A
Adelphia
First a simple assumption - key loggers can record and pass on all of your
keystrokes for later analysis.
If this assumption is true it exposes a hole in the majority, if not all,
anti-spyware software. That is, if you run the detection program and it
finds a keylogger it is too late. To support that, another assumption is
that the infection occurs without your knowledge at 9am. At 10 am you run
Quicken Financial. This gets the loggers attention and it records your
keystrokes. At midnight you run your favorite anti-spyware program and find
a keylogger. You happily quarantine it or remove it. However, the damage has
already been done! Your Quicken keystrokes have already been recorded and
passed on to some slime somewhere on the globe/earth.
The point is, that without real-time protection the anti-spyware scanners
offer a false sense of security by telling you that you have already been
recorded. If you follow common sense advice you should change all of your
passwords and logon IDs. First it may be too late and second it may be
uncomfortably too often.
An example of a keylogger that is easy to plant is to go to the new Google
Earth program that allows you to see parts of the earth from high resolution
photos. It installs a dll that is a keylogger. One can ASSume that Google is
totally honest and only records keystrokes that pertain to their software. I
will leave that decision of trust to you. Run your late night scan find and
quarantine it. However, Google runs something on a time basis that restores
the keylogger because the next day you once again detect it despite not
using the program. So it had another several hour period between scans to do
its dirty work, unless you want to fully trust Google!!!
So, can a real-time scan of downloaded software block such things from even
entering your PC. Probably not since it is easy to morph an apparently
benign dll into something else later when you run the supposedly now safe
program. You cannot block the outgoing file of your recorded keystrokes
since they come from the now trusted (real-time scanned) program. You could
try to determine what program planted the logger but they seem to be placed
in many locations, making sourcing them difficult. You could do a scan every
time you download something but morphing the logger later makes that
useless.Uninstalling the offender seems to be the only way to "keep
clean".Perhaps someone here can present a full-proof way to instantly detect
keyloggers and block them????
http://sunbeltblog.blogspot.com/2005/08/more-on-identity-theft-ring.html if
you do not believe this link you better be very lucky because you ain't
smart.
Dick
keystrokes for later analysis.
If this assumption is true it exposes a hole in the majority, if not all,
anti-spyware software. That is, if you run the detection program and it
finds a keylogger it is too late. To support that, another assumption is
that the infection occurs without your knowledge at 9am. At 10 am you run
Quicken Financial. This gets the loggers attention and it records your
keystrokes. At midnight you run your favorite anti-spyware program and find
a keylogger. You happily quarantine it or remove it. However, the damage has
already been done! Your Quicken keystrokes have already been recorded and
passed on to some slime somewhere on the globe/earth.
The point is, that without real-time protection the anti-spyware scanners
offer a false sense of security by telling you that you have already been
recorded. If you follow common sense advice you should change all of your
passwords and logon IDs. First it may be too late and second it may be
uncomfortably too often.
An example of a keylogger that is easy to plant is to go to the new Google
Earth program that allows you to see parts of the earth from high resolution
photos. It installs a dll that is a keylogger. One can ASSume that Google is
totally honest and only records keystrokes that pertain to their software. I
will leave that decision of trust to you. Run your late night scan find and
quarantine it. However, Google runs something on a time basis that restores
the keylogger because the next day you once again detect it despite not
using the program. So it had another several hour period between scans to do
its dirty work, unless you want to fully trust Google!!!
So, can a real-time scan of downloaded software block such things from even
entering your PC. Probably not since it is easy to morph an apparently
benign dll into something else later when you run the supposedly now safe
program. You cannot block the outgoing file of your recorded keystrokes
since they come from the now trusted (real-time scanned) program. You could
try to determine what program planted the logger but they seem to be placed
in many locations, making sourcing them difficult. You could do a scan every
time you download something but morphing the logger later makes that
useless.Uninstalling the offender seems to be the only way to "keep
clean".Perhaps someone here can present a full-proof way to instantly detect
keyloggers and block them????
http://sunbeltblog.blogspot.com/2005/08/more-on-identity-theft-ring.html if
you do not believe this link you better be very lucky because you ain't
smart.
Dick