TDS anti-logger feature

Discussion in 'Trojan Defence Suite' started by Checkout, Feb 26, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    (Hmm...I could have sworn I'd already asked this!)

    Could someone please describe TDS's anti-keylogger feature?  I'm interested in knowing how it fares compared to "dedicated" anti-KL programs.

    Tx
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Checkout,
    As TDS owner, you can see they are in the detection list!
    So they are detected and measuers can be taken.
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Is the TDS manual online or only downloaded with the product?  I have all these good intentions to RTFM but only when my brain and body are synchronised in being awake, which doesn't happen as often as I'd like.  (In other words, I'm in the office but my laptop is at home, where I can't access the docs.)   :-/
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you look in the TDS Console | Help | Primary List and you do a search for keylog you find bunches of them, which are detected.
    TDS uses several techniques for it, checking traces, binded executables, dll libraries.
    The Helpfile comes with the product.
    If the laptop is not online, it will be rather difficult to access the files yes, in other cases you could maybe depending on your protection with a remote function.
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    By the time I get home I'm usually too (pick your favourite crude euphemism for tired) to remember good advice like this.  I'll try again tonight...

    Thanks.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So you'd like either a remote access to your laptop at home via internet either take it with you to look in daytime. :)
     
  7. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Jooske, in all the years we've known and loved each other, have I ever made you take on more daytime work?    :D
     
  8. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Thanks Jooske, had never looked at the primary list !
    Searching for keyloggers sure shows lots of them listed !
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I look in the forum trying to help with questions, day and night! :D
    For the TDS and WG part the DCS support emails, Helpfile, private members only Forum are a wealth of info to dig in and this forum is growing again as well for that goal.
    If i could, i would gladly look into matters in distance, why not?

    If you're not available in daytime, because of the job, and not in evening/night after work, because of being too tired, there must be some moment to look into these matters, and you'll agree, to open the TDS Console, | Help | Primaries | type keylog in the find window and press find and find next....... that must be possible......
    If that is too much, i'd certainly not go deep into system configuration matters and settings, as a little mistake is made so quick or overlooked.......
     
  10. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I counted over 90 keyloggers detected.

    Not bad.  For an unexpected feature, anyway.  Not bad at all.  Can I (yawn) get some sleep now, Miss?   :)
     
  11. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    That's quite an incredible number - I had no clue there were even that many keyloggers in EXISTENCE...
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks for the counting, i knew you'd be impressed :D
    Hope a next time you'll look in the Helpfile for the detection methods of them, very interesting read.
    Sleep well! and till next time!  :-*
     
  13. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I'm very interested in reading about TDS's detection methods, especially since the number of KL pgms seems to be rising on an almost daily basis (SpyCop reckons there are currently 244 it can detect).
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Now you know the Diamond guys are waking over our safety (many varieties might be detected by existing references, generally spoken) and your interested read, i'm sure you feel much more relaxed in daytime to have some energy left for your laptop at home!
     
  15. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I am working hard on adding a lot more spyware type programs, they are only added if they run invisible. Over the next few weeks we should see TDS detect a lot more of these as keyloggers
     
  16. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Good news.  Thanks.  Er...silly question...but may I presume DiamondCS will never bypass "authorised" keyloggers?
     
  17. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    They're supposed to belong to the category trojans, don't they? ;)
     
  18. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Wayne, it'd be good to have an answer to this question.
     
  19. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, Checkout!

    Point to ponder: I don't expect my AV program to detect all[/] Trojans. I don't expect my AT program to detect all virii.

    In other words, while an individual program might provide additional coverage for things other than what they were primarily designed for, I look upon that as the dessert - not the main course, as it were.

    The fact that TDS includes detection for over 90 KL'ing programs is quite impressive in itself (neither Tauscan or The Cleaner provide that many - I know, I own both of those programs).

    So I guess I'm wondering here, what's the thrust of your question about expanded coverage from TDS for keyloggers? Are you trying to decide whether to buy a separate  program for keyloggers or not? And holding off until you discover whether or not TDS is going to expand their coverage?

    Just a little confused here. Pete
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    See Gavin's remark above, covering lots more in the next couple of weeks. Great!
     
  21. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Yes.  Well, two reasons - firstly, TDS is a highly sophisticated product, so I'm hoping that the built KL detector will also contain a high level of sophistication, and perhaps be technically superior to competing products.  Secondly, I already have a number of products which overlap functionality (such as cookie control, ditching web bugs, etcetera) and I'd like to reduce the amount of duplication in case of conflict - and for performance reasons.
     
  22. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    No kidding Checkout! My system tray has 9 icons related to security.
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    There is so much built in TDS, uses only limited by our imagination, of course you can use it as your private chatbox as well, even communicating with possible infections if they ever come on your system, but it's a security tool in the first place.
    You've seen Gavin's remark about new references to be added, and what is written in the manual/helpfile already.
    You might like to see the KLs as a general item --there are already threads about KLs in other parts of the forum-- and eventually like to start a new thread there, "other security" would be an appropriate place for that. We might like to discuss other software there too and links to the archives of this forum, just an interesting thought.
     
  24. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Already have amassed a rather large collection of "Monitoring" programs, these may all be added as a new class rather than being called just Keylog.<name>

    TDS will soon detect as many of these as any other spyware/monitor software/whatever detection tool out there.. there may be a couple we can't obtain but the list will soon be huge :)

    Speaking of "authorised" keyloggers - if you refer to Magic Lantern then if we obtained a copy by submission then we would add detection. Many of the above tools that are going to be detected CAN be installed by parents, however we should still detect them for completeness. Thus my comment about a new class name (such as Monitor.<name>). This is to be decided when detection is added.

    Hope this helps somewhat :)
     
  25. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    This is exactly what I hoped to hear.
    Oh, you bet!  Many thanks.
     
Thread Status:
Not open for further replies.