OT: disabling API's to prevent keystroke logging
yirg.kenya
below, the API's that allow the keyboard to be turned into a
controller?
The NYTimes had an article today, http://tinyurl.com/ycamp5y , about
companies that provide services of preventing identity theft in the
first place, beyond the usual.
One company provided a safe, so they claim, web browser sandbox. Said
the Times:
"Computer programming interfaces known as A.P.I.’s, which game makers
can use to turn keyboards into controllers, for example, are turned
off because “keylogger” programs use them to capture information."
My fear of keyloggers was further amplified as one person in this
group mentioned previously that (most?) AV/malware prevention programs
do not monitor "valid" commercial keyloggers. So who might know this
and try to surreptitiously install such a keylogger on your system.
Right.
I verified this in one case by emailing malwarebytes who stated
exactly this (that they don't monitor legitimate keyloggers) and that
they had no intentions of doing otherwise, or even provide an option
to do so.
RnR
First I don't know beyond the usual but here's my thoughts....
Google on browsing on a encrypted line. I think if you could do this,
it would work in the "practical" sense.
Next see if a proxy would help. I have doubts on this but Google will
answer that.
Last see if a virtual disk / OS would help. I have doubts again on
this.
Beyond this, haven't got a clue without researching more. You could
talk to your ISP but keep your fingers crossed. And see if Versign or
the like might provide some info on this.
William R. Walsh
> My greatest fear is keystroke logging. How can I turn off/disable, per
> below, the API's that allow the keyboard to be turned into a
> controller?
This is an irrational attitude, driven by excessive fear. It's also
not a sensible thing to do. Please read on.
I (and others) have mentioned several good things to do that will
drastically improve your security and reduce the risk of becoming the
victim of malicious software. Have you done any of them or considered
their implementation? Doing some or all of the suggested things would
be a great starting point.
I don't mean to sound harsh, but you have asked this question
regularly and have yet to provide any feedback about what you have
done to try and mitigate the problem. All you do is repeat the same
statement, that you are concerned about keyloggers.
Now, I'm not really into programming, so some of the more technical
stuff here runs the risk of being incorrect if examined closely
enough. But the general idea should be right.
An API is a documented method within an operating system, library or
program that facilities interaction between them and another program.
It can be easier to take advantage of an API than to accomplish what
you are trying to do manually. In some cases, it's essential that you
work with one unless you want to re-implement a given program or a
portion of it within your program. They are basically a time saving
methodology that saves a programmer the effort of reinventing the
wheel--and it also reduces the number and likelihood of errors that
are made.
Disabling them will be difficult--you'll be attempting to modify the
operating system, runtime modules or whatever else that might provide
an API. And if you're running anything other than an open source
operating system, this will verge on the impossible.
> The NYTimes had an article today,http://tinyurl.com/ycamp5y,
> about companies that provide services of preventing identity
> theft in the first place, beyond the usual.
A lot of these companies do nothing more than things you can do
yourself, and at least some of these things do not cost you a thing to
do. You should carefully study any of them that you plan to do
business with, if you plan to business with them. I'm not saying that
the New York Times is an untrustworthy source, just that their
reporting on the existence of companies providing these services
should not be construed as an endorsement.
I'd look at the URL to make a more informed comment, but I'm having a
great deal of trouble getting it to come up at the moment. The site
appears that it may be overloaded or partially down. As it is, I'd be
surprised if a company such as LifeLock hadn't been mentioned.
> One company provided a safe, so they claim, web browser
> sandbox.
So *they* claim. That needs to be investigated by an independent and
impartial party who is equipped to do so. But I already find it
suspicious. It is very likely that this is nothing more than a scheme
to provide some minorly to moderately effective software of some kind
to people who are scared beyond reason by a problem that they do not
understand, and to relieve them of a few dollars in the process. In
other words, such software is largely a placebo.
> "Computer programming interfaces known as A.P.I.’s, which game
> makers can use to turn keyboards into controllers
A keyboard *is* a controller by its very purpose and definition.
