Keyloggers

Discussion in 'other anti-malware software' started by JerryM, Nov 19, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I don't read problems with keyloggers. Do most of the AV and AS applications detect, prevent, and remove keyloggers? Obviously they could be very dangerous, especially for anyone doing online banking, but also for sites such as ebay or paypal.

    Thanks,
    Jerry
     
  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Most current software poorly handle key loggers...
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    Policy based HIPS GeSWall and DefenseWall are quite good against these.
     
  4. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Wrong. What's the difference between a trojan horse and a keylogger in terms of their file structure? Nothing. Both are portable executables - that's it. An anti-virus can just as easily detect a keylogger as it can a trojan horse, all it needs are the signature updates to do so.

    Only a few years ago anti-virus software didn't handle ad/spyware and trojans. That is no longer true. AV software have more or less evolved into full-scale malware detectors nowadays.
     
  5. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Keyloggers are what i am most concerned about seeing as i do a lot of online dealings. I definitely don't trust my resident av to catch keyloggers, i take extra precautions against them.
     
  6. Empath

    Empath Registered Member

    Joined:
    Nov 13, 2002
    Posts:
    178
    There are some keyloggers, such as Webwatcher, that are promoted as a means of keeping watch over your children, or bosses watching the use of their employees computer time and such. Even though they can also be used by crooks out to steal from you, I suspect the anti-virus industry has looked the other way for purposes of not wanting to suppress the "legal use" of such software.

    While I understand their dilemma, I still consider it selling out your customers.
     
  7. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    The industry is having a tough time to keep control over key logger's because every program that need any type of shortcuts is technically a key logger since the application must monitor the key strokes for said shortcut. i.e. using "control + C" key combination for copying data requires some type of keyboard monitoring to allow the task to take place. Virtually every programs do this.

    My point is that besides driver level intercepts there are multiple methods and reasons for programs to capture keystrokes effectively making the process incredibly difficult to control effectively.

    That is the reason I use KeyScrambler because it actually encrypt and then decrypt the output of keystrokes directly into the application concerned ie your web broser/site logon interface. If a keylogger intercepts it in between all it acquires is meaningless alphanumerical outputs... Verry ingenious!
     
  8. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Never used KeyScrambler myself, but if the website interface can pick up the decrypted password, couldn´t the keylogger do that aswell?

    /C.
     
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Apparently not... It's a bit complicated how it works internally. But the idea is good. Encrypt driver level, then decrypt in browser interface. It seems to work. Everyone I know who tested it internally said it worked... Good enough for me.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Before my bank changed the login procedure, I followed this procedure :
    1. Reboot, which removed any change on my harddisk, including keyloggers.
    2. Logged in bankaccount with a fixed password, did my thing and logged out.
    So the period between reboot and login was too short for installing/executing a keylogger and how would it get there in the first place.

    After my bank changed the login procedure, I have no procedure anymore, because I must login with a variable calculated password and that makes any installed keylogger useless to the on-line thief.
     
  11. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I used to be concerned about Keyloggers years ago when I was less computer savy because they used to show up on scans that I performed on past anti-malware software that I used to, however, a-squared(which I use) claims to remove Keyloggers:

    http://www.emsisoft.com/en/software/free/

    and it's been a long time since I've seen a Keylogger show up on a scan. However, I now use broadband compared to years past, in addition to a router, plus, I currently use the IE7 browser with it's built in protections.

    Plus, it looks like my recent installtion of GeSWall is helping against them too. :)
     
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I've never used KeyScrambler before, however, past stand alone anti-keylogger programs that I have used before seemed to cause the computers that I was using at the time to have problems and caused me to have a distrust of stand alone anti-keylogger programs. Although, that's not to say that KeyScrambler isn't a good program.
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    What you guys all forget is that every security app can be bypassed.

