I have recently installed and purchased ProcessGuard 3.05. I'm also running F-Prot antivirus and ZoneAlarm Pro. Firefox is the browser. Because I have an online bank account and do quite a bit of online shopping, the nastiest thing I can imagine getting onto the computer is a keylogger. I'm pretty careful and may never get one but you never know... Am I protected enough against this threat using ProcessGuard and the other programs I have, or would I be well advised to get a dedicated keylogger detector in addition to them? I've been looking at Keylogger Killer and Security Task Manager. Would installing either of these be a case of overkill? With thanks Mart
Process Guard will prevent almost any keylogger from being able to create the hooks it needs to obtain your keypresses while ZoneAlarm will alert you to any attempts by a keylogger trojan to send data over the Internet so I would suggest that you are quite well protected as long as you keep a careful eye over what they report. The only real keylogger threat that is not covered is that of a hardware keylogger - but someone would need physical access to your computer to install this. See the Internet Cafe Computer and Passwords, etc. thread for a more detailed discussion.
It would be wise NOT to use Internet Explorer, due to the amount of attacks it comes under and the risks. By default you can install BHO's - browser plugins to "improve" the browser. However, often these are spyware or bank keyloggers. If you do use IE, why not do what I do - set up BHO's I know and trust, then disable BHO installations Internet Explorer TOOLS > Internet Options > Advanced. Untick this option "Allow third-party browser extensions" Already installed BHO's are still installed and working, but new ones cannot be added without you specifically turning this option on before installing them. Its a bit of a hassle, but considering the number of malicious BHO's, its worth it
Another way to help keep nasties out of IE is a couple of utilities. One is free BHODemon that keeps track of the Browser Helper OBjects. Sounds an alert if anything relating to them changes. Another utility, not free, but inexpensive is PopupCop by Edensoft. Aside from popups it blocks activeX stuff unless you allow it, blocks scripts, and also makes it easy to get out of some the trap loops in some websites. I use IE exclusively and with these utilities and F-Prot realtime scanning I've never had a problem.
Thanks everyone. I don't use Internet Explorer. I've been a Firefox convert since version 0.4. IE only gets used occasionally for pages that won't display properly in Firefox. I have got Spybot's SD Helper active in Internet Explorer for those rare pages, so I hope that protects me? Can ProcessGuard protect a user against saying 'OK to run' in the case of a keylogger? I've heard of a program called PCAudit, a keylogging test that attempts to bypass firewalls posing as legitimate program. A user might mistakenly give firewall access permissions to a trojan such as PCAudit simulates. Would ProcessGuard say 'Sorry mate, to dangerous to run this' (or words to that effect) and stop it dead? I hope that with care I'd never get such a trojan. You actually have to install the test on purpose and let it try to do its stuff. I'd be a bit worried about doing that anyway if it's going to try and get info out past the firewall.
Hi Mart, that's the good thing about PG. It is two protection layers in itself. First, it will ask for your confirmation to allow "justdownloaded.exe" to run. But even if you allow that, justdownloaded will not be allowed to install global hooks, drivers or services etc. unless you explicitly configure ProcessGuard to allow that. (But you will not get a message "too dangerous to be allowed to run", justdownloaded.exe will just fail to perform these actions. And you can see in PG's log what has happened.) I am not a keylogger expert, so I'm not perfectly sure if these protection aspects (modification/injection of your running higher-privileged software, hooks/services/drivers installs) covers all the bases a keylogger might use as an attack vector, but what is covered is covered for good. HTH, Andreas
Of course. Very smart. It's hard to believe that despite repeated warnings from nearly everyone who is anyone in computing, including CERT(!), there are actually regulars on this security site(!!!!) who still use IE as posts above show. What will it take? There are certain things about IE's browser engine that make it vulnerable in and of itself. No amount of security tools can make IE as safe as Firefox without a single security tool running!
Unfortunately there are some programs that use IE as an integral part of there structure. One example is Intuits Quickbooks. Won't run without IE. Since I can't/won't give up Quickbooks, I use IE and lock it down. Had some nasties try, but so far they haven't got past the defenses.
As far as I understand, products such as Keylogger Killer will warn you that programs are using Global Hooks (some programs such as Quicken require global hooks) but will not actually prevent a program from acquiring these hooks. PG is better in that it will proactively prevent the hooks from being acquired unless permission is granted. This is one of the reaons I installed a licensed (as opposed to the free) copy of PG 3.0. Rich
Me too Rich, the exact same reason. ProcessGuard is just a good tool, plain and simple. -------------
The major danger in IE is allowing SCRIPTS to run, which I will never do. Every vulnerability I can think of that can be used by a site, needs scripting to work. Some sites require scripting and these undergo a close examination before even thinking of allowing Firefox to run said script Its easy in most cases, load the site without scripting, then view the source, VBScript and JavaScript are viewable or downloadable in the case of .js IE should only really get the go ahead on trusted sites. If you disable scripting and ActiveX, you can secure IE a lot better than you might think
I'd agree with this but with one caveat. Disabling active content with IE can only be done via security zone settings and there have been exploits that bypassed these (see Microsoft Internet Explorer Security Zone and Internet Explorer Security Zone Bypass and Address Bar Spoofing Vulnerability for examples). As such, using third party software (like a firewall or web filter) to disable scripting should be considered for those choosing to use IE. However most of these cannot filter HTTPS sites - only Proxomitron appears to be able to do this as detailed in The dangers of HTTPS thread.
You can do a lot more to secure I.E. than some people seem to think. I use it exclusively and I have not been infected yet - despite visiting some pretty dodgy sites! Reconfiguring the settings on the Advanced tab helps, so too does a FW, like ZAP, with restrictions on scripting. Another thing I do is I have maximum safety settings on ALL Web Zones (including the 'Safe' Zone), that gets over some of what is referred to above. When I'm at sites I'm comfortable with, I put the Internet Zone settings to default and allow cookies - but only if it is necessary for these sites to display properly. What is the point of investing good money in things like PG and your AV, AT etc, if there is going to be no risk at all? All browsers carry some risk, but I'm content to use I.E. until I come a cropper - but even then, if PG saves my bacon it might not matter so much anyway!
I agree that IE can really be made pretty safe. I have scripting and activeX turned on, but I also have an excellent watchdog sniffing for unwanted applications of them. Pete