They're not "turning" it into anything that it isn't already. Any time
you use it, you are controlling the computer with it.
You might use an API to listen to what is coming in from the keyboard
because it's easier to do it that way. Your operating system supplier
has done all the hard work of talking to the keyboard handling
hardware, dealing with how the keyboard might be connected, turning
keyboard scan codes into sensible characters and all of the gritty
technical details of how keyboard hardware works. In this case, the
application programmer is saved from having to know everything about
how keyboard hardware works and how to program it on a low level. Why
reinvent the wheel if the operating system can tell you what you want
to know, quickly and easily?
Whatever method they may be using to "turn off" APIs probably involves
hot-patches of live code that is presently running. This is a very
risky thing to do, it's very fiddly to implement, and it's prone to
breakage for any currently supported software that may be updated or
revised as time goes by. If it's not done right, the failures can be
spectacular. Some of the mechanisms involved are not going to be very
tolerant of errors.
I also doubt it's highly effective. As long as an application can
register input from the keyboard, there *will* be a way to tap it and
possibly redirect it to points unknown. The approach they are using is
only likely to stop programs that receive input from the keyboard on a
high level basis. Any application that installs a driver (low level
software) to process and possibly intercept keyboard inputs will
circumvent whatever "prevention" method they use.
> My fear of keyloggers was further amplified as one person in this
> group mentioned previously that (most?) AV/malware prevention
> programs do not monitor "valid" commercial keyloggers. So who
> might know this and try to surreptitiously install such a keylogger
> on your system.
Who are you going to give access to your computer to do such a thing?
And have you taken any measures at all to make this very difficult to
do? There are lots of things you can do, many of them mentioned every
time you've brought this up. For starters, you can lock your computer
in a room to which only you have a key.
Maybe if you really feel this way, the best thing you can do is sever
your connection to the Internet and leave your computer disconnected.
Or set aside a computer that will remain disconnected and use it for
the handling of whatever sensitive information you might have.
You can be afraid, and probably get into trouble or you can do
something about it and rest easier. Nothing will make you 100%
bulletproof against someone possibly putting a software or hardware
keylogger into your system, but you can raise the bar quite a bit and
make it a LOT more difficult to do. You can also become informed about
the ways in which keylogging is possible and decide what you want to
do about them--by reading and studying from impartial sources. Again,
those things have been mentioned here. It's up to you to decide what
you want to do out of the options presented.
> I verified this in one case by emailing malwarebytes who stated
> exactly this (that they don't monitor legitimate keyloggers) and that
> they had no intentions of doing otherwise, or even provide an option
> to do so.
That is one vendor out of many, and if you don't like their policy,
the answer is simple: don't use their software. And if you really feel
like it, make it a point to suggest to other people you know that they
should not use Malwarebytes software either if they have the
expectation that it will remove such software.
Not all vendors are going to behave the same way. Ask around if you
really want to know, and see what they have to say.
William
Bob Villa
> My greatest fear is keystroke logging. How can I turn off/disable, per
> below, the API's that allow the keyboard to be turned into a
> controller?
>
> companies that provide services of preventing identity theft in the
> first place, beyond the usual.
>
> One company provided a safe, so they claim, web browser sandbox. Said
> the Times:
>
> "Computer programming interfaces known as A.P.I.’s, which game makers
> can use to turn keyboards into controllers, for example, are turned
> off because “keylogger” programs use them to capture information."
>
> My fear of keyloggers was further amplified as one person in this
> group mentioned previously that (most?) AV/malware prevention programs
> do not monitor "valid" commercial keyloggers. So who might know this
> and try to surreptitiously install such a keylogger on your system.
> Right.
>
> I verified this in one case by emailing malwarebytes who stated
> exactly this (that they don't monitor legitimate keyloggers) and that
> they had no intentions of doing otherwise, or even provide an option
> to do so.
