| View previous topic :: View next topic |
| Author |
Message |
Jay
Junior Member
Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13
|
 Posted: Wed Sep 07, 2005 8:20 am Post subject: Keylogger detection by SpyWall |
 |
|
Hi,
We have added a simple behavior-based keylogger detection in SpyWall (version 1.2.9) that is catching many keyloggers without using signatures.
This is the first part of a three-phase enhancement that will enable SpyWall to detect most keyloggers without using definitions.
I would appreciate if some of you can try it out and give us your feedback. Even though we catch many keylogger with this simple enhancement, this option is turned off by default due to some false positives. So, please trun it on before your tests.
I will be happy to give out free licenses to first 20 who are willing to provide us with feedback.
www.trlokom.com
Thanks,
Jay (jay AT trlokom dot com)
www.trlokom.com |
|
| Back to top |
|
 |
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
| Posted: Wed Sep 07, 2005 9:53 am Post subject: |
|
|
Hi Jay.. 
I'll be keen to test it to death ..  Will be installing it soon.
Are you talking about commercial keyloggers being detected or the more malicious variety. ?
When you say feedback , what exactly are you expecting ?
Obviously not the "dude this sucks" kind , but do you want people to test this against the usual hijack sites or try to find some keyloggers to test against ?
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts | |
|
| Back to top |
|
|
spywaresucks19
Junior Member
Joined: 22 Jul 2005
Last Visit: 19 Jun 2006
Posts: 30
|
| Posted: Wed Sep 07, 2005 10:23 am Post subject: Re: Keylogger detection by SpyWall |
|
|
| jay it might help if you post a hjt log file for the experts at spy warrior to look at. |
|
| Back to top |
|
|
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
|
| Back to top |
|
|
Jay
Junior Member
Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13
|
| Posted: Wed Sep 07, 2005 1:10 pm Post subject: |
|
|
| Moore wrote: |
Hi Jay..
When you say feedback , what exactly are you expecting ?
Obviously not the "dude this sucks" kind , but do you want people to test this against the usual hijack sites or try to find some keyloggers to test against ? |
Hi Moore,
Any level of feedback would be great! Since my initial post was about the keyloggers, information about false positives will be most helpful.
General comments about SpyWall are also welcome.
I can be reached at (jay AT trlokom.com)
Thanks,
Jay
www.trlokom.com |
|
| Back to top |
|
|
webmedic
Junior Member
Joined: 07 Oct 2004
Last Visit: 17 Sep 2006
Posts: 37
|
| Posted: Wed Sep 07, 2005 1:29 pm Post subject: |
|
|
| correct me if I'm wrong but a sandbox for activex controls? I use firefox almost exclusively under windows so this would not be of much use to me? Or am I not correct? |
|
| Back to top |
|
|
Jay
Junior Member
Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13
|
| Posted: Wed Sep 07, 2005 4:29 pm Post subject: |
|
|
| webmedic wrote: |
| correct me if I'm wrong but a sandbox for activex controls? I use firefox almost exclusively under windows so this would not be of much use to me? Or am I not correct? |
Sand box is not just for activeX, but for the browser itself. SpyWall will also protect against browser vulnerabilities that are frequently exploited to install spyware.
SpyWall has many features:
- Browser sand box to prevent spyware
- Detect and clean existing spyware
- Behavior & signature-based keylogger detection
- Protection against phishing attacks
- Block spyware/adware web sites
- Monitor web usage
- File system protection
and many more.
Using Firefox is not the solution as many spyware exploit vulnerabilities in FF as well.
SpyWall is the first firewall for the web browser and because the concept is so new, it will take some time to get accepted. Remember, network firewalls acceptance also took some time and now nobody can ever imagine a network with a perimeter firewall.
I personally use IE with SpyWall and feel almost scared to surf without its protection. Just install SpyWall, look at the event log, and you will see for yourself what some of these websites try.
Hope that helps.
~Jay
www.trlokom.com |
|
| Back to top |
|
|
webmedic
Junior Member
Joined: 07 Oct 2004
Last Visit: 17 Sep 2006
Posts: 37
|
| Posted: Wed Sep 07, 2005 5:21 pm Post subject: |
|
|
I own a computer store and do this for a living. Honestly I use linux 99.9% of the time. If they check their server logs here I probably account for 100% off all their Konqueror usage.
