ZAL as replacement to HMP.A on Keystroke Encryption

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
The first thing you could try is blocking unauthorised JavaScript, there are extensions for doing things like this. However it can also break web-page functionality... Some JavaScript keyloggers will basically monitor the document for key-press events, and then they'll convert the character code to a readable string to make sense of the logged key-stroke. There's a documented API for this conversion: JavaScript String fromCharCode() Method

You can also find keyloggers in XSS form which can be just as powerful; they can work the same way via monitoring the document for keystroke events. An example would be via document.onkeypress callback handling. The attacker may then submit the logs back to a malicious server setup by the attacker.

It is a lot simpler for attackers to do than some may think. Some Proof-Of-Concept keyloggers take barely any effort at all to be developed and inserted into web-pages... And in the scenario of a genuine, popular website becoming compromised, well that could be catastrophic in reality.

I hope you manage to find suitable additions to help you stay protected against these attacks and the alike. All I can personally suggest is surrounding the blocking of JavaScript without authorisation for these types of attacks.
It's problem to block Javascripts as it'll break some sites like you mentioned thus limiting your surfing experience and if you want to micro-manage each site by blocking Javascipts it's going to be tedious and time-consuming. It'll be easier and better if an anti-logger comes with such a feature to auto-detect/block.

If I'm not wrong many browsers have this baked in form filler/password manager feature whereby all info are pre-filled and auto filled into forms when required. A keylogger cannot keylog anything not typed. But this cannot prevent screen-grabber keylogger from capturing the screen

For add-on/extension keyloggers there are ways like not using any add-on/extension in the browser through the use of a separate profile, use of TOR/EPIC/Brave browsers etc which come with their built-in add-on/extension or use of trusted add-on/extension only. In fact, it looks like Zemana AntiMalware Ultimate has this 'Real-time browser extension protection' feature.
 
Last edited:
D

Deleted member 65228

It's problem to block Javascripts as it'll break some sites like you mentioned thus limiting your surfing experience and if you want to micro-manage each site by blocking Javascipts it's going to be tedious and time-consuming.
You could allow JavaScript for trusted, reputable websites and stay away from anything which isn't trusted (e.g. there's extensions like NoScript - the Tor browser uses this also). Generally speaking, I highly doubt you are ever going to reach the level of protection you seem to be after whilst maintaining usability; there are new ways of doing things all the time and no security product/browser extension is going to be sufficient enough to block every attack. Although I know you already know this.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
You could allow JavaScript for trusted, reputable websites and stay away from anything which isn't trusted (e.g. there's extensions like NoScript - the Tor browser uses this also). Generally speaking, I highly doubt you are ever going to reach the level of protection you seem to be after whilst maintaining usability; there are new ways of doing things all the time and no security product/browser extension is going to be sufficient enough to block every attack. Although I know you already know this.
Yes, I could allow/block. But like I mentioned to micro-manage each site is gong to be difficult

With each new upcoming attack there's always a new way of countering it...hopefully
 
Last edited:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
This can lead to multiple scenarios
I tried it with Eset Hips and there was no conflict! you also can disable it :)
This feature only protects the browser(there is an option to control the whole windows like registry but I disabled it).Btw it's free and worth it!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top