Sandboxie and keyloggers

Well do take into consideration that there are three version's of Keyscrambler.
1. Personal = Only protects your logons at websites

2. Professional = Encrypts everything you type into a web page(this would be the one for protecting your credit card details).

3. Premium = Does everything the Professional version does but includes encryping your e-mail and Microsoft office apps.

Read more.

muf

 

It doesn't matter how well it works, first you have to determine what it is going to do. Lets say 'Personal' works 100%. Big deal, log-on info only. That is not how most folks descibe the personal version. Most people feel or they imply that the protection that is offered is on a par with what is offered in 'Professional'.
That is because the Firefox description of the plug-in is in my opinion - deceptive.
https://addons.mozilla.org/en-US/firefox/addon/3383
You have to scroll down under the Developers comments and read item two. Laughable.

 

I totally agree. But if you have already setup your credit cards at the various shopping sites ebay, amazon etc then all you are going to do is log in at those sites so the Personal edition would be fine. If you are intending to create accounts and store your credit card details then the Professional version is the way to go. But if I was going to purchase something from a website i'm not registered to then I would clear the sandbox then submit my details.

muf

 

All true, but another thing to remember is that with commercial keyloggers, most of them are a package deal - capturing screen shots and all. Logging Instant Messages - logging notepad and Word, the whole bit. An anti-keylogger even if 100% successful against all of that would still leave you very open.

Now the SandboxIE approach is better. Let them do whatever they want to do - but lock'em down so they cant send it. Anyone that touts this or that 'fav anti-keylogger of the day' needs to address screenshots as well.

 

But if you look at the situation from the standpoint of 'Pure Odds' - that information would have to be stored somewhere. Either on your comp or at the site. And it would be there 24/7/365 and would be at least 'available' to a nastie at all times. AND TO ALL NASTIES (not just keyloggers).

VRS, what the heck are the odds that I pick up a keylogger during that exact very session that I need to type something?

 

good post, Sandboxie and quit worrying about those pesky keyloggers. Sandboxie is the only app of this type that works as intended. The others are all playing catch up.

 

Hello MitchE323,

Well programs are not useless on the basis of "the" defaults, and I am a great supporter of SandboxIE... I recommend it warmly on my web site. Not too many others out there actually do. The issue with default configuration is real though as most product often cater to the most basic protection using defaults...

As for grandma... well I deal with users from late teens to late 60s and many cant even use their own keyboards, never mind reprogramming an applications settings... usually that is what they pay me for...mostly so they don't have to do it themselves as they more often than not screw things up... (Their own words usually).

As for my recommendation they are meant to educate about the risks as we know them to be... I also recommend a "Possible" solution to the problem (usually with more than one example) As in HIPS Threatfire or Prevx with a small explanation why... Besides If you where to follow those recommendations your risks of infection or of a breach of system security is probably close to zero... so doing I'm doing my Job as a consultant. Please if you disagree with the risks as I have stated them, do so clearly and explain to me where I am wrong...

Fear mongering has nothing to do with my site... I offer the means to "Prevent" having to retain my services to clean up infections that where preventable. I see nasty infections that anti virus and antispyware software pass right over . I see systems so badly infected, the Trojans number in the dozens...
Dont believe me here is one I posted just a few days ago: https://www.wilderssecurity.com/showpost.php?p=1172045&postcount=240
Keep reading on that thread as I have posted many times before and will continue to do so to wake up users like you to the risks involved.

Probably because too many think like you, and have the invincibility concept firmly burnt into their minds until they come crying to people like me to help them save their precious data...

Also identity theft and the cracking of banking account is real... I dont wish it to you but laugh all you want the risk is real otherwise sites like this one wouldnt actually exist and i would be nothing but a figment of your limited imagination!

I will be waiting

 

That sir is exactly my point. It is real. Now guide me to where exactly is the procedure within anything on your website, or even within a single solitary sentence that you have ever posted on any thread in any forum that would prevent that.

 

It is obvious by your statement that you did not take the time to actually read those articles on my web site... Anyways here goes:

I recommend using an anti keylogger in combination with a hips and using Roboform to input the passwords (I also recommend using strong passwords in roboform). A different one for every web site and to keep whatever passwords inside incrypted documents if they for some reasons refuse to use password managers....

Not inputing the password manually effectively can "help" thwart a keylogger interception of keystrokes.. as there is no keystrokes to be intercepted... Products like Roboform use a master password and keep all others within encrypted containers within the system. This when combined together provides a far more secured than any other method I know off... Sandboxie included... However if you combine this technique with using sandboxie.. You are far and above the risks encountered by most users online.

I have written a shortened version focused on Secured Web Browsing alone to address the "Overload" affecting some users when confronted with the large numbers of actual attack vectors facing them... It covers all the basis from user interaction to the sites they visit as well as filtering the sites themselves for possible hostile exposure.

 

Sorry I only got that far. Do you actively alert people that the keyscrambler product you had previously recco'd (in your earlier post) had an extreme level of ineffectiveness? Which in turn creates a false sense of security and actually leads to many instances of identity theft? Can GrandMa suddenly handle a HIPS? It's just so on and so on.....

 

In the case of Keyscrambler, it is of course due to the fact that not too many tools are on the market catering directly to web browser password protection. I advise users to use Roboform for added protection, as the only password in this case (keyscrambler) protects is the master password...

