ZAL as replacement to HMP.A on Keystroke Encryption

[HarborFront]

The first thing you could try is blocking unauthorised JavaScript, there are extensions for doing things like this. However it can also break web-page functionality... Some JavaScript keyloggers will basically monitor the document for key-press events, and then they'll convert the character code to a readable string to make sense of the logged key-stroke. There's a documented API for this conversion: JavaScript String fromCharCode() Method

You can also find keyloggers in XSS form which can be just as powerful; they can work the same way via monitoring the document for keystroke events. An example would be via document.onkeypress callback handling. The attacker may then submit the logs back to a malicious server setup by the attacker.

It is a lot simpler for attackers to do than some may think. Some Proof-Of-Concept keyloggers take barely any effort at all to be developed and inserted into web-pages... And in the scenario of a genuine, popular website becoming compromised, well that could be catastrophic in reality.

I hope you manage to find suitable additions to help you stay protected against these attacks and the alike. All I can personally suggest is surrounding the blocking of JavaScript without authorisation for these types of attacks.

It's problem to block Javascripts as it'll break some sites like you mentioned thus limiting your surfing experience and if you want to micro-manage each site by blocking Javascipts it's going to be tedious and time-consuming. It'll be easier and better if an anti-logger comes with such a feature to auto-detect/block.

If I'm not wrong many browsers have this baked in form filler/password manager feature whereby all info are pre-filled and auto filled into forms when required. A keylogger cannot keylog anything not typed. But this cannot prevent screen-grabber keylogger from capturing the screen

For add-on/extension keyloggers there are ways like not using any add-on/extension in the browser through the use of a separate profile, use of TOR/EPIC/Brave browsers etc which come with their built-in add-on/extension or use of trusted add-on/extension only. In fact, it looks like Zemana AntiMalware Ultimate has this 'Real-time browser extension protection' feature.

 

[Deleted member 65228]

It's problem to block Javascripts as it'll break some sites like you mentioned thus limiting your surfing experience and if you want to micro-manage each site by blocking Javascipts it's going to be tedious and time-consuming.

You could allow JavaScript for trusted, reputable websites and stay away from anything which isn't trusted (e.g. there's extensions like NoScript - the Tor browser uses this also). Generally speaking, I highly doubt you are ever going to reach the level of protection you seem to be after whilst maintaining usability; there are new ways of doing things all the time and no security product/browser extension is going to be sufficient enough to block every attack. Although I know you already know this.

 

[HarborFront]

You could allow JavaScript for trusted, reputable websites and stay away from anything which isn't trusted (e.g. there's extensions like NoScript - the Tor browser uses this also). Generally speaking, I highly doubt you are ever going to reach the level of protection you seem to be after whilst maintaining usability; there are new ways of doing things all the time and no security product/browser extension is going to be sufficient enough to block every attack. Although I know you already know this.

Yes, I could allow/block. But like I mentioned to micro-manage each site is gong to be difficult

With each new upcoming attack there's always a new way of countering it...hopefully

 

[Sunshine-boy]

This can lead to multiple scenarios

I tried it with Eset Hips and there was no conflict! you also can disable it