I don't know if this program was mentioned...but you might want to
take a look.
http://download.cnet.com/Sandboxie/3000-2144_4-10371434.html
bob_v
RnR
William, I didn't want to say it but I agree with you. I think
worrying about keylogging beyond good firewall/antivirus/antispyware
programs is getting paranoid. I won't say it's stupid but I think the
keylogger would have to first get onto your system and then report out
and a good firewall will stop it from getting on your system or if it
gets by the firewall somehow, will do packet sniffing and at least
tell you something is actively trying to get on the internet going
outbound. I know mine does and it identifies the culprit and asks me
for permission unless I previously said okay.
William R. Walsh
> William, I didn't want to say it but I agree with you.
Why? Is that a bad thing? <grins>
> I think worrying about keylogging beyond good firewall/antivirus
> /antispyware programs is getting paranoid.
It really is. I hope that as concerned as the original poster is that
they have taken to heart some of the advice offered here. I don't
stand to gain by anything that I say, and the advice I offer is
provided in good faith (but with no guarantee as to anything) and at
no cost to the person who asked. I've tried hard to offer reasonable,
sound advice with little bias.
Once you've taken reasonable precautions, asked the questions about
any software you are planning to use to see if it fits your
requirements and secured your computer as you deem fit, you've really
done just about all you can do. After that, it's in the hands of the
people and systems handling your information.
You can do very little about those, and to expect any sort of law or
legislation to do anything about it is foolish. (Trust me on this one,
as I've got good reason to say it.) You have to hope that the sytems
in question are being operated in a competent manner, where good
security practices are seriously enforced.
> I won't say it's stupid
Neither would I. Being concerned about security is never stupid,
although it can be taken a bit far.
> but I think the keylogger would have to first get onto your
> system and then report out and a good firewall will stop it
> from getting on your system
And that's a start. Getting the keylogger into the system is the hard
part. The easiest way is to gain access to the actual system and find
a way to plant it. Drive by downloading is also possible. I'd call a
drive-by download of such software more difficult and less likely than
someone gaining access to the computer.
I'm not a huge fan of firewall software that does application level
blocking because it can cause a false sense of security and many users
won't have any idea if a given process should have access to the
network. The complexity of it over a built in solution also puts me
off--the more something does, the less successfully and reliably it
may end up doing it. If you do use such software, I recommend pairing
it with a hardware device or "appliance" that also provides firewall
services.
That's another posting entirely.
William
yirg.kenya
a time
(1) I've written a lot about this.
The only postings I've done on this, unless memory fails, was from the
thread here on 9/29.
(2) Have I done what's been previously suggested?
I guess I wasn't clear here. I've always (well, for the last many
years) done everything that was recommended. My system is quite locked
down. This includes a h/w firewall (I check out the settings), s/w
firewall, Avira AV (auto runs a complete scan nightly), malwarebtyes
(run manually every few days), windows defender (recommended by CR
whose testing in these types of matters I trust--but let's ge into the
value of CR. Personally, I think it varies greatly depending on what
they are testing.).
I do the usual of not clicking on any emails, attachments, etc. that I
don't recognize. However, I have been in the situation in which I've
mistyped a url and wind up being informed by the AV program that I've
just reached a known unsafe site. Also, I've visited supposedly good,
recommended by friends, sites that have resulted in interventions from
the AV.
Now all my passwds are saved by the browser (recommended both in the
NYTimes article and elsewhere (can't remember) so that I'm not
continually typing them in. But, firefox on this particular machine
isn't cooperating, another issue that I have to figure out.
Lastly, I browse only in private mode in firefox, and, to avoid
additionally being tracked, use theTACO and ghostery add-ons. Maybe
I'll move on to an anonymizer.
(3) my worrying about keystroke loggers is irrational.
(a) Each to their own, but I don't think so, because however unlikely
the event the cost can be devastating. You know, $0 in your various
accounts along with all your credit cards maxed out, etc. Years of
recovering from identity theft, your credit rating ruined, etc., etc.,
etc.
In other words the mathematical expectation--(speaking informally) the
likelihood of the event times its value/meaning is high. The event
probability--a keystroke logger being installed, someone using your
info, may be extremely low. But its consequence can be even more
extreme. To me, anyway. It's the same as why dams are (or should be)
overbuilt.
