Keyloggers and Privacy

Discussion in 'privacy problems' started by caspian, Jun 29, 2009.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have read that some of the antivirus/antispyware products intentionally allow commercial keyloggers. The disingenuous rationale is that they sometimes have legitimate uses. I posted about this on the superantispyware forum. I'm pretty upset about this issue.

    Businesses log. They monitor. And they tell people right up front that they are being monitored.. Everyone knows it. So why would it matter if a commercial keylogger shows up? I have never worked for a company that would allow me to install a scanner on their system anyway. They would have thrown me out on my ass.

    I wonder what the percentages of sales would be for keyloggers purchased by businesses in comparison to keyloggers purchased by individuals? I can't help but wonder if there is some cash being exchanged as an incentive to allow some of these keyloggers.

    Putting a keylogger on a private citizen's computer is like putting a video cam in their bedroom. It's sick. And I think that it is incredibly irresponsible for a company to tell people that they protect against malware when they are intentionally allowing some of the worst to be installed on your computer. They should tell people right up front that if someone puts a commercial keylogger on your computer, their product will allow the keylogger to spy on you. And they should list the ones that they intentionally allow.

    Does anyone know of an antivirus or antispyware product that protects against all known malware?
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Hello.

    I was reading quite an interesting article at sophos.com here the theme is much similar to what you're concerned about. The reasurance that a security vendor is going to flag malware nomatter where its coming from.

    I think the question of whether a security vendor is capable and willing to flag corporate/government malware will go a long way to decide which security products customers trust enough to put on their computer, certainly in the foreseeable future.

    Police hacking computers to gain intelligence, who are the bad guys?

    If you are in the position of flagging a government agency/corporate created malware ... will you?

    When you look at the problems some vendors have got themselves into for handing out SSL certs to rogue sites for $$$ ... it makes you wonder if some have the ethical balls to flag.

    I like what Sophos is saying about this matter. So well done them.

    Don't agree with their bashing other products to promote their own, though.

     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    They have been given free reign in the UK to abuse as they please. They do not have to answer to anyone. Try and tell me that they won't be abusing the Hell out of that. They will spy on anyone for any reason. And I am quite confident that it will be used for personal reasons as well...if it hasn't already.

    I just wonder how good Sophos is.? I haven't seen it mentioned much. I see that they have a free scanner. I think I'll give it a shot.

    I think a list needs to be made of the antivirus/antispyware companies who deliberately allow keyloggers, and the ones who do not. People have a right to know. Otherwise, maybe some lawsuits for false advertising are in order.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On any computer that you don't own, you have no realistic expectation of privacy. On your own, you can allow, block or remove whatever you choose. The best way to keep keyloggers off of your system is with a default-deny security policy. Instead of worrying if your AV, AS, etc will detect all keyloggers, take the opposite approach. Specify what is allowed to run and block everything else by default. It takes a while to set up and requires that you know or learn what applications and processes need to run for normal operations, but when it's done, you're system will not allow an unknown process to run. Software keyloggers, malware, trojans, etc are processes or are installed by processes. Short of someone entering your home and concealing keylogging hardware, a properly enforced default-deny policy will prevent keyloggers or any other unknown processes from running on your system.
     
  5. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Such configuration is not suitable to the average home user, who needs to install, uninstall, change configurations of different software. What you say is done in high security structures, where there is no need for computers that change dynamically, and it is possible to specify the few needed services that are allowed to run.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Mine is a home unit. Several people use it. It's got everything they need.

    A home PC doesn't need to be changing all the time. How often does the average home user actually "need" a new piece of software? As long as users can install whatever they want, you're stuck with relying on detection software and the problems that come with it, missed detections, false positives, etc. The user needs to decide which matters more to them. Here, if someone needs or wants a new app or game, they tell me. If it's clean, I'll install it. The biggest inconvenience is a slight delay. That slight delay has saved a lot of time, work, and worry in the long run. Default-deny works fine in a home environment. The only thing the users can't do is change things whenever they get the urge.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What kind of program do you use to specifically allow or deny?

    Prevx confirmed that they don't differentiate between commercial and noncommercial keyloggers.
     
