ZAL as replacement to HMP.A on Keystroke Encryption

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
If you read my above, I'm particularly mentioning on keylogging protection feature. While it's free on HMP.A it applies only to browser. Which is why I opt for keyscrambler Pro.
Ummm, no, your wrong, HMPA protects against online, offline and "added Apps" with it's keystroke encryption.
Who ever told you that lied or it was made up.
@Erik Loman
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Keyscrambler(free version) is good only for the Browser! useless... I don't need it because already using a Next-gen browser that protects me against all kind of keyloggers:notworthy:Ghostpress is the best choice for free!
What's that browser that protects you agains all keyloggers?
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
What's that browser
Yandex beta!! it will alert(Has hips) if something wants to access Yandex processes, user profiles, and other places such as history, cookies, keyboard and the browser screen!XD the future is here :giggle:
PROTECTION:D
 

Attachments

  • yandex.PNG
    yandex.PNG
    12 KB · Views: 396
  • yandex2.PNG
    yandex2.PNG
    17.8 KB · Views: 423
  • Like
Reactions: frogboy and tim one

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Keystroke encryption = Keyscrambler, that is it; they do it at system level.
Does KeyScrambler protects against form-grabber keyloggers, javascript-based keyloggers, browser add-on/extension keyloggers and web-based keyloggers?

:rolleyes:
 
D

Deleted member 65228

Yandex beta!! it will alert(Has hips)
I can understand why this is looked at in a positive way but do you really think it is all positive? If the browser has its own HIPS then this is a worry because security features like HIPS rely on redirecting execution flow for other running software to control them. This can lead to multiple scenarios.

As you can see from the screenshot you uploaded, it has control over Ghostpress.
 
Last edited by a moderator:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
keyscrambler doesn't block any of them, it just encrypts keystrokes, so unless the attacker knows a way to decrypt the datas logged, he can't read them.
If I have ZAL and KeyScrambler who does the keystroke encryption?

:rolleyes:
 
D

Deleted member 65228

form-grabber keyloggers
If you have security software which can protect the browser processes (memory) and/or sandbox the browser, you'll probably be protected from banking malware which may inject code for web-Inject/form-grabber functionality.
 
  • Like
Reactions: HarborFront

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
If you have security software which can protect the browser processes (memory) and/or sandbox the browser, you'll probably be protected from banking malware which may inject code for web-Inject/form-grabber functionality.
If you have security software which can protect the browser processes (memory) and/or sandbox the browser, you'll probably be protected from banking malware which may inject code for web-Inject/form-grabber functionality.
I doubt a sandbox can prevent form-grabber keyloggers

Form-grabbing-based keyloggers log web form submissions by recording the web browsing on submit events. To do that it has to call upon a malicious script tag injected into a targeted web page, and listen for key events. Scripts can be injected via a variety of methods, including cross-site scripting, man-in-the-browser, man-in-the-middle, or a compromise of the remote web site.

Can a sandbox prevent this? I believe a SB can protect such a keylogger from being installed after its reboot but not from preventing it siphoning off data when it encounters the keylogger.

This applies similarly to those web-based keyloggers and browser add-on/extension keyloggers
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I'm talking about software-based ones.
Agree like SBIE or any virtualization software for that matter? The reason being these javascript-based keyloggers and add-on/extension keyloggers are part of your browser. By trusting your browser you are trusting these keyloggers, no? Can you trust the browser without trusting the add-on/extension or javascript-based keyloggers?

Can a FW/HIPS trust the browser and blocking off the add-on/extension or Javascript-based keylogger?
 
Last edited:
D

Deleted member 65228

Agree like SBIE?
If you're talking about software-based form-grabbers then a good sandbox should be beneficial in some scenarios. For example, the sandboxed process is restricted from being accessed by other Host processes, preventing code injection which in itself prevents networking-related APIs from being patched in memory to log credentials (e.g. Internet Explorer -> wininet.dll -> which is an example of one of the things that the Zeus banking malware does).

It won't be useful in all scenarios, but some. If you were talking about something completely different then apologies for misunderstanding.

Edit: Only just seen your edit too. If a keylogger is entirely web-based (e.g. no infection to the host for code execution is required) then it would not be useful in that scenario I do not think.
 