(b) In the previous thread I mentioned the hotmail passwd theft. I
provided the link to an article about a researcher who had some (not
complete) evidence that it was more likely keylogging than microsoft's
explanation of phishing attacks. http://tinyurl.com/yb8rl75 I will
quote this below again. Remember, it wasn't her just spouting this.
She had some justification for her view. (If you disagree with her
reasoning, I'd be interested in knowing why as I definitely want to
have understanding of these issues.)
Btw, I have googled keylogging but there's a ton of info a mostly ads.
It's impossible to wade through. I tried. (But if anyone else can find
something there, pls let me know!)
(4) Your system can never be perfectly secured
Sure, but whoever thought otherwise?
The greatest practical worry are zero-day viruses/malware.
Even, btw, having a computer in a locked room is no guarantee of
protection. There's always forcible physical entry. You know, they
overpower security, break down the doors, etc. Happening at my house
all the time. I've dealt with security issues in my work as a software
engineer.
(5) Disabling the API that allows control of the keyboard
It was late last night when I wrote my post but I work with API's
everyday, though in completely different areas than these. I should
have mentioned that I have 30 years experience as a software engineer,
primarily in Unix operating system kernel development with a
specialization in virtual memory. But I also worked for a company that
dealt with a sandbox approach to viruses in the windows environment.
Product (Green Borders) was very technically successful and the
company was eventually bought by google so the principals got rich.
I've never seen it in the field since.
So why concentrate on the API if there are other ways to
surreptitiously install a logger?
Because doing so seems to be a common idiom (used by games
programmers) and so is likely to be a familiar technique. Again, it's
a matter of doing what you can.
Disabling the API may be a difficult task (after all, programmers get
paid for stuff like this), but then again, it might not. There might
be some simple setting that controls various APIs. Or, firefox might
have an add-on, or Microsoft might have a new power toy. I was hoping
someone might know, one way or the other.
Yes, the keyboard hqw a controller, but the question is are there
ways, in particular known, easy methods of a program's gaining direct
control of it that allows keylogging. Particularly if it circumvents
the usual protections to directly accessing h/w other than through the
operating system API, i.e., system call.
(6) malware doesn't monitor legitimate keyloggers so find one that
does
Right, they are only one vendor and maybe the others do. But one of
the replies to the previous thread said, iirc, that he thought that
most AV vendors do NOT scan for legitimate loggers which is why they
are the ones that would attempt to installed. That's why I contacted
malwarebytes. One person also said, iirc, he couldn't find or figure
out if macaffee or symantec did so or not.
(7) Some personal experience with threats, etc.
Just two days ago I got a positive on Avira's nightly scan plus two
dynamic hits during the day of trojan horses. First time in months.
One of the trojans was: one was Spy.512000.20. I didn't record the
others.
My sons 23 and 25 and out of the home didn't take protection seriously
until recently one's girlfriend's machine got completely taken over to
the extent it couldn't even boot into windows. Now they follow my
practices, more or less.
I not only worked at the sandbox company, but have had several
projects in my operating system career that had to meet mandated
government security requirements at specified levels per the security
standards, including one jointly shared by the FAA and the military.
I've also been signed up for quite a while.to receive email on
security issues.
(8) Why I ask in this group.
I've received terrific information here from the many knowledgeable
people who inhabit the group! So it's often my first stop. I
appreciate the responses here too. This group has one of the highest
signal to noise ratios around!
(9) The article again about the researcher who though it more likely
that the hotmail passwd theft was from keylogging:
Researcher refutes Microsoft's account of hijacked Hotmail passwords
Could botnets, keylogging be to blame for password leaks?
Gregg Keizer
October 7, 2009 (Computerworld) One researcher isn't buying
Microsoft's and Google's explanation that hijacked Hotmail and Gmail
passwords were obtained in a massive phishing attack.
Mary Landesman, a senior security researcher at San Francisco-based
ScanSafe, said it's more likely that the massive lists -- which
include approximately 30,000 credentials from Hotmail, Gmail, Yahoo
Mail and other sources -- were harvested by botnets that infected PCs
with keylogging or data stealing Trojan horses.
