Through the Eyes of a Keylogger versus CFP

[Guest]

[aigle]

http://www.aplin.com.au/?page_id=531

It seems interesting. Tried it with CFP v 3.8.64739.471.

1- Keys logging -- CFP PASSED
2- Logging of Applications launched n web sites visited --- CFP FAILED
3 Clipbpard logging ---- CFP FAILED
4- Screen capture ---- CFP PASSED

Wish to be fixed soon.

[valldemossa]

Only one passed on my test was Screen Capture.

[DarthTrader]

CIMA doesn't find anything suspicious: 
http://camas.comodo.com/cgi-bin/submit?file=7d3f383325ef581ee269a197f628564e3f56f59102599ef3901860a6e4345736

[The Joker]

CIMA doesn't find anything suspicious: 
http://camas.comodo.com/cgi-bin/submit?file=7d3f383325ef581ee269a197f628564e3f56f59102599ef3901860a6e4345736

A keylogger is not bad itself! But still a keylogger, something that a HIPS should take care of.

Otherwise, only because the AV component (or CIMA) doesn't say that the keylogger is bad does it mean it's good?

[mjj09]

It would be best to have it detect such things

[HeffeD]

I'm a bit on the fence with Keyloggers. There are so many valid uses for them.

Instead of just flagging the keylogger simply because it is a keylogger, I'd prefer the security application to be smart enough to discern the good activity from the bad and flag instead on the malicious behavior. Although as we all know, that's a pretty tall order!

[mjj09]

How does one separate the good keylogger and the bad keylogger? Both can collect usernames and passwords, credit card info, name, address, DOB, SSN's, etc. Both can send that information to a 3rd party server. etc, etc, etc

I think it's best to detect them, notify the user, and let the user go in and put it into the exception list if they want to keep it.

[HeffeD]

How does one separate the good keylogger and the bad keylogger?

That's my point. Pretty much an impossible request.

[LaserWraith]

I think all keyloggers are bad...if you are spying on someone else that you have no right to spy on.

[Lasse88]

That's my point. Pretty much an impossible request.

SuperAntiSpyware does that.
(if your talking about only D+ to tell the difference, ill say your right)

[HeffeD]

I think all keyloggers are bad...if you are spying on someone else that you have no right to spy on.

Well, you see... That's the point. There is more to a keylogger than spying on someone...

For example, any program that has a macro recording feature is, you guessed it! A keylogger! It needs to monitor keypresses in order to build the macro. Nothing to do with spying on anyone, and a completely safe and legitimate process...

This is what I meant by my distinction. I wish an application could discern between harmless keylogging such as a macro recorder and those malicious keyloggers that are spying on you.

[LaserWraith]

Maybe by which ones connect to the internet to report it....
I don't know how else, except by using sigs.  

[mjj09]

or do the reverse and have a white listing of known "good" keyloggers... uhhh macro's

[LaserWraith]

or do the reverse and have a white listing of known "good" keyloggers... uhhh macro's

Have both!   


Now all we have to do is get them to do it. 

[aigle]

I'm a bit on the fence with Keyloggers. There are so many valid uses for them.

Instead of just flagging the keylogger simply because it is a keylogger, I'd prefer the security application to be smart enough to discern the good activity from the bad and flag instead on the malicious behavior. Although as we all know, that's a pretty tall order!

That is impossible.

[Tags:]