    You don´t read about that after more then 2500 posts! Damn you should know this forum better then many others and also be concerned about Keyloggers.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    All guys ? I didn't forget this at all.
    Keyloggers that bypass my Windows Firewall, Anti-Executable and DefenseWall will be removed by my boot-to-restore, which doesn't allow any change on my system partition and the same will happen to any other malware.

    I don't even trust my boot-to-restore and that's why I have stronger weapons, just in case :
    1. restoring a clean image OR
    2. quick zero of my harddisk + restoring a clean image.
    3. full zero of my harddisk + restoring a clean image. Which keylogger or malware is going to survive this ? I guess only hardware viruses.
     
    Last edited: Nov 23, 2007
  15. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Just curious as to this. I know Online Armor Free detects some Keyloggers, (Full Version more) and ThreatFire and Dynamic Security Agent detects many of them. Would anyone of these be enough protection against them?
     
  16. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    So, after reading the posts after my post #12 & 13, are Keyloggers really that insidious and really that much of a problem? o_O
     
  17. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, even though I don't come close to having 2500 posts, in defense of JerryM, I too haven't seen a lot of posts about this threat on this forum or other Computer Help Forums.
     
  18. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    All zero-days malware are obviously a problem and everyone who´s more or less dedicated to protect a computer/network has its strategy to solve this. However, those malware classes which also add the future aspect of having "non-cure problems", are IMO keyloggers and rootkits (ever heard about Blue Pill?). They can do their "evil thing" even if they only have limited rights, and therefore by-passing todays security software as for example Sandboxies, AV:s, AS:s, HIPS etc. They can even work between clean backup sessions if there´s for example an exploit in your browser.

    Personally I´m dedicated for protecting my Windows client according to the principle of layers of protection, and under "normal" circumstances it serves me well. But I have no illusions that this strategy will make my computer malware free for sure. Am I paranoid or even fatalistic regarding computer security? I don´t think so, rather realistic and pragmatical.

    /C.
     
    Last edited: Nov 24, 2007
  19. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    With Roboform a master password can be entered using the mouse and a virtual keyboard. 8 characters are supposed to be enough but can be as long as you want. the account number, credit card details are then entered directly i.e no keystrokes to log. The actual passwords can be up to 511 characters.

    A keylogger itself would only live until reboot time on any of my machines so the priority is simply to stop it logging until it is destroyed at reboot.
     
  20. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    You really trust your mainboard creators :D, where are mainboards produced? Don´t know? Specially in countries where hardware rootkits are invented. Don´t be too sure that your system was clean at the time you freezed it. Stealth malware is not visible in a usual way it only needs few bytes, maybe exactly placed in your most favorite apps?? (hash tab should be always with you ;-)) Especially be aware of IP adresses and packets from China, Korea and Japan.

    Also.
    Exactly, written very well!!
     
    Last edited: Nov 23, 2007
  21. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I couldn't agree less with this fantasy world view which is so far from normality.
    Do I really trust my mainboard creators ? LOL of course I don't. I regularly take the MB out and wash it in biological detergent to see if I can find little green men waiting to take notes on which sites I visit.
     
  22. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    If this would be that far from reality then there were no warnings like this and things like blue/purple pill and there were no people like Heasman. You want to see something impossible? No browser opened, no tcp/udp connection, nothing, best firewall, everything looks clean all anti-rootkits say nothing found, but still activity, watch: http://i5.tinypic.com/7ys7vyg.png
     
    Last edited: Nov 23, 2007
  23. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    An attacker could do this an attacker could do that ? science fiction often written by those with nothing better to do. I can only repeat we are not going to agree. In post #20 I made a suggestion that might actually help someone.
    You seem to be so certain that nothing is certain .... This "nothing is ever enough" view leads nowhere.Anyway I don't want to appear unnecessarily rude but I'm outa here. I will no doubt read about the blue pill yet again in another thread.

    Edit - By the way I thought the example of a Plextor dying, not because it was crap hardware, but because of mysterious forces was very funny
     
  24. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Last edited: Nov 23, 2007
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No. I don,t think so!
     
Thread Status:
Not open for further replies.