Landesman based her speculation on an accidental find in August of a
cache of usernames and passwords, including those from Windows Live
ID, the umbrella log-on service that Microsoft offers users to access
Hotmail, Messenger and a slew of other online services.
That cache contained about 5,000 Windows Live ID username/password
combinations, said Landesman, who found the trove while researching a
new piece of malware. "From the organization [of that cache] and what
the data looked like in raw form, I think it's more likely that this
latest was the result of keylogging or data theft, not phishing,"
Landesman said.
She dismissed the idea that the passwords had been collected in a
large-scale, industry-wide phishing attack, as Microsoft and Google
both maintained.
"Another indicator is the sheer number of compromised accounts,"
Landesman said, referring to the two lists that have gone public.
"Phishing is not generally a wildly successful scam, it doesn't have a
big return. People are more savvy about phishing than we give them
credit for."
Instead, it's more logical to assume that the passwords were acquired
by botnet operators, who hijack PCs using security exploits, then
later plant data-stealing malware on those machines. "That's a much
more realistic source," said Landesman. "Regardless [of] what the
final intent is of a botnet, one of the core capabilities of every
botnet is the harvesting of e-mail credentials. If it looks like a
horse, it's a horse, it's not a zebra."
Landesman's theory contradicts not only Microsoft and Google, but also
the Anti-Phishing Working Group (APWG), an industry association
dedicated to fighting online identity theft. On Monday, the APWG's
chairman, Dave Jevans said a phishing attack that garnered thousands
of passwords was do-able. "It's not outside the realm of possibility,"
he said then.
Also against the phishing explanation, argued Landesman, is the fact
that the second list -- approximately 20,000 passwords -- contained
usernames from not just Hotmail, but also Gmail, Yahoo Mail, Comcast,
EarthLink and others. "That makes [the purported phishing campaign] a
much broader attack across multiple services."
Her first thought when she read about the compromised Hotmail accounts
was of the cache of credentials she'd found two months before. "Those
public lists reminded me of the lists I found," she said. "It was
definitely not a complete list, but seemed to be an advertisement for
what this [hacker] had to offer."
The hacker was either inexperienced, or none too bright: The data was
not password-protected, which is the norm for credential caches.
Landesman's theory is not just an academic exercise, she maintained.
"Everyone who suspects that their account has been compromised should
change their password," she said, repeating advice by Microsoft,
Google and other security experts. "But if, after changing their
password, they have another reoccurrence where they see their account
being used to e-mail spam, or they again can't access their account,
then they need to suspect that there's a local infection on their
PC."
(10) Got to get back to work
(11) Hope I didn't miss anything.
(12) Any replies to what I missed or issues with what I said, or
further info most appreciated!! It's why I ask.
William R. Walsh
> (1) I've written a lot about this.
I know of two threads for sure, and possibly a third. But like I said,
my intent has not been to offend. I understand and appreciate your
concern whether I agree with it or not. I'd just like to know what you
might already have. It might save some time.
> (2) Have I done what's been previously suggested?
Well, see, that's what I really wanted to know, if there's a baseline
in place or not. And who knows...maybe you have some other idea that
nobody else here has come up with?
> My system is quite locked down. This includes a h/w firewall
> (I check out the settings), s/w firewall,
Those are all very good things to know.
> Avira AV (auto runs a complete scan nightly)
I tried this and wasn't so impressed with their free version. Updating
was so slow as to be unreliable and it advertised. Seems other people
get along OK with it, so I'm willing to grant that my experiences
might have been a one-off.
> Personally, I think it varies greatly depending on what
> they are testing.).
I don't know. I don't take the magazine, and other than a subscription
to CR's Zillions when I was young, don't have a whole lot of opinion
about them. All I know is that the Zillions publication went out of
its way to create the definite stance that advertising is bad. They
did review products, but no more than a few pages would go by and the
message came again--"advertising is VERY BAD".
