iTunes acting as keylogger?

cyclist · March 12, 2007, 4:12pm

Since upgrading to version iTunes 7.1 my Comodo firewall (2.4.18.184) keeps alerting me about security considerations. This happens whenever my browser (Opera or Firefox) wants to connect to the internet AND iTunes is running. The firewall reports that “C:\Program Files\iTunes\iTunes.exe has loaded iTunesKeyboardCompatibility.dll into Opera.exe using a global hook which could be used by keyloggers to steal private information.”

Could this be a false positive?

Windows XP Pro, SP2.

Little_Mac · March 12, 2007, 4:31pm

cyclist, welcome to the forums! (:WAV)

What you’re seeing from CFP is not a warning that the application is a keylogger, only that the connection behavior resembles something a keylogger would do. So in that respect it’s not a “false positive.”

It may, however, not be something to worry about. A lot of times when an internet-capable application (such as i-Tunes) is running, and your browser or email is opened, the two interact in a way (an internal communication) that makes CFP say, “Whoa there! You’re not supposed to be doing that!” as an aspect of Application Behavior Analysis. Some people see this from their mouse software when they use the mouse to click on things in their browser. The general rule of thumb is that if you know the application(s) in question, it’s safe to allow. If it occurs regularly, and you deem it to be safe you can allow with “remember” and should not be bothered with that specific one any further.

LM

cyclist · March 12, 2007, 4:50pm

OK, thx for the swift reply!

Little_Mac · March 12, 2007, 5:01pm

No problem!

LM

zakman · May 25, 2007, 12:24am

I saw the same thing. But how do I know if this ituneskeyboardCompatibility is valid or not? I don’t trust itunes any more than any other program.

system · May 25, 2007, 12:36am

Hi zakman, welcome to the forum

To be honest, unless you have written the code yourself, every program could be considered suspect. Sometimes you just have to have a little trust. If the Applications are well known to you, then you are probably ok allowing the connection.

I imagine that if a program like iTunes had an embedded keylogger, it would be all over the Internet about 30 seconds after discovery…

zakman · May 25, 2007, 12:40am

Thanks Toggie. You’re probably right (well actually, you ARE right). But I just don’t like it when programs run things in the background for no apparent reason. Probably some feature I don’t care about. Oh well, if I were ruler of the world, things would be different… (:AGL)

MC1 · May 30, 2007, 6:58pm

I suppose that they are just using the monitoring technology that looks like keylogging to anti-viruses. I would recommend you to download one of anti-keyloggers from here: www.anti-keylogger.org and make sure that you do not have any of them