Last edited by a moderator:
  • Like
Reactions: HarborFront

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
If you're talking about software-based form-grabbers then a good sandbox should be beneficial in some scenarios. For example, the sandboxed process is restricted from being accessed by other Host processes, preventing code injection which in itself prevents networking-related APIs from being hooked to log credentials (e.g. Internet Explorer -> wininet.dll -> which is an example of one of the things that the Zeus banking malware does).
I'm not talking of API-based or memory-injection keyloggers. I'm talking of form-grabbing, web-based and add-on/extension type keyloggers

The types of keyloggers are described here

Keystroke logging - Wikipedia
 
D

Deleted member 65228

I'm not talking of API-based or memory-injection keyloggers. I'm talking of form-grabbing, web-based and add-on/extension type keyloggers

The types of keyloggers are described here
Your original post I quoted is below.

Does KeyScrambler protects against form-grabber keyloggers, javascript-based keyloggers, browser add-on/extension keyloggers and web-based keyloggers?

The first you mentioned ("form-grabber keyloggers") can include software-based keyloggers which abuse memory for logging credentials, via code injection and redirecting execution flow of various networking APIs used among different browsers. This is why I brought up memory protection and/or sandboxing. I wasn't referring to add-on/extensions or Java-Script based keyloggers with the suggestion I brought up.

It is an easy misunderstanding because what you said can refer to different types of form-grabbing, however "form-grabbing" can be performed through software-based keyloggers, too. This is what Zeus and SpyEye banking malware does, targeting banking websites for credential theft.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Your original post I quoted is below.



The first you mentioned ("form-grabber keyloggers") can include software-based keyloggers which abuse memory for logging credentials, via code injection and redirecting execution flow of various networking APIs used among different browsers. This is why I brought up memory protection and/or sandboxing. I wasn't referring to add-on/extensions or Java-Script based keyloggers with the suggestion I brought up.

It is an easy misunderstanding because what you said can refer to different types of form-grabbing, however "form-grabbing" can be performed through software-based keyloggers, too. This is what Zeus and SpyEye banking malware does, targeting banking websites for credential theft.
Of course all these while I'm referring to software-based keyloggers. Hardware-based keyloggers is not a discussion subject here.

My focus is more on Javascript-based keyloggers which will include form-grabbers, web-based and browser add-on/extension type keyloggers
 
D

Deleted member 65228

Javascript-based keyloggers
The first thing you could try is blocking unauthorised JavaScript, there are extensions for doing things like this. However it can also break web-page functionality... Some JavaScript keyloggers will basically monitor the document for key-press events, and then they'll convert the character code to a readable string to make sense of the logged key-stroke. There's a documented API for this conversion: JavaScript String fromCharCode() Method

You can also find keyloggers in XSS form which can be just as powerful; they can work the same way via monitoring the document for keystroke events. An example would be via document.onkeypress callback handling. The attacker may then submit the logs back to a malicious server setup by the attacker.

It is a lot simpler for attackers to do than some may think. Some Proof-Of-Concept keyloggers take barely any effort at all to be developed and inserted into web-pages... And in the scenario of a genuine, popular website becoming compromised, well that could be catastrophic in reality.

I hope you manage to find suitable additions to help you stay protected against these attacks and the alike. All I can personally suggest is surrounding the blocking of JavaScript without authorisation for these types of attacks.
 
  • Like
Reactions: HarborFront

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
ZAL doesn't "do" keystroke encryption, you can verify by downloading it. I did a few days ago cuz I was doing an anti-keylogger software test, I turned on both the real time protection and the ID Theft protection or w/e it was called thing, just to be sure, then I used the Anti-Keylogger test tool from Lists of freeware antikeyloggers which has 7 different functions to monitor keystrokes with, all 7 succeeded, I tested a few chrome banking sites as well as dashlane. For comparison, when you turn on Kaspersky's Secure Keyboard Input, which is different than the Virtual Keyboard, whenever you enter a banking site and type something into a field from the site, the keylogger doesn't get anything, not even encrypted symbols. Writing anything into anywhere else, including the address bar, does get revealed, which is how kaspersky's supposed to work. Not sure if I did something wrong with ZAL but what is there to do wrong? I allowed literally everything when installing ZAL, I checked for updates, I added it to the trusted applications and firewall as well. ZAL didn't even detect the antikeylogger tool when I turned the real time protection on, kaspersky did. I didn't scan it with ZAL tho, but it certainly didn't encrypt any keystrokes at all
Its 'Protection against keystroke logging' feature encrypts the user's keystrokes so that data is unreadable even if stolen. Read somewhere ZAL also scrambles besides encrypting keystrokes
 
Last edited:
  • Like
Reactions: Sunshine-boy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top