Author Topic: Zemana can capture keystrokes  (Read 23967 times)

Offline M.Richter

  • Comodo's Hero
  • *****
  • Posts: 331
Re: Zemana can capture keystrokes
« Reply #15 on: January 02, 2013, 09:56:47 PM »
in here i get the same result like chiron. i wasnt able to run it!

i use Win7 64Bit with CIS proactive mode and Sandbox limited + HIPS enabled

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #16 on: January 03, 2013, 05:31:50 AM »
Proactive mode
BB autosandbox untrusted
HIPS close or safe mode
Antivirus/Firewall default settings

Win8x64, zemana has logging ability

[attachment deleted by admin]

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2374
  • Comodo Commando
Re: Zemana can capture keystrokes
« Reply #17 on: January 03, 2013, 06:21:27 AM »
Actually, I now recommend at least 'Restricted'.

Okay, did you configure it exactly the way I recommended, including switching it to proactive configuration? That's what I did, including disabling the HIPS.

I see. Well 'limited' or 'restricted' all still below 'untrusted' so how can it be? That it protects better so to speak? Unless it's some bug in CIS.

I done exactly word by word what you written in your article including proactive configuration and HIPS being off apart from the level of restriction as I always use higher. Can you please check if you have anything enabled in your HIPS?

Edit: Better yet use the same settings as you do only put the restriction level to untrusted with HIPS being off and see what it does. We use the same system Chiron Windows 7 64-Bit.
« Last Edit: January 03, 2013, 06:29:03 AM by Seany007 »
Proud Comodo User (CIS, CD, CID and CMS)

Offline ComoJust

  • Comodo's Hero
  • *****
  • Posts: 274
Re: Zemana can capture keystrokes
« Reply #18 on: January 03, 2013, 09:20:21 AM »
Hi,

If I am using CIS 6 default settings, can Zemana  still capture keystrokes if I use the virtual keyboard in kiosk?

Thanks

Offline treefrogs

  • Comodo's Hero
  • *****
  • Posts: 550
  • Money.... it's a crime
Re: Zemana can capture keystrokes
« Reply #19 on: January 03, 2013, 09:23:49 AM »
Hi,

If I am using CIS 6 default settings, can Zemana  still capture keystrokes if I use the virtual keyboard in kiosk?

Thanks

Great point
I wouldn't think so
checking...
Windows 7 x64
CIS 6 - fully virtual/HIPS enabled
Virtual Dragon
Cyberfox

Offline treefrogs

  • Comodo's Hero
  • *****
  • Posts: 550
  • Money.... it's a crime
Re: Zemana can capture keystrokes
« Reply #20 on: January 03, 2013, 09:28:40 AM »
Virtual keyboard - no logging
Windows 7 x64
CIS 6 - fully virtual/HIPS enabled
Virtual Dragon
Cyberfox

Offline ComoJust

  • Comodo's Hero
  • *****
  • Posts: 274
Re: Zemana can capture keystrokes
« Reply #21 on: January 03, 2013, 09:33:25 AM »
Excellent no need for great tweaks for me.  I'll just use the virtual keyboard when doing online banking.

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2374
  • Comodo Commando
Re: Zemana can capture keystrokes
« Reply #22 on: January 03, 2013, 09:34:19 AM »
Hi,

If I am using CIS 6 default settings, can Zemana  still capture keystrokes if I use the virtual keyboard in kiosk?

Thanks

That's almost impossible with any keylogger. The kiosk is made in such a way that no keylogging can bypass it. Virtual keyboard is an extra protection.
Proud Comodo User (CIS, CD, CID and CMS)

Offline treefrogs

  • Comodo's Hero
  • *****
  • Posts: 550
  • Money.... it's a crime
Re: Zemana can capture keystrokes
« Reply #23 on: January 03, 2013, 09:43:17 AM »
Quote
That's almost impossible with any keylogger. The kiosk is made in such a way that no keylogging can bypass it. Virtual keyboard is an extra protection.

