Sandboxie/Keylogger Question

My brother-in-law surfs and does his banking online using a Win Vista box using IE8 with NIS as his only protection. He has had a couple of viruses/trojans and I was considering putting Sandboxie on his machine for him to use only for his banking. He is not the kind of person who can answer a bunch of pop-ups so I have to make it very easy. I can do this with Sandboxie.

The question is: If he gets a keylogger on his machine outside the sandbox, can that keylogger intercept key strokes made on a browser inside the sandbox?

I assumed it can't but I want to make sure.

 

http://www.idvault.com/

 

Sandboxie is not designed to guard against keyloggers that are already installed on the machine outside the sandbox. See here for a detailed explanation: -

http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#KeyLoggers

http://www.sandboxie.com/index.php?DetectingKeyLoggers

 

He should install prevx with safeonline. That way, even if a keylogger is installed, his keystrokes won't be monitored/recorded while browsing sandboxed or not.

Works well with sandboxie.

 

Thank you all for the information. Logic told me that Sandbox could not protect from a keylogger already in the system and I am glad I asked.

I considered applications like IDVault but I'm afraid that is just too complex for him.

I downloaded Prevx Safeonline and tried to install it in a virtual OS but it did not install. I will continue to work with it to check it out.

Thanks again. If anyone else has recommendations, I would still like to know what they are.

 

Prevx safeonline for free: http://www.facebook.com/pages/Prevx-SafeOnline/254680228961

See prevxhelp's signature in the prevx forum.

 

To each their own, but I am highly against signing up to Facebook or any social network to get software free. You do NOT want to deal with Facebook's "We don't give a damn about your privacy, we'll share what we please" attitude. If anyone is worse about privacy than Google, it is them. As far as I know you have to create a profile to use Facebook, probably before you even get confirmed for an account. Configure Sandboxie to not allow anything to run or gain internet access besides the browser in the default sandbox, and keyloggers shouldn't be an issue.

 

KeyScrambler is the choice for him. With IE, even the free version will do its job.

 

Why well said!! Amen!!

 

For IE8

The smartscreen blocks about 60% of the malware, so keep it on.

Run IE8 with UAC in protected mode or create a shortcut with drop my rights on XP (http://www.symantec.com/connect/articles/reducing-browser-privileges)

Install keyscrambler Free for IE8

Install Trusteer Rapport Free, select block screen capturing, Validate IP address, security certificate, warn when log-info is used for partner and my sensitive websites. Set protect browser process to Allways, set Keyboard encryption and Send info to Never. Free version allows to add 50 websites. Add his online banking sites (add the https etc) and his favourite shopping sites.

Show him how to add a website to trusteer protection list

 

Does Trusteer work with Prevx also installed?

 

Wow! More great feedback! I had completely forgotten about Keyscrambler which I have on all my computers. I will also check out Trusteer Rapport some more.

As for Facebook, I am already on it, but I have never put any personal information on it other than my old e-mail address which half the spammers in the world already have.

Thanks again!

 

I did not manage to get the free prevx **, so I do not know how good it is or whether it can run together. I do know keyscrambler and Trusteer work well together.

Risk analysis using Keyscrambler and Trusteer with IE

What I do know is that with a reduced rights Internet Browser kernel based keyloggers and system wide hooks/keyboard hooks can't install. When you look at Malware Research Group test, keyscrambler Free circumvades/fools most (all) user space based keyloggers. Add to this the screen capture protection and process modifocaton protection of Trusteer and I am good for one thing: scripts gaining access over the clipboard. Starting from IE7, you can set the browser (IE7 or IE8 ) to prompt you when this happens.


Conclusion
So with a normal setup you reduce the risk substantially (reduced rights, keyscrambler free and Trusteer free). Add good hex practice to this and your are fine. Paranoids can use a policy (not a virtualisation) Sandbox or HIPS on top of this so they are 99,999999999999% sure they can't be touched by a keylogger.


** I use a second email address Spamkees01 when I get to much spam I delete and create Spamkees02 etc. This email address was not accepted by Facebook or PrevX as a valid email

 

Well that is the trade mark of a great application: it works silently

 

.
The default privacy settings for Facebook are still wide open, but they have made it possible to lock them down. For the savvy it's not hard. You could also cancel the account after acquiring Prevx SafeOnline.

More and more vendors are using social networking to advertise their products - don't you want to be Prevx's "friend"?

 

I agree though dw, took me half an hour or more to lock facebook down. Otherwise default privacy settings are just plain ridiculous.

 

This evening I tried Trusteer Rapport and Prevx SafeOnline in a VM. I received a message from Prevx that because Trusteer Rapport was installed it would set security to Medium level. After that everything seemed to go swimmingly.

Because I nave not tested this extensively, and I will be putting it on someone else's computer, so I thought I'd check here and see if you thought just one of these protections would provide enough protection, or if both of them together provide significantly better protection?

Any opinions would be appreciated.


NOTE: I will also be installing KeyScrambler.

 

The test results from the recent Online Banking Security Test carried out by MRG suggest that Trusteer Rapport will do nothing to enhance the much stronger security provided by Prevx SafeOnline. Instead the reverse appears to be true: If you run both, as you correctly stated, SafeOnline security level is reduced in order to avoid conflict with Rapport. The only advantage I can see to Rapport over SafeOnline is that Rapport is free.

The MRG test results can be found here: http://malwareresearchgroup.com/wp-...MRG-Online-Banking-Security-Test-Mar-2010.pdf

 

I've heard this complaint berfore, did it ever occur to people that they are able to enter details which are not necessarily correct?
Also, you can get it on that page with two clicks, no need for registering
Click get SafeOnline now, click download now, no need for email, license is built-in.