MSAS and keyloggers

plun · Sep 13, 2005

Hi

Tested some keylogger programs from Download.com and
it can be better detection !

http://hem.bredband.net/b288305/keylog.htm

Bill Sanderson · Sep 13, 2005

Want to say more about your results? I see one detection for one
attempt--sounds good so far?

plun · Sep 13, 2005

Hi

I can see 2 keyloggers without "red alerts", Beyond Keylogger and
PCSpy keylogger and 2 commercials without trials.

I am also going to test Adaware and send the result to them.

This is real spyware !

Bill Sanderson · Sep 13, 2005

That's bad. Does Tools, send spyware report work on your test system?

--

plun · Sep 13, 2005

Hi

Well, of course

Easier for MSAS team to just go to Download.com
and get them.

They can also get all "Most popular" to avoid
false/positives.

--
plun

Bill Sanderson wrote on 2005-09-13 :

That's bad. Does Tools, send spyware report work on your test system?

--

Bill Sanderson · Sep 14, 2005

Yeah--that's not good, I suspect. 'course--the keyloggers need to
transgress.--is it fair to say that each critter you tested can be installed
and active without the knowledge of the user of the machine?

--

plun · Sep 14, 2005

Hi Bill

The problem is with these 2 (also with more untested) without "red
alarm" that they easily can be "planted" within a PC, just to install
and choose "Allow", done !

A boyfriend or father/mother checking children etc can easily plant a
keylogger, download, install and choose allow. takes less then 5
minutes. And this is "Dr Phil" cases.

If you get a red alarm it takes much more time to also run a scan
and choose "Always ignore".

But if these keyloggers also are detected by for example Adaware,
antivirus programs it´s nearly impossible to hide a keylogger !

Within corporate environments, I can see a few professions with a need
which then openly tells or have a agreement to all employees about this
it is handled by other admin settings/rules.

Keyloggers are evil and real spyware and must be detected for all
normal users.

Bill Sanderson · Sep 14, 2005

plun said:
Keyloggers are evil and real spyware and must be detected for all
normal users.

Absolutely agreed. I don't know what the process is for surveying
commercially available stuff and getting it added to the definitions--it may
well depend on their seeing spyware reports of the existence "in the
wild"--that'd certainly help.

plun · Sep 14, 2005

Bill Sanderson wrote :

Absolutely agreed. I don't know what the process is for surveying
commercially available stuff and getting it added to the definitions--it may
well depend on their seeing spyware reports of the existence "in the
wild"--that'd certainly help.

Hi

Well, this must be something for our legal experts to handle and maybe
to have a "security chip" within PCs for a really small population of
users with professions which really need supervision.

I also run into trouble with these "pests" beacuse some program
disabled my firewall and put up a new shared remote controlled Internet
connection ;( I didn´t track with a install logger which one it was.

Nevertheless it was solved with a reinstall of TM 2006.