If I were you I would feel scared using ie no matter what protection I used. You see and maybe I don't understand your software properly but with ie it's not just activex controles but rather it's security holes in ie itself.
Do you realize that styles under xp are really xml files just like a web page. They are all rendered by ie to create your desktop. Well I should say they are rendered by the underlying dll's that allow ie to also render html. At any rate do you begin to see the issues here if somebody is able to exploit this.
Under windows I use firefox as one of my lines of defense. Even the few security issues found with it have more to do with phishing and scams than an actual inherent security issue with the browser itself. I follow security focus and other bug track sites rather closely and firefox rarely has issues.
Having said that I was really more curious about your software and what benefits it offers to the end users and my customers. You see I'm kind of funny I am always trying to look out for my customers and giving them the best value for their money. I also do my best to educate them and I simply don't sell products from companies that have a track record of lying and ripping their customers off. There are quite a few systemworks type suites that I simply refuse to sell no matter how much money I could make off them.
As for your product it looks legit and I'm not worried about that but I do want to know what gives it value over the other products out there. In the end how well does it get rid of the bad stuff. |
|
| Back to top |
|
|
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
| Posted: Wed Sep 07, 2005 6:10 pm Post subject: |
|
|
| Quote: |
| SpyWall is the first firewall for the web browser |
I'm not sure I'd agree with you there , System Safety Monitor has been around for quite a while now: 
http://maxcomputing.narod.ru/ssme.html?lang=en
Other than that Spywall is very impressive so far , very nice work. 
Some of the features remind me a lot of Tiny firewall.. some of these features are obviously not going to be understood by many users without a bit of help , like Tiny , I think it would suit more advanced users.
I think a bit more indepth information on the configuration settings would be really helpful .
I really like any program that offers the user blacklist/whitelist controls for websites , the file download controls are a very nice addition.
When it says block known spyware/adware sites in the settings , are these stored in the definition files and updated by you regularly ?
I updated the spyware definitions to start with , then ran the spyware scan which detected 13 suspicious entries and 1 malicious entry..
The malicious entry being flashget , which I'm strongly advised to delete.. I paid for it , so I'm certainly not deleting it. Luckily the auto delete malicious items is unchecked. Like the whitelist though.
My only other question would be do you have plans to make it compatible with other browsers ? I can see how it would be a great additon to anyone's security , no matter what browser they use. I dont like using IE , it's very annoying without tabbed browsing.
To be honest I'd probably buy this program , I'll keep testing it today and see how it goes.. looks like there are a few more things to get through and configure.. The file and process rules are very much like Tiny.
I 'll have to get back to you once I've sorted the rest out and run it through some cws sites.
| Quote: |
| If I were you I would feel scared using ie no matter what protection I used. You see and maybe I don't understand your software properly but with ie it's not just activex controles but rather it's security holes in ie itself. |
I also dont use Firefox , I use Greenbrowser instead which is another IE shell based browser from the Maxthon|MyIE|Crazybrowser family of browsers, but with increased security controls. I feel quite comfortable to visit any site I like and know that nothing is getting in unless I allow it.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Last edited by Moore on Wed Sep 07, 2005 7:58 pm; edited 4 times in total |
|
| Back to top |
|
|
webmedic
Junior Member
Joined: 07 Oct 2004
Last Visit: 17 Sep 2006
Posts: 37
|
| Posted: Wed Sep 07, 2005 7:24 pm Post subject: |
|
|
| although I'm sure that the security is better than ie by itself you are still just as much open if the security of the underlying framework is found to be faulty. In that respect you are no better off than ie. |
|
| Back to top |
|
|
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
| Posted: Wed Sep 07, 2005 7:31 pm Post subject: |
|
|
Maybe , but I have no complaints so far ..
Firefox is nice and all , but it still needs a lot of work before I'd use it as my main browser..
