New keylogger tests from Zemana

SandboxIE and keyloggers:
http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#KeyLoggers
http://www.sandboxie.com/index.php?DetectingKeyLoggers

 

nice shoot mate , but all zeman test files works even runs under SB .

i say why not using zemana program? its light of resource and pass all tests

cheers

 

I didn't "shoot". I'm simply forwarding the information SandboxIE's website has for quite some time.
It explains what will work and what won't inside the sandbox. It doesn't say it defeats all keyloggers known to man.

Re: Zeman AK, why would i want it?

 

Yes, it´s permitted globally, but it has to phone home as well. Based on the assumption that your system not already have been compromised by an installed logger application, you could solve this by only permitting e.g. your browser to be the only application in the sandbox having access to the Internet. This, in conjunction with using the latest update of your preferred browser (without any known vulnerabilities), where scripts, iframes and plug-ins are disabled by default. These should only be activated, if required, per site through whitelisting.

But I agree that it´s kind of worrying, so hopefully Tzuk will add some sort of global restriction for these kind of applications as well.

/C.

 

Cerxes, it's not that global to begin with. I think they will only work within the sandbox, for sandboxed programs. They can't log from programs outside the sandbox for instance, at least that's what i always thought.

I haven't read the above links for a while (a year probably), but they should say something like this.

 

@Pedro: O.k, I ran those Zemana leak tests for a couple of weeks ago, and they didn´t have any problem logging other applications, sandboxed or not. But in reality if they were malicious, they would need to phone home as well, and here you can administer some countermeasures with Sandboxie in conjuction with the application it´s sandboxing (based on the assumption that your system hasn´t already been compromised).

/C.

 

Pedro, I've read that page before and that is exactly what is worrying. We are told that sandboxed key loggers can only log other programs inside the sandbox and not globally. However, my results are the same as Cerxes's. The key logger can log key strokes any program sandboxed or not.

That is my practice however the application filtering in sandboxie is based only on file name. I'm sure it is quite leaky!

 

Yes, I agree. But these above mentioned practices together with the house rule (that hopefully most Sandboxie users applies) that when performing online transactions, one should always close and restart a new sandbox session. And when done, always close the session for deleting the contents of the sandbox. These practices should cover most, if not all keylogging attempts during a limited session (unless the web site you are visiting have been compromised, but that´s another story).

/C.

 

Thank you for the reply. I needed that info. Even though i know SBIE is not an anti-keylogger, so realize that limitation, i didn't expect that.

And you are correct, Sandboxie is to be used in one way, and one way only - flush the sandbox between regular session and critical session.

Just to be sure, you ran it sandboxed correct?

 

pedro mira sandboxie is really good when it comes to save malware or jail them in the sandbox but to prevent the action of a keylogger it takes more than that probably just by blocking the file extention will do the job for sure,entiendes pedro
note:a well configure sandboxie will be also able to blocks executables too but only in a virtual enviorment not in your real os.

 

Flush the sandbox, that's it.

 

in other words you damn skeapy.

 

Skeapy?

 

dont worry about the word i forgot how or the spelling for it what i ment is that you are rigth pedro

 

i think the best protecion reading all this thread is combine SB + AE3....so nothing u dont know can run....all this zemana test are *.exe files

 

Yes, das ist correct.

/C.

 

100% agree with you

 

or just by running Anti-executable alone will provide a very good level of protection.

 

Hi there,

I'm using NOD 32 v.3.0.672.0. for almost a year. I'm sorry to say, but it has failed all Zemana leak tests in my laptop.

Nevertheless, I can't run Zemana with Sandboxie previous installed on my system. It makes Windows unable to reiniciate.

Windows XP Pro SP3, ZoneAlarm Firewall (free version), NOD32 and Zemana (1.2.2.425).

 

yesssss

 

i have like a week trying ProcessGuard 3.5 with out any antivirus/antispyware/firewall and tested with real malware and also visited your loc
ation(HELL)and i achieved my goals(no infections at all).i do a weekly scan with diferent malware scaners and ended up finding only cookies.my security point of view is very simple insted of watching on malware i block the file extentions and only allow what i believe is safe to download ofcourse first examine the file with a good malware scaner(free one)and then introduce it to my Os my choice is Block all and allow only by exception

 

ProcessGuard 3.5 is like deny all yill u aprove it.........its very annoying to work with it from self experience , u have to aprove everything , not mention when uninstall/install software...

 

very simple here
denny all no pop ups at all,just block all and only allow what i need to allow(only once).

 

yes , but abig BUT , when u often install / uninstall software for testing or what ever ... PG 3.5 realy get annoying and tolerable

 

i know,
what i do when i do some testing i disable it and fire up sandboxie