Who's Watching Me

Discussion in 'privacy technology' started by luv2bsecure, Feb 9, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Checkout,

    Glad to hear so  ;)

    regards.

    paul

     
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Looking forward to a full test myself!

    I tossed those two posts I found into the mix only because I had finally gotten around to visiting the GRC forums for the first time in three days and they kind of leaped out at me.

    I, too, found the second one interesting, in that it was good to know that : "SpyCop does not go by filename, therefore autorenaming does not affect it's
    scanning capabilities." Apparently, auto-re-naming is one of the ways KL programs avoid detection and SC takes that into account.

    Sidenote to John - I'm all for programs that do the job quicker and easier, as long as I'm getting equal (at least) protection.
    The first post I linked to stated: "But it will not detect keystroke programs that are not in the public." (That was in reference to WWM). I took that to mean that the more sophisticated (pay) KL programs wouldn't be detected. Note: Have no idea whether the individual quoted knows what he's talking about or not - just thought it was an interesting comment. Haven't had a chance to get back there and follow the thread yet.

    Also, I recently had contact with someone who's had problems getting SC to work (he didn't try the trial version, first, and there seems to be a system conflict preventing the program from working - that could be why they have the trial version set up like they do (I'll keep us posted on that situation and SC's response to it, too).

    Anyway, I gave him the links for HookProtect, Anti-Keylogger and WWM to give him something else to work with while he gets the other sorted out (I'll let you know about that, too, if I hear back from him).

    Anyway, that's where I'm at with this - let's just find the best anti-keylogger program! Pete
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Amen to that - and preferably one which won't let MyJerk Lantern walk all over it.   :D
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Checkout - I'll tell you what - after reading up on all the capabilites of a program like WinWhatWhere ( http://www.winwhatwhere.com/w3i4/index.htm ), it's enough to give you the creeping horrors! Pete
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Hmmmm..

    Here's an idea.  To my great disappointment, my last one (Vegetarian) seemed to go down like a lead balloon, but nil desperandum.

    It would seem that anti-keylogging technology is in its infancy, and to date, the keylogger-writers appear to have all the advantages.  I'm not suggesting we can obviate signature files or hook detectors, but they've proven to be limited.

    I tip my hat to DiamondCS for the basis of this suggestion:  a sacrificial goat, like their .COM and .EXE programs which are created to see if they become infected.

    In this instance, I propose an application which accepts or simulates keystrokes while (at least apparently) being connected to the Net.  Scenario:  my antiKL app inputs 30 chars, malware sends 30.  My antiKL inputs 50, malware sends 50.  A few more tests like this and we know we've got a keylogger.  Suppose the malware encrypts, but that will likely involve a fixed proportional output buffer size increase relative to the input.  To put it more simply, if it costs two bytes to encrypt one byte, then we will see a string of ten characters input sent as twenty bytes of output.  A few tests like this, and for sure we'll know if we've got a keylogger installed.

    Thoughts?  Praise?  Brickbats?  Donations?  :)  Developers, even?
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Short update: I had my facts wrong as re: the individual who was having problems with SC - he was using the trial version, not the full program. I should be hearing from him again - keep you informed. Pete
     
  7. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    what if the keylogger logs the stokes to a file and sends the file out only once in a while? What if the keylogger waits for other thraffic so it can try to blend in? What if the keylogger uses raw sockets so that it becomes difficult to detect that packets are being sent at all?
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice remarks, UNICRON  :cool:.

    In the meanwhile, we have been asked to test and review just another anti-keylogging software: "anti-keylogger" by the vendors. One more on the "to do list".

    Anyone interested, have a look here:

    www.anti-keyloggers.com

    regards.

    paul
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Yes.

    Or, to put another way, we need to have s/w which clearly associates programs with traffic.  How wonderful that would be.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.