> Now all my passwds are saved by the browser (recommended
> both in the NYTimes article and elsewhere (can't remember)
> so that I'm not continually typing them in.
That weakens your security, but writing them down weakens it much
more. The Mozilla organization themselves admit (in both Thunderbird
and Firefox) that their password storage file is "difficult but not
impossible to read" when you enable the storage of passwords.
I do not write my passwords down nor do I store them in the browser.
Then again, I have an unusual ability to remember them, even with all
the different ones I have. And yes, they are strong passwords built on
well respected guidelines for creating such.
> (a) Each to their own, but I don't think so, because however
> unlikely the event the cost can be devastating. You know, $0
> in your various accounts along with all your credit cards
> maxed out, etc. Years of recovering from identity theft, your
> credit rating ruined, etc., etc., etc.
I never once doubted the potential severity. However, again, I see a
great deal of sensationalism (sp?) going on here. Identity theft
undoubtedly does happen. Some cases are very bad, so bad that they
make the news and the people impacted by them incur a large loss.
Lesser cases usually don't, and that skews many aspects of the data
concerning these incidents.
With the business I'm in, I know it happens on a much smaller scale.
And I also know that due to laws and regulations, the burden of a lot
of it does not fall on the customer--it falls on the institution
responsible for the customer's money! Any reputable financial
institution takes this sort of thing seriously as it affects their
bottom line. It is really amazing how well a lot of this stuff is
monitored and how proactive many of them are.
> (b) In the previous thread I mentioned the hotmail passwd theft.
We'll never know for sure, Microsoft won't say any more than they had
to about the incident. A recent--and similar--incident involving a
payment systems processor happened not because of an overwhelmingly
large number of customers doing something dumb, but rather because an
employee brought in and used a memory key device laced with malware.
This is low hanging fruit, at least to an extent. Millions (if not
more) people use Hotmail, and many are the type that would download
ANYTHING to their computer, run or click on anything and not
necessarily know that anything went wrong. Some will never try to fix
it, others will eventually figure it out and try to reverse the damage
themselves and still others will have it fixed by having their
computer serviced.
It's very unlikely that someone who pays attention would fall victim
to a phishing attack, but most people *don't*. I've seen it in action
firsthand (helped clean up the mess) and it just baffles me. (I admit
to being the type of person who pays more attention to details than
most.)
I don't doubt that some keylogging or botnet activity might well have
been involved, it seems unlikely at best that all the compromises of
Hotmail accounts were due to the same cause, or necessarily related to
one another by anything other than the compilation of stolen
credentials.
> Even, btw, having a computer in a locked room is no guarantee
> of protection. There's always forcible physical entry. You know,
> they overpower security, break down the doors, etc.
That's true. I never said anything to the contrary. The term I used
was "raises the bar" and that's exactly what it does. As you make
things harder and harder, fewer people are willing to force their way
in. I would be willing to pick up a PC off the curb that had been set
out for trash collection. I'd never take a computer out of someone's
home unless they said I could.
Anyone can be desperate enough to try anything, so that's why perfect
security is impossible. You just have to decide how hard you want to
make it and hope it's enough to discourage most people from trying.
> So why concentrate on the API if there are other ways to
> surreptitiously install a logger?
It would be easy by comparison to any other method I know. Writing
hardware drivers is hard. (I haven't done it personally, but I have
done QA and other testing for a few drivers. Debugging them is an
interesting experience.) Building a hardware device to surreptitiously
record keystrokes and programming it to do so is hard. If a given
keyboard happens to be built around a microcontroller with some extra
memory, subverting it might also be very difficult--you've got to
write the firmware, make sure it works well enough that nobody is
likely to know a difference, and plant the keyboard. (I mention this
because the aluminum Apple keyboard is susceptible to an attack based
on modifying its firmware.)
A hardware device is not impossible to buy. Research the Keyghost
hardware keylogger for an eye-opener. It's not cheap, but that's not a
put-off if you really want to grab someone's keystrokes.