 :-TU
Windows 7 x64
CIS 6 - fully virtual/HIPS enabled
Virtual Dragon
Cyberfox

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #24 on: January 03, 2013, 11:07:17 AM »
Quote
That's almost impossible with any keylogger. The kiosk is made in such a way that no keylogging can bypass it. Virtual keyboard is an extra protection.

impossible is nothing.
there are many virtual keyboard sniffer tools.
comodo is new in this area, i didnt see samples but there are logger for kaspersky virtual keyboard. just example.


Offline BoredNow

  • Comodo's Hero
  • *****
  • Posts: 354
Re: Zemana can capture keystrokes
« Reply #25 on: January 03, 2013, 11:50:55 AM »
There are many ways that a trojan/keylogger can capture info.
Here's a list of ways it can be done...

http://www.aplin.com.au/neos-safekeys-v3/how-neos-safekeys-v3-works

but yeah, if you have the FW set to 'Safe' and D+ set to 'Safe' or better yet 'Paranoid' then nothing is going to be sent from your computer (without your permission  :P)

I just tried to run this test inside Sandboxie and it wouldn't run - not because I have it restricted, but because Sandboxie 'Denied access' to the program...I guess Tzuk programmed Sandboxie not to run certain things... ???
Home built gaming rig
Windows 7 Home Premium 64-bit SP1
CCAV
Sandboxie 5.6

Offline may-moons

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 95
Re: Zemana can capture keystrokes
« Reply #26 on: January 03, 2013, 01:17:56 PM »
Quote
but yeah, if you have the FW set to 'Safe' and D+ set to 'Safe' or better yet 'Paranoid' then nothing is going to be sent from your computer (without your permission  )

You said;

Quote
There are many ways that a trojan/keylogger can capture info.


and there are many ways to bypass firewall
dont trust too much your firewall ;)


Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2374
  • Comodo Commando
Re: Zemana can capture keystrokes
« Reply #27 on: January 03, 2013, 01:56:32 PM »
impossible is nothing.
there are many virtual keyboard sniffer tools.
comodo is new in this area, i didnt see samples but there are logger for kaspersky virtual keyboard. just example.



Name/show me one. Also the chances of it getting out with CIS are very slim anyway.
Proud Comodo User (CIS, CD, CID and CMS)

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2374
  • Comodo Commando
Re: Zemana can capture keystrokes
« Reply #28 on: January 03, 2013, 02:10:16 PM »
There are many ways that a trojan/keylogger can capture info.
Here's a list of ways it can be done...

http://www.aplin.com.au/neos-safekeys-v3/how-neos-safekeys-v3-works

but yeah, if you have the FW set to 'Safe' and D+ set to 'Safe' or better yet 'Paranoid' then nothing is going to be sent from your computer (without your permission  :P)

I just tried to run this test inside Sandboxie and it wouldn't run - not because I have it restricted, but because Sandboxie 'Denied access' to the program...I guess Tzuk programmed Sandboxie not to run certain things... ???

Hardware keyloggers are rare. And I bet CIS HIPS can find them.

Software keyloggers can be stopped by CIS. As CIS protects the windows kernel and find suspicious behavior in the windows ‘hooks’ also most of so called passive methods will fail. That is with the right settings in CIS.

Yet I still need to see so called 'virtual keyboard sniffer tools'.
Proud Comodo User (CIS, CD, CID and CMS)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Zemana can capture keystrokes
« Reply #29 on: January 03, 2013, 02:18:57 PM »
I see. Well 'limited' or 'restricted' all still below 'untrusted' so how can it be? That it protects better so to speak? Unless it's some bug in CIS.

I done exactly word by word what you written in your article including proactive configuration and HIPS being off apart from the level of restriction as I always use higher. Can you please check if you have anything enabled in your HIPS?

Edit: Better yet use the same settings as you do only put the restriction level to untrusted with HIPS being off and see what it does. We use the same system Chiron Windows 7 64-Bit.
Nothing is enabled in the HIPS, except what was enabled by switching to proactive security and restarting. I've attached a screenshot, showing that in addition to switching to proactive and restarting I also unchecked the HIPS.

I've also attached a screenshot of my BB settings.

[attachment deleted by admin]

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek