Virtual Desktop

Does Virtual Desktop by itself protects from keylogging/keystroke capture or Virtual Keyboard use is necessary?

I way I understand it, though I haven’t tested this myself, is if a keylogger is installed and running inside the sandbox it will be able to capture keystrokes from other applications running inside the sandbox and not those running outside the sandbox. But if a keylogger that is installed system wide running outside the sandbox is can capture keystrokes from applications both inside and outside the sandbox. In either case, using the onscreen virtual keyboard should prevent keyloggers from capturing keystrokes regardless if a keylogger is running inside or outside the sandbox. So your best bet would be to use the virtual keyboard inside the virtual desktop.

However the firewall should prevent any thing being captured from leaking, provided the user answers the pop up correctly for an unknown program i.e. block/close.

Avast guys say their SafeZone by itself protects from keylogging/keystroke so there is no virtual keyboard inside SafeZone.

I think would be better if Comodo VD protect by itself.

The only protection from key logging is key encryption. Period. No major vendor offers this protection along with there IS Not One. I have heard all these users say with Comodo your protected. Once an application is trusted all bets are off. Using a product like free Zemana Anti Logger only allows encrypted dialogue between the keyboard and the application in focus using KeyCrypt SDK . Comodo can not protect you once something is made is trusted.

Edit :The former is meaning from the default config. With Hips rules in place then that’s a different story.

That’s right. With D+ HIPS, any malware, e.g., keylogger, needs a vector to get onto the system somehow, i.e., something is putting something someplace. Something needs permissions to do that. Then the something that is put someplace needs to run; something needs permissions to execute whatever that is. Once that something has executed something else, it will then need access rights to the keyboard and whatever else it needs for its dirty deeds done dirt cheap. Finally its doing something with that stuff and needs permissions to do even that.

Ultimately whatever is done with whatever something did has to get somewhere in the cloud. Something will need to do that, and it will need internet access. Whatever it is doing that will need permission to do so. Once internet access permissions are granted, whatever it is will want to phone home to where home is. The Firewall will alert that something wants to go somewhere on the internet with this or that internet communication protocol.

If somebody allows all that without question - not knowing what it is they’re granting permissions to or what is phoning home and where home is - they deserve whatever they get. But A/V database may backstop all that by throwing a flag on the play, i.e., one or more of those things that happen are malicious. But I’d not hold my breath on that; its a Hail Mary play at best.

It boils down to how tight one’s configuration is; the looser it is the more convenient and ease of use exists - the more prone one is to this sort of stuff - but with minimal knowledge required, however, the tighter reign one keeps on their system the higher degree of alerts and configuration / knowledge required with the tradeoff being the less susceptible one is to such threats.

Agreed. CIS depends on the power of the users knowledge.Understanding the functions exactly is very important. A more powerful consumer based product has never been made available when the time is taken to fully understand the configuration possibilities. The HIPS is powerhouse. To control the HIPS is to truly control the operating system.

Just an opinion

Furthermore, once something is considered to be trusted on a system, then its continued credibility is only viable so long as its integrity can be assured.

Once the assumption is made that any arbitrary image is trusted, and credible, its integrity is assured by restricting access by it, and to it, from and to anything else. So as long as all other app attempts to modify any arbitrarily established trusted image are closely monitored, and hindered, the integrity of the app is assured. But CIS goes one further, it maintains integrity by hash. In a trillion mega-quad sized file, a single bit flipped changes the hash, and the original trusted, credible app has lost its integrity. And whatever rule set up for trustedApp.exe will no longer hit; the hash for trustedApp.exe will no longer match the compromised trustedApp.exe. Big red warning flag in the gale wind my friends.

There are several system critical apps, e.g., regedit, that I trust implicitly and have elaborate HIPS rules established, but will not allow explicit execution privileged by any image, and only can execute with my allowing the alert.

That notwithstanding, certain Windows components, e.g., Dr. Watson, do need elevated resource access rights without generating oodles of alerts. However, the ability of such components being modified need to be restricted with extreme prejudice; they having the keys to the Kingdom.