So you try to intercept all the calls to an API and make sure they
only go where you want them to. This will get some things, and it will
stop a hastily written keylogger in all likelihood. It won't do a
thing for the others.
Is it worthwhile to do that? Maybe if you gave it away, and clearly
described the limitations so that people knew what they were getting.
I don't think it is worthwhile or particularly honest to charge money
for it, and the company's site didn't seem to say anything about any
possible drawbacks. It only talked the product up.
> Disabling the API may be a difficult task (after all, programmers
> get paid for stuff like this), but then again, it might not. There
> might be some simple setting that controls various APIs.
A good start would probably be a book on Windows programming. It seems
like a dangerous assumption to go around disabling APIs or changing
the way they work significantly for so many reasons, especially if
you're not the party responsible for official support of the operating
system.
> Yes, the keyboard hqw a controller, but the question is are there
> ways, in particular known, easy methods of a program's gaining
> direct control of it that allows keylogging.
It's easy if you know how, and depending upon where you choose to
start. You can start at the hardware level, actually tapping the
signal lines and recording what comes back to a device mounted inside
or around the computer where it won't be easily seen. And then you can
work your way up, by simply redirecting the output in software or
watching the same API that another application uses to get keyboard
input.
> Particularly if it circumvents the usual protections to directly
> accessing h/w other than through the operating system
> API, i.e., system call.
A device driver can easily do this, since it's running with full
system privileges. Writing device drivers is harder, but I'm sure any
company that's halfway serious about writing an effective software
keylogger can hire someone to do it.
So too can a program that attempts to modify the way the operating
system's kernel operates.
Windows also supports the concept of "filter" drivers that sit between
a given device and the upper level APIs commonly used to interact with
it. A filter driver could probably sieve off data without being easily
noticed. (Some malware providers have actually developed filter
drivers of a sort that fit into the Windows LSP stack and could
therefore "watch" any and all network traffic. Usually this was done
to modify it in some way. It hasn't been done recently that I know
of.)
> Right, they are only one vendor and maybe the others do. But
> one of the replies to the previous thread said, iirc, that he
> thought that most AV vendors do NOT scan for legitimate
> loggers which is why they are the ones that would attempt
> to installed.
If that's an important criteria, you'd do well to ask around and pick
the company who says that they do not care what kind of possibly
offending software it is, you will be alerted to its presence if
possible.
> My sons 23 and 25 and out of the home didn't take protection
> seriously until recently one's girlfriend's machine got completely
> taken over to the extent it couldn't even boot into windows. Now
> they follow my practices, more or less.
I have younger brothers that I have provided with computers because I
feel that it is important for them to have the experience. (They're
not *that* young--one is 18 and the other 20.) However, they do not
have administrative rights on their user accounts, and they have been
told about what will happen if they do certain things.
Back in the days of Windows 98, where there is no real security model
at all, one of them got a bit of a lesson about not doing Bad Things
to their computer when they did the kinds of things that curious young
men will do.
> Landesman's theory contradicts not only Microsoft and Google,
> but also the Anti-Phishing Working Group (APWG), an industry
> association dedicated to fighting online identity theft. On
> Monday, the APWG's chairman, Dave Jevans said a phishing
> attack that garnered thousands of passwords was do-able.
Not only doable, but very, very likely. You just can't tell some
people, and others do not care.
The statement that the data did not come from phishing is a little
thin. All of the services mentioned are very popular and
unquestionably could be impersonated by someone looking to obtain
information they should not have.
I'm sure that some of the leaked data was undoubtedly due to botnet/
keylogger activity. However, I'm also sure that its final compilation
as discovered by this person was NOT all from one source or method of
attack.
William
Green Angel
I think you guys should check out http://www.opswat.com/ there are 2 or 3 products that may be a match. I think that OESIS Framework at http://www.opswat.com/products/oesis-framework provides a single interface to many antivirus and Avira is in that list. Another option is, I think, Metascan at http://www.opswat.com/products/metascan which is more for ISV.
I also found that Avira is certified by OPSWAT at http://www.opswat.com/certified.
I hope this helps.
Regards,