I'm happy enough without it , just as I know a lot of people are happy enough to use it as it is.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts | |
|
| Back to top |
|
|
webmedic
Junior Member
Joined: 07 Oct 2004
Last Visit: 17 Sep 2006
Posts: 37
|
| Posted: Wed Sep 07, 2005 8:07 pm Post subject: |
|
|
| sorry I misunderstand your intentions. There is no maybe about what I stated. I'm also not trying to push forefox down anybodies throat. I stated clearly I use linux and Konqueror and I also did not state anybody else had to use those either. |
|
| Back to top |
|
|
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
| Posted: Wed Sep 07, 2005 9:04 pm Post subject: |
|
|
My intentions ? well let me put it this way .. Maybe you are right but thats still not going to make me change anything..  I have no problems or fear using IE based browsers or windows.
| Quote: |
| although I'm sure that the security is better than ie by itself you are still just as much open if the security of the underlying framework is found to be faulty. In that respect you are no better off than ie. |
Ok , thats great thanks.
Now lets get back to spywall
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts | |
|
| Back to top |
|
|
Jay
Junior Member
Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13
|
| Posted: Thu Sep 08, 2005 3:38 pm Post subject: |
|
|
[quote="Moore"]
| Quote: |
Other than that Spywall is very impressive so far , very nice work.
. |
Thanks! We are tyring to make it even better.
[quote="Moore"]
| Quote: |
I think a bit more indepth information on the configuration settings would be really helpful .
|
You can get very detailed documentation from our website. You have to create an account for yourself.
[quote="Moore"]
| Quote: |
I really like any program that offers the user blacklist/whitelist controls for websites , the file download controls are a very nice addition.
|
Congratulations, you found the file download control. 
Our enterprise customers love this feature.
[quote="Moore"]
| Quote: |
When it says block known spyware/adware sites in the settings , are these stored in the definition files and updated by you regularly ?
|
Yes. SpyWall client will periodically download definitions from our website. We have recently collected 30,000 new definitions and they will be going out in a month. Our current database has over 40,000 definitions.
[quote="Moore"]
| Quote: |
I updated the spyware definitions to start with , then ran the spyware scan which detected 13 suspicious entries and 1 malicious entry..
The malicious entry being flashget , which I'm strongly advised to delete.. I paid for it , so I'm certainly not deleting it. Luckily the auto delete malicious items is unchecked. Like the whitelist though.
|
Yes, we are trying hard to fix all false positives. In fact, that was the main reason for my initial post. Can you please send me the file name and registry entry?
[quote="Moore"]
| Quote: |
My only other question would be do you have plans to make it compatible with other browsers ? I can see how it would be a great additon to anyone's security , no matter what browser they use. I dont like using IE , it's very annoying without tabbed browsing.
|
This is the #1 question we get asked. Yes, we plan to not only support other browsers, we will also support e-mail clients and IM clients. However, you will have to wait till 2.0 that will come out in Dec 05 or Jan 06
[quote="Moore"]
| Quote: |
I 'll have to get back to you once I've sorted the rest out and run it through some cws sites. |
Looking forward to your feedback. Anything you guys don't like or problems you find, we WILL fix it and IMPROVE the product.
Thanks,
Jay
www.trlokom.com |
|
| Back to top |
|
|
webmedic
Junior Member
Joined: 07 Oct 2004
Last Visit: 17 Sep 2006
Posts: 37
|
| Posted: Thu Sep 08, 2005 6:21 pm Post subject: |
|
|
| I sent an email asking for a key but have recieved no responce yet. |
|
| Back to top |
|
|
Kimberly
Moderator & HJT Expert
Joined: 03 Aug 2005
Last Visit: 01 Apr 2012
Posts: 1419
|
| Posted: Wed Sep 21, 2005 7:50 am Post subject: |
|
|
Ok, let's be the next to test this application out. From what I did read up, it sounds like it has some very nice features. Moore did point out that I really should install it.
PS. I'm an addicted IE user, so that might come in handy. 
Kim
_________________
Microsoft MVP Windows-Security 2006 - 2009
Help us to take down malicious Flash ads
 |
|
| Back to top |
|
|
Jay
Junior Member
Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13
|
| Posted: Wed Sep 28, 2005 6:02 pm Post subject: |
|
|
| webmedic wrote: |
| I sent an email asking for a key but have recieved no responce yet. |
webmedic,
If you haven't received it, please send me an e-mail.
Jay
www.trlokom.com |
|
| Back to top |
|
|
|
