SafeOnline tests and suggestions

Discussion in 'Prevx Releases' started by CloneRanger, Feb 6, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Did a few tests with Zemana test loggers.

    Deactivated Zemana Antilogger first.

    Protected against scrolling window capture, but not clipboard logging, screen logging or keyboard logging ?

    And with Zemana Antilogger active it prevented the Zemana clipboard logging test from showing clipboard logging. Disable SafeOnline and it did ?

    https password logging was protected with Zemana Antilogger and SafeOnline both disabled. This might be firefox protection ?

    I think it would be better if we could individually select the items we want protecting, or not, with a tick, rather than with the slider control. As it is, the slider is all inclusive, or chooses for us selectively.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    SafeOnline will protect against all of these threats but only on a secured website. Could you let me know if you've run them directly on an HTTPS website? (I've just tried the keyboard/clipboard/screen grabber leaktests from Zemana and they're all blocked here with just SafeOnline).

    Some aspects of Prevx protection move out of the way if the user has Zemana Antilogger installed so that they can use both programs - I'd recommend uninstalling Zemana entirely and also uninstalling Prevx, then rebooting, then reinstall Prevx and see if your results are any different.

    We've designed the configuration in such a way that each level disables exactly as much as it should - for the High level, for example, it is necessary to disable both screen grabbing and browser window access because that is what SnagIt and most other screen reading programs will try and do on the system to read the screen data. At a technical level, they are different concepts but we've combined them within the configuration. In one of the first versions of SafeOnline, we did have discrete configuration for each of the options but it introduced too much user confusion as many of the options are reliant on other options to allow programs like SnagIt to access the required areas of the system.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @PrevxHelp

    Hi, just did the tests on the https hotmail sign in page, and Prevx blocked the other two, but not the ScreenLogger ?

    Maybe you could have the discrete configuration instead of the slider as an option in future, hope so.

    Thanks.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hotmail is not HTTPS!

    TH
     

    Attached Files:

  5. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    It is if you use the enhanced security option.
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Shows how much I use Hotmail LOL But it was stopped!

    TH
     

    Attached Files:

  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Triple Helix

    Hi, I always use the hotmail https login, much better. Noticed you allowed Prevx to block the actual ScreenLogger test from running. I allow such tests to run, otherwise there would be no test, as in your case. Try again after allowing it.
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Isn't that defeating the purpose? If I allow malware to bypass Prevx when it tells me not to should I? It's good enough for me that it is detected and not allowed to run! On this point alone should make you happy!

    TH
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I agree 100% with TH here. I have always thought the same thing when the OSFirewall in ZoneAlarm Pro jumps up and identifies a test process as suspicious and recommends denying it, people inevitably say, "Well, you need to let it past the firewall". And I'm always saying the same thing as TH... why? As far as I'm concerned, the test is over. My firewall stopped it.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I even tried it your way and could not get the test to grab my screen so it passed the SafeOnline test also using FF 3.6 I let run for 10 minutes only turning off Prevx allowed ScreenLogger to take a shot!

    TH
     

    Attached Files:

  11. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    TH....the statement on prevx website about SOl http://www.prevx.com/safeonline.asp reads....
    so a safeonline only user would not have prevx blocking threats thus CloneRanger is correct in allowing it for testing the efficacy of SOL
     
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    But if you see post#10 I let it go pass Prevx and allowed and still no screen-shot taken! So it passed the SafeOnline test also! Unless I'm missing something here?

    TH

    EDIT: I tried 4 times and still will not take screen shot so in my opinion it passed! ;)
     
    Last edited: Feb 9, 2010
  13. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    well i have no issues with prevx SOL except a desire that they strengthen their IP verification methodology and antiphising capabilities...maybe use an ip blocklist type thingy as used in mbam/OA/outpost etc
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    True anything to make it better! :cool:

    TH
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We're definitely working on improving this, but the rogue/phishing websites today move so quickly it is nearly impossible to actually make a valid effort to block them. This is why we strongly recommend using our Credential Protection functionality within SafeOnline which will lock down your credentials to a specific website and warn if you accidentally type them into a different one, automatically defeating every phishing attempt :)

    Also, regarding the screenshot - I also cannot reproduce any issue taking screenshots. It is possible that you have entered into "compatibility mode" by configuring Prevx to "High" protection at some point. Doing this will allow some issues to be fixed (like printing on some specific printers) but it will cause screen grabber protection within SafeOnline to not load (by design, and this only affects screen grabber protection).

    It might be worth uninstalling, then rebooting, and then reinstalling to see if this re-enables the protection.

    Let me know! :)
     
  16. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    joe i am a happy prevx camper:D ...the test taker...giver...ummm.....creator :p ...is clonerager
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi posters, thanks for the input. Not sure why ScreenLogger is able to do that on mine with Zemana disabled ? As i normally have Zemana active it's not a problem for me, but i thought it could be for others, which is the reason for posting.
     
  18. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    464
    Location:
    UK
    Help!

    Screen grabbing test

    Failed :thumbd:

    SafeOnline doesn't prevent Zemana ScreenLogger.exe from taking a snapshot of HTTPS sites for me. :'(

    I have SafeOnline as part of PrevX 3.0 (latest version .74) so I have had to add ScreenLogger.exe to my override list as Trusted to make it run.

    Now it runs happily and takes snapshots of my screen when I visit HTTPS sites even though SafeOnline says it should not be able to! :mad:

    What is happening here? Does the fact that I have trusted the program in PrevX mean that SafeOnline trusts it also. I would have thought these different security layers should operate independently (otherwise they are not two layers!).

    I have tried doing a screen dump in windows (Print Screen key) and this is blocked correctly.

    Edit: I have now completed tests using Zemana's keyboard and clipboard logger test trojans. My findings are below.

    Key logging test

    Works :thumb: . Key logging protection is turned on once a site is visited with this protection enabled. It is then left turned on for subsequent web sites visited. It only gets turned off when I close the browser (firefox).

    Clipboard logging test

    Works :thumb: . Clipboard protection is turned on once a site is visited with this protection enabled . It then protects all clip board accesses so I can use KeePass to copy/paste my passwords etc. Like the key logging protection, clipboard protection is then always on until I close my browser.
     
    Last edited: Feb 13, 2010
  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you let me know what other security software you're using? If you are using Zemana Antilogger and have it installed (even if it is disabled), SafeOnline will temporarily disable some of its protection until you uninstall it as there is a fundamental incompatibility between Zemana and SafeOnline (they both try and protect precisely the same area of the system, which will result in a crash if they both remain enabled).

    If not, please let me know and I'll investigate further :)
     
  20. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    464
    Location:
    UK
    I dont have Zemana anti-logger. I have just their test "Trojan" (keyboard.exe) which doesn't install, it just runs when you double click the file.

    My Security applications are:

    - Kaspersky Internet Security 2010
    - PrevX 3 with SafeOnline
    - Windows Defender.

    Browser was:

    - Firefox 3.6.

    I removed BrowserDefender from my system before I did the tests.

    Edit: This works now. This problem went away after I did a clean re-install.
     
    Last edited: Feb 15, 2010
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect this may be because of configuring SafeOnline to "High" protection at some point - this will trigger a compatibility mode within SafeOnline that could disable some aspects of screen grabber protection.

    Glad to hear it's working properly now though, let me know if you find anything else! :)
     
Thread Status:
Not open for further replies.