Jump to content
fiveover

KeyLoggers and SAS

Recommended Posts

Nick et al

I know KL's are many and difficult and many might be regarded as legitimate commercial tools and applications for same even going to security of home systems ....but....as per here:

http://www.wilderssecurity.com/showpost ... stcount=11

I think if its not too difficult, that an "detect/exclude/remove" option would be nice.

There seems to be many KL mals with identical methods to legit tools.

I assume that the any "dropper' app for the KL would be detected and we could reasonably expect out HIPS type tools to stop unauthorised outbounds.

I would be happier leaving it to you to detect these rather than trust other tools as default. :D

Thanks

Share this post


Link to post
Share on other sites
Nick et al

I know KL's are many and difficult and many might be regarded as legitimate commercial tools and applications for same even going to security of home systems ....but....as per here:

http://www.wilderssecurity.com/showpost ... stcount=11

I think if its not too difficult, that an "detect/exclude/remove" option would be nice.

There seems to be many KL mals with identical methods to legit tools.

I assume that the any "dropper' app for the KL would be detected and we could reasonably expect out HIPS type tools to stop unauthorised outbounds.

I would be happier leaving it to you to detect these rather than trust other tools as default. :D

Thanks

We are taking it into serious consideration to detect the keyloggers but set them to notify/warning and not auto-remove. The user can then make the choice what to do with the keylogger.

Share this post


Link to post
Share on other sites
Nick et al

I know KL's are many and difficult and many might be regarded as legitimate commercial tools and applications for same even going to security of home systems ....but....as per here:

http://www.wilderssecurity.com/showpost ... stcount=11

I think if its not too difficult, that an "detect/exclude/remove" option would be nice.

There seems to be many KL mals with identical methods to legit tools.

I assume that the any "dropper' app for the KL would be detected and we could reasonably expect out HIPS type tools to stop unauthorised outbounds.

I would be happier leaving it to you to detect these rather than trust other tools as default. :D

Thanks

We are taking it into serious consideration to detect the keyloggers but set them to notify/warning and not auto-remove. The user can then make the choice what to do with the keylogger.

I think that's a good idea Nick, as the keylogger issue is often used as a negative toward SAS.

The explanation for the detected KL would have to be very informative, otherwise it's just going to confuse the average user.

Share this post


Link to post
Share on other sites
We are taking it into serious consideration to detect the keyloggers but set them to notify/warning and not auto-remove. The user can then make the choice what to do with the keylogger.
I think that would be great.
The explanation for the detected KL would have to be very informative, otherwise it's just going to confuse the average user.

Agree, but not necessarily too verbose; if 'you' didn't put it there it ain't a good thing. Correct me if I am wrong but there is no reason to have KL like functions in any regular utility, although some may have similar functions.

Fifficult not to confuse a real beginner, but they could always post here.

Maybe add a little warning: "if you aren't sure about this then; Quarantine and check with the forum"

If the SAS detector found something like Hoversnap or snagit or other screen capture type proggie doing its' thing by name; that should be no problem; if it's something you dont know :x .

I am not smart enough to know how to do this stuff, but I have come to have great faith in SAS.

Regards.

Share this post


Link to post
Share on other sites

I think SAS's main drawback, especially with folks like PCMag, is it doesn't detect commercial keyloggers.

I for one think if you are an antispyware company, you should detect ALL keyloggers, ANY form of spying program.

With that said, SAS does detect the purely malicious keyloggers and screen capturing malware, doesn't it???

Share this post


Link to post
Share on other sites
I think SAS's main drawback, especially with folks like PCMag, is it doesn't detect commercial keyloggers.

I for one think if you are an antispyware company, you should detect ALL keyloggers, ANY form of spying program.

With that said, SAS does detect the purely malicious keyloggers and screen capturing malware, doesn't it???

Yes, we detect malicious keyloggers.

Share this post


Link to post
Share on other sites

Update ??

Any changes to this last comment?

Any options in the pipe?

Seems like Rat type logging mals have become very popular :(

@Nick: can SAS detect keyloggers?

Which ones?

Remove them?

Regards

Share this post


Link to post
Share on other sites

I think it is ludicrous and irresponsible to exclude commercial keyloggers. Commercial keyloggers are abused as much or more than the rest. Probably more often. If someone puts a commercial keylogger on my computer, it is malware....nothing more, nothing less. It is an invasion of privacy at best, and could be used to gain access to some very sensitive financial data. People use them all of the time for malicious purposes.

So what if they have legitimate uses? What does that have to do with anything? Businesses are expected to have them. So? There is no reason to hide it. Why hide it? How many people that work in call centers or wherever are even able to scan or add or remove anything? Everyone knows they are being monitored. It's no secret. Companies come right out and warn their employees, UP FRONT! It makes me wonder if antivirus, antispyware companies get some cash for excluding commercial keyloggers so that they can also be used for malicious purposes.

Share this post


Link to post
Share on other sites

Okay. I know I was being a little harsh with that post. But I have just recently found that several antivirus/antispyware products intentionally ignore malware. Just because some people use it for legitimate purposes does not make it any less malicious when it is installed on a private citizen's computer. It's like hiding a video camera in someone's bedroom. It's sick and people have a right to protect themselves from those who have no conscious and who have no respect for an individual's privacy. And it is reasonable to expect that an antivirus or antispyware product will protect you against all known malware. And if it doesn't, there should be a clear disclaimer that lets people know, UP FRONT, that if someone puts a commercial keylogger on their computer, they are not protected.

I use your product. I think it is excellent other than that it intentionally ignores commercial keyloggers.

I just looked up eblaster. Will it detect eblaster? Spector Pro?

Share this post


Link to post
Share on other sites

Okay. I appreciate the explanation. This is all little new to me. And I understand why they may want to white list ones used by the government. But the government is now filled with corruption and cannot be trusted. There is only one reason to con the American people into giving them the power to invade people's privacy any time, anywhere, for any reason, with absolutely no oversight or accountability. And it has absolutely nothing to do with child pornography or terrorism.

I think that people's email and internet connection ought to be like the US mail. It is a Federal Offense to tamper with someone's mail. And I think there should be a mandatory prison sentence for any government official intentionally abusing FISA or any other spying powers. As far as I am concerned what has been going on with the illegal spying is a type of treason. It is anti-American at best. But most people want to come home after work and watch "Wheel of Fortune" or whatever and are just to busy to notice.

I looked up Eblaster and they said you could do a remote install. So unless I am missing something, I could purchase Eblaster (a commercial keyloogger that has some legitimate uses), and send an email to someone, or however it's done, and install it on their computer.

But anyway, Prevx says that they try to catch everything, including commercial keyloggers.. And I guess Zemana and Keyscrambler Premium are suppose to be top notch. I don't know how to use a HIPS program, but that's on my immediate list of things to learn.

Thanks for the info. I realize that Superantispyware is a good program. And I will probably buy the paid version. But I do not like it that they, or anyone else would whitelist ANY keylogger. No matter who it is from. If a law enforcement officer has a legitimate reason, or probable cause to suspect wrong doing, then let him go and get a legitimate warrant and go get the computer. If he is not up to anything illegal or un-American, then he shouldn't mind, right?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×