KeyScrambler, is still really effective?

Discussion in 'other anti-malware software' started by ExtremeGamerBR, Nov 12, 2011.

Thread Status:
Not open for further replies.
  1. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Hello!

    I'm not suspicious of the effectiveness of the program but it's just a question.

    With the current keyloggers highly developed, using a program that offers only a scrambling of the keys, it is still effective in preventing theft of logins and passwords? In addition to passwords programs - Keepass, for example.

    I know that no program is 100% but wonder if it continues to offer a relevant protection...

    Thanks in advance! :thumb:
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Keyscambler uses 128 bit encryption. It would be far easier for someone to find another way to log your information than to break that encryption.
    "KeyScrambler uses both standard symmetric-key and asymmetric-key encryption. The algorithm used for symmetric-key encryption is Blowfish (128-bit). The algorithm for asymmetric-key is RSA (1024-bit)."
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    KeyScrambler Free (i.e. IE and FF Add-on) together with SpyShelter Free. ;)
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    top notch:thumb:
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    it is a good product but i think if one worries about keyloggers one should also worry abour types of loggers: screen, clipboard, mouse, etc...
     
  6. progress

    progress Guest

    I like it because it's easy to use - no questions, no pop ups, no warnings ;)
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    yeah keyscrambler is awesome..:thumb:
     
  8. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Keyscrambler free are awesome, but since Firefox is going for fast update cycle it just can't keep up.

    Yesterday I was trying KS free with Firefox 7.1 and Firefox 8.0 on Windows 7 64 bit.
    Sometimes KS doesn't work (the key aren't scrambled), I must turn off then turn on ks to make it work.

    I would still recommend using KS, especially with IE
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    ks works smoothly with firefox 8.0 in my pc...:)
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Most modern banking malware uses Man in the Browser attacks, Keyscrambler doesn't protect against this, so depending on what you use it for and your other security, the protection might not be relevant enough anymore.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    It's the part of article "Man-in-the-browser attack" from site of OWASP Project
    https://www.owasp.org/index.php/Man-in-the-browser_attack
    Why this?...KS encrypt "on-the-fly" all keystrokes typed by user in browsers for example my login and password
    login: ichito
    password: blabla_bla
    KS changes randomly letters and signs to
    login: %5i:*/
    password: +j("#>jY_@
    How those signs are useful for trojan and why KS don't protect me?
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Yes, by encrypting the keystrokes, KS creates a secure 'tunnel' between keyboard and browser so keystrokes can't be read as they are typed. Then the browser sends them securely to the site you visit(if it's HTTPS) so intercepting network traffic won't work either, but MitB attack doesn't try to intercept keystrokes as they are typed or going over the network, it attacks the browser itself, where it's insecure/decrypted for a while. As you can read from the information you posted, it steals the info just before it's sent encrypted over SSL:
     
  13. Kuffi

    Kuffi Registered Member

    Joined:
    Sep 15, 2006
    Posts:
    13
    I just found keyscrambler today and became curious about how it works.

    So it installs a driver that that hooks the incoming keyevents as I read - now what will happen when I

    1) simply kill the keyscrambler driver so it won't run anymore?
    2) simply also hook the same incoming datastream and give it to the keylogger (via ring0 driver)?
    3) hook the decryption and get the text from keyscrambler?
    4) get the encryptionkey which has to be there somewhere?

    Thank you
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    After listening to the Trusteer Rapport debacle and how there are fundamental flaws with theses things I'd be very surprised if keyscrambler works all that much better, though at least it uses legitimate encryption.

    I don't know enough about how it works though.
     
  15. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Not wishing to have a downer on Keyscrambler, but you have to ask what it will in fact protect you from. Against all the modern banking malware it's pretty much useless as this type of malware hooks after the point at which the keystrokes are decrypted, as well as stealing from the clipboard and taking screenshots.

    I'm not even sure that any of the commercial keyloggers restrict themselves to just keyboard logging these days.

    Far better, imo, that if you are concerned about 'keylogging' then you use an application with full-spectrum anti-keylogging capabilities.
     
  16. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,077
    What trusteer rapport debacle?

    you can not compare TR with KS, KS just proctect against real time keyloguers (not very common in real malware because are easy to detect), and TR protects against any way to steal your information from the browser.
     
  17. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Not always true with Rapport. Although it can protect against the common methods (MITB, Keylogging, Clipboard logging, Screenshot logging etc), each bank that provides Rapport to its customers has a different configuration, some of which don't include all the protection methods, e.g. clipboard protection is often not provided. One bank's version of Rapport is not necessarily providing the same level of protection as another bank's.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    TR is a farce. It's essentially useless and can be bypassed with a few lines of code.

    edit: https://www.youtube.com/watch?feature=player_embedded&v=EimZQgt7WPg

    There's something with more info. There have actually been a few more whitepapers since that really emphasize the issues.

    They are plenty comparable. They both try to encrypt information from the keyboard to a program. As noted in that video, this is not currently possible.

    edit2: wilders topic about it https://www.wilderssecurity.com/showthread.php?t=320410
     
  19. Kuffi

    Kuffi Registered Member

    Joined:
    Sep 15, 2006
    Posts:
    13
    Problem is what I stated already "4) get the encryptionkey which has to be there somewhere?" - you encrypt with a key that has to be there somewhere, either hardcoded in the driver or generated automatically and then has to be stored somewhere and told the decrypt function - either way it's screwed and useless.
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Without knowing how it works it's hard to say but the video basically stated that there are fundamental flaws in areas that these to products both deal with.
     
  21. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,077
    Its a flaw of 2011 are you sure that this has not been already fixed? maybe it was fixed few days after it was made public


    You can configure TR to have any website to be protected like those preconfigured banks websites, the only difference is that truster can not check the IP to see if is the same that they have in the database for that bank.
     
  22. x942

    x942 Guest

    Time to break IDA Pro again :D

    I have verified in that thread the HM linked other potential vulnerabilities in the software. I am more than happy to try and confirm the flaws described in that video as well. If it is that easy I shouldn't have much trouble circumventing it.
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    And that is the reason why I still use SpyShelter with KS in one combo...although I know that some users prefer signature-based programs.
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The released a "fix" but never addressed many of the issues and there have been whitehat papers since then explaining this.

    As the video says, it takes only a few lines of code to bypass and any beginner programmer with assembler could do it.

    x942, if you're willing to look into it I'd appreciate that.

    The very design of it was criticized in the video.
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    There's at least two separate issues here:

    1. If you're going to use an anti-keylogger then can you just use Keyscrambler or do you need a full-spectrum AKL? My opinion on that is posted above, i.e. you would want a full spectrum AKL.

    2. Is the only solution for protection against keystroke logging either the use of encryption/obfuscation as deployed by Rapport and Keyscrambler or HIPS alerts as per Spyshelter, Zemana, OA, PFW etc? And is the obfuscation approach fatally flawed in it's logic?
    This for me is the more interesting question. How for example is WSA protecting from keystroke logging - obfuscation or HIPS alerts?
     
Loading...
Thread Status:
Not open for further replies.