  8. thathagat

    thathagat Guest

    spy sweeper is very good in zipping commercial and noncommercial keyloggers...but spy sweeper itself is a tricky and touchy software for most.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    My choice is SSM, but you can use any application that allows you to build a process whitelist. There's a good thread regarding using software restriction policies to protect against the unknown. I'm sure that several of the available "HIPS" or process firewalls can also do this. The choice of software or utilities used is not that critical. It's the policy and how well the tools are configured to enforce it that's important. Regardless of how the policy is enforced, it's just much easier to keep tract of the 50 to 100 known good applications and system executables that you need or use than it is to keep up with the hundreds of thousands of malicious apps, files, bits of exploit code, etc.

    Default-deny doesn't have to be restrictive, unless you're one who is always trying new software. For those users, something like VM would be ideal. Even that can run on a default-deny protected OS. If your PC is equipped the way you want it, a default-deny policy can make sure it stays that way. When the policy is matched to the users needs and the users software runs as it should, there's no indications that the policy is even there. My operating systems predate software restriction policies and limited user accounts, Win2K being the most recent. Even on these, I used SSM to define separate user and administrative modes. For normal usage, I run in user mode. All of the software I use on any regular basis is whitelisted and runs as it should. Default-deny is only restrictive when it doesn't match the users needs.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That sounds pretty involved but I think over time I can learn. Thanks for the tip.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have heard that is a good product. I will probably give it a try. Thanks. I like your avatar.
     
  12. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I do not know how well the Spy Sweeper (which version ?) deals with (commercial) keyloggers.

    Just a few words of caution: last time I checked, I really didn't like their privacy policy. There is some kind of community network, and I don't know if you can opt out of that. The default install would install the ask.com toolbar, possibly more. The quality of their technical customer support is often very bad.
    Again, last time I checked.
     
  13. thathagat

    thathagat Guest

    6.1 and read here
    and
    WARN....is the name of the communnity and you can opt out
    and
    you can opt out..simply untick

    as i said earlier spy sweeper itself is a tricky and touchy software for most.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What is tricky about it? Will an average user be able to make sense of it?
     
  15. Airflow

    Airflow Registered Member

    Joined:
    Jul 5, 2009
    Posts:
    39
    Where is the problem? If you have a good security setup you don´t have to worry.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I thought an antivirus and antispyware product was part of a security setup.

    But anyway, I do use Keyscrambler Premium and Zemana. Eset Nod32. Zone alarm free firewall.

    What would you recommend?

    Oh and I use Sandboxie and Returnil too.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Apps like Sandboxie are good for keeping malicious code from installing or becoming permanent on your OS. They will not stop malicious code from running. Remember when the Bank of India was hacked and started serving up malware? A compromised financial site serving up a keylogger is a very real possibility. A keylogger doesn't have to be installed to be costly. It only needs to be running when you're entering a password it's owner wants to capture. Security packages based on isolation, virtualization, or "reboot to restore" would not be sufficient in such a scenario. An anti-keylogger that depends on signatures or other means of identifying known threats could suffer from the same shortcomings as AVs. Something to think about while you plan your defenses.
     
  18. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    DefenseWall is a good tool - System sandboxing and HIPS to detect keylogging.
     
  19. Airflow

    Airflow Registered Member

    Joined:
    Jul 5, 2009
    Posts:
    39
    So why do you worrie? It is a good setup.
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I've read where one of the tech editors at PC World actually puts a brand-new "perfect image" on every morning. Not just a Returnil/Deep Freeze-like IR solution, but does the whole image from disk everyday. Seems like a hassle - but he says he's got it down to two minutes flat. That would keep you protected from keyloggers about as well as anything else I can think of.
     
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that. I do delete my browser sandbox often, but i download a lot of music, movies, and art. And i collect animated gifs. So I really do expose myself to a lot.

    I think that I need to take the plunge and learn how to use a HIPS program. I also use Prevx and Sandboxie.

    I am looking forward to the new XB Browser though. From what I understand, it will be pretty amazing.
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I guess Defensewall is my next step. I hear it's really good.
     
  23. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    For easy daily use (no pop-up hassles) DefenseWall is the ideal choice. It has default denial rules ... all launched applications run as unsafe, unless you wish to grant full rights, such as P2P downloads - create a default downloading folder, and so on. Updating applications is simply a case of remembering to Run with full rights. As you've used Sandboxie it should be a breeze to figure. Of all the HIPS around Defensewall is the easiest to use, IMO.
     
Loading...
Thread Status:
Not open for further replies.