Keylogger defeater

I think it would fit very well with Comodo’s business philosophy to develop a keylogger defeater like the one QFX Software has developed. Maybe there is no need to, as KeyScrambler works well, but it costs (if you want other strokes than usernames and passwords protected) but well, there are free firewalls available, yet Comodo has developed a free firewall as well.

I at least wanted to utter the idea.

Well, KeyScrambler is not the only good anti-keylogger. I am using http://www.anti-keylogger.com and really like the way it works. As for the money, it is actually normal that good products cost some money. But you should always be able to compare the cost of the software with the potential losses that you will bear if someone interecepts your credit card number using a keylogger…

I’m not sure that a separate keylogger is necessary with CFP installed,defence+ should prevent any KL installation.However it’s a good idea for those that aren’t using the firewall and would fit in with the Comodo philosophy.

I would ask you to develop something like sandoxing product, which could for example isolate our browser entirely from the real pc like greenborder or sandboxie do. It would be great to have such free product, especially if it was that good as comodo firewall.
And it would be great if you developed some antiphishing technology, or more exact a tool or program, that would block load of any known malware-infested webpage in web browser.

That is more a joke than a preposition, but what about a stealth-like no jscript web browser alternative to firefox heheh… I know, sound it would not have any chanse of getting much users…

that is from me
enjoy yourself a bit time

Sandboxing is interesting…
Antiphishing is interesting…
as to sites with malware: well, cpf will prevent any malware anyway even if the user goes to a site, so isn’t it redundant?

thanks
Melih

A Comodo browser sandbox would seem like a logical step to me,it could be implemented both as a component of CFP and as a standalone product.I’ve had mixed results using external sandboxing utils alongside CFP,Bufferzone and SafeSpace causing system slowdown,SandboxIE runs ok though. (V)

Oh, I did not think of that. Thank’s to inform/remind me.
I guess I do not know how efficient comodo firewall actually is. Great to hear more news on and on…

The danger here is if the user himself decides to install something which turns out to be a keylogger…

yes thats where you might require a detection based technolgy…when you are running uknown programs…

melih

Yep there is a chance that CFP may fail. So it would be better to complement CFP with an AV.
Hopefully the number of detected keylogging techniques will increase since CFP is an evolving product and there is still space left for improvements.

BTW do you have any Keylogger PoC you tested against your product of choice?
It would be nice to post them all in this topic.

I only have one .Net sample CFP isn’t able to catch. I heard of another one different from Anti-Keylogger Tester but I cannot manage to find it.

I can’t recommend Avira/Avast because this is a comodo forum. CBOclean is not bad but that isn’t my point, I’m referring to all those excuses about CAVS’s poor performance…

Matt,

My problem is with this artificial hype about “focusing on prevention” where prevention is defined in such a way that it does not “prevent” you from infection if you choose to run a program that turns out to be a trojan.

Leaving aside the strange fact that protection from such infections are called “detections” according to comodo’s scheme, are we pretending that this isn’t a serious problem?

Hey Luketan,

I can't recommend Avira/Avast because this is a comodo forum.

As a point of fact, you can recommend a non-Comodo product on these forums.

This has never been prohibited and AFAIK never will be.

Please feel free to post your recommendations.

Ewen :slight_smile:

The point about the inherent shortcomings of a prevention strategy had some validity though.The weakest point of such a method will always be the user that insists on running or installing ‘abc.exe’ or ‘123 codec’ in order to run a game or video for example,despite warnings about unknown processes flashing up.

Ultimately people need protecting from themselves which requires some form of detection.

Categorically.

“To find out if something is truly fool-proof, first add a fool.” :wink:

Detection must play a role in any security environment, along with removal and prevention.

Ewen :slight_smile:

I guess we’ll not see any keylogger PoC posted in this topic.

Anyway as soon as CFP is going to improve I’m going to experiment with a behavioural enforcement approach and other side-aspects of CFP.

Examples are not always as clearcut as this. How about a security program, someone tells you is the newest hottest anti-rookit? You see warning about drivers installing and all that, but that’s usual for this kind of program right?

How about a trusted software site being hacked and replaced with a trojanised copy (happened more than once before), or a case where something malicious accidently slipped into the code of a trusted updated program?

Also there is nothing inherently dangerous in an “unknown process”. What is REALLY keying you off that something is wrong is not the “unknown” factor, but rather you are not expecting the process to run.

If you just double clicked a exe, there is nothing inherently dangerous about this “unknown process”, after all you wanted it to run, so it runs…

Quite so,I like that one (:LGH)

Do it fool-proof? We don’t construct things for fools ;D

Sry, I couldn’t resist.

The problem with fools is that they are so 100% adamantly sure that they aren’t fools…

Yes, indeed :slight_smile: