a product of the Raytown Corporation, who also produces keyloggers. It's a little strange, but they put it like this:

    We are firmly convinced that advanced anti-monitoring products can be solely designed by the company (a group of specialists), which at the same time is able to design decent monitoring software products. Exactly such in-house specialists form the cornerstone of Raytown Corporation.

    Raytown in-house specialists have studied a great variety of monitoring and anti-monitoring products and tools. These people, according to the reliable surveys held by independent international experts, presently design one of the best shareware monitoring products in the world


    AKL uses rather advanced technology in it's search of keyloggers. They readily admit that "false-positives" for actual keyloggers can occur more frequently with their approach. Their big "thing" is the ability to find keyloggers "both KNOWN and UNKNOWN." It's this technology of finding UNKNOWN keyloggers (one that has had limited distribution, a program written just for the targeted computer, files that have characteristics of a keylogger, etc. but is unknown to AKL).

    AKL finds not only keyloggers, but an exploit that could possibly be used for an UNKNOWN keylogger to utilize. AKL did its job. And here is why....

    Logitech software has a problem with shutting down certain things that could leave a keylogger a gaping hole to execute on your computer.

    Here is the explanation from BugTraq:

    Logitech has a piece of software available with their iTouch line of keyboards (cordless ones included) that allows you to press one button and run a program, control volume, jump to a URL, or shut down the PC.

    When you lock a computer, (with NT/2000/XP/etc.) however, these buttons still function. While the programs do not appear in the foreground, they still run on the computer behind the "Computer Locked" window.

    Thusly, a DoS attack can be performed, just by pressing one
    of the buttons numerous amounts of times, easily opening 100 copies of whatever program they have been assigned to. By default they are mainly assigned to run IE. Other things are possible if you use your imagination. None of them appear that great though, unless the user has linked these buttons to other programs, ones that are possibly insecure and left unrunning otherwise. Or you can always stop someone's music from playing even when they have "locked" their PC.

    Logitech has confirmed it is indeed a problem with their software, but a fix is not yet out. A 'locked' computer should indeed be locked, and not accessible via any means. While this bug is a low risk, it shows how *obvious* flaws go undetected. It totally bypasses GINA (Graphical Identification and Authentication), which is supposed to keep the PC secure (to the extent of requiring Ctrl-Alt-Delete to login).


    Anti-Keylogger found this exploit through it's search for UNKNOWN keyloggers. It's very good at that. Impressive, actually.

    You took it from there and discovered the problem (or at least part of it) with Logitech's scumware.

    Hope this has helped.

    Welcome to the forum by the way!

    John
    Luv2BSecure
     
  4. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    In this case, most likely what triggered it was the backweb lite spyware that logitech has started bundling into several products recently.
     
  5. controler

    controler Guest

    I have used logitech for many years and they are only allowing
    a feature like everyone else is. Autoupdate:
    You never have to install any of their software with their wireless
    products unless you desire they enhanced features.
    With the newer Windows OS's. the basic features of the keyboard/mouse work. Including the scrolling features.
    Most laptops these days have the one touch buttons built right in.
    Example: My HP laptop.
     
  6. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Alexasha

    It is written as default, you do not have privacy on the internet unless you are wise enough to seek for it. Happens. Now you are about reaching privacy´s tail, you just grab on it and hold tight. Some intelligent might come and rip a piece of it, but you grab on it tighter. Be well ;)

    ^Ari^
     
Thread Status:
Not open for further replies.