Besides, I also tell in my article that "trusting" any single applications or vendor is not recommended. I recommend using a battery of tools as layers against most attack vectors read my article (in its entirety if you wish for me to continue explaining myself).... See Cyber Self Defense for a more thorough explanation.

for your benefit here is a cut paste of the paragraph in question:

I believe that brand loyalty in this case can often prove counter productive as developers tend to downplay vital weaknesses in their product, and much too often chose to over hype useless features that actually provide little real security benefit to end users while they use far too many system resources slowing everything down.

Currently the best approach is to use multiple layers in our approach to securing the computer. Each layer covering a specific or small group of attack vectors. Also using the right specialized tool or utility covering a specific known threat vector is far superior in my opinion than a huge software suite trying to do it all, as large suite have a tendency to cause problems and usually fail in the end as criminal types eventually figure out it's weakness and successfully bypass its defenses...

Instead I would strongly recommend users take full control of their security, educate themselves, and consider a multi layered approach such as we describe here, and to not only once, but at regular intervals research, re asses, and over haul their existing setup for optimal benefit.

 

OK thank you. A bit of honesty goes a long way with me. I am good to end it here with no hard feelings. That sentence right there is what has created the need that SandboxIe now fills.

 

Keep in mind, the purpose of this article is to educate my customer base of the risks and the tools available to mitigate those risks... Sandboxie is a great tool and I am the first to acknowledge this. However no tool is perfect and provides 100 % protection as all of them have vulnerabilities...

 

You are still downplaying it. Let's get our hands dirty. What would you do with these two? Each of these payloads can be delivered via disk (a family member) or email (with no visable attachment) or through web browsing (not Spectorsoft, but the bad guys have the same capability) One is a mere $99 and the other $69. I can handle them just fine with SandboxIE.
http://www.spectorsoft.com/products/Spector_Windows/index.html
http://www.eblaster.com/

 

Hey, I'm not downplaying anything... I'm simply saying that eventually someone will find a way around any security technology... It has never failed.

Besides as I have said, I have a lot of "Faith" in sandboxie... great tool.

 

Allright, that's cool. Hey with your computer know-how and my blind persistence, let's be constructive. lol As I understand it, each of these products and others like them are freely sold on the open market. They have an insane ability to capture literally everything you do and email it out. They do keystrokes, screenshots etc.

What's more, traditional A/V and A/S products (esp freeware) do not even scan for them - as it is considered 'A Parents Right To Know' and 'An Employers Right As He Owns The Computer'. But they freely sell them to anybody! What is the privacy minded world going to do?

In my mind if the current policy among A/V and A/S ware is not to even scan for them - I figure well what is the use of even using those products at all. I am not blinded by what is out there, or have some illusion of invincibility. It's the opposite, I want something that works - period.

My simple opinion is for computer security minded folks to stop all of the useless 'Firefox with No-Script and Key-Scrambler with or without Roboform' BS and lets start paying attention to what is real - and these products are the type that are real and are behind the increasing levels of identity theft.

 

Without downplaying the importance or effectiveness of sandboxes or other means to prevent the unsolicited transmission of keylogged data, why has no one in this thread mentioned the use of a properly configured two-way firewall? Does it not work? If not, please explain.

 

I guess, I cant please everyone no matter what I do to help...
Fact is the internet is a cesspool of individuals who would do nothing better than screw u in any which possible way they can get away with, and for the sheer pleasure of it...

I visit websites daily that try to install things in the background... so no script is a must and perhaps the only effective method to "prevent" those scripts from installing... I will certainly never vouch for a single application that work as an easy button/magic bullet as there simply are none...

As for using a firewall, any darn idiot on this side of the galaxy should already know that shouldn't they? ...Well actually no matter what some of you may think, I meet the ones who think they are even unnecessary...

So in the interest of all those that actually need to know, I wrote those articles... Be damned if some don't like it because they think their products are the second thing next to sliced bread or if they are pissed because I'm putting a monkey wrench in their pet botnet!

 

There is some explanation provided here.
http://www.spectorsoft.com/products/eblaster_windows/help/v50/webhelp/Firewalls.htm

 

Hermis, I never said not to use a firewall. And everything in your last post is a walk in the park for SandboxIE - without giving up 20% of the web.

 

Firewalls alone are currently inadequate as some new MBR rootkits are apparently transmitting through undetected.
Here is a working example described: http://www2.gmer.net/mbr/

 

I just wanted to say that execution control blocks all those keyloggers probably.
And NoScript is far from useless, but in the end you can think whatever you want.

SandboxIE, incredibly simple and powerful, one of my favorites of all times, is not the only solution, and it doesn't have the answer for all the problems.

 

Thanks, though I already know the basics of software firewalls and how they can be configured to restrict network acces to trusted programs. I just wanted to know if some of these keyloggers can somehow bypass them.

Thanks Hermes. In an effort to sift through all the techno mumble jumble of the page, I did a search for the words "firewall", "undetected" , "detected" and "bypass" with no success. Is there some evidence that the rootkit can bypass a properly configured firewall?

 

The problem isn't in the configuration, the firewall is completely bypassed, it doesn't process the packets.

 

Okay, thank you. I will attempt to find info on how this happens, only because I'm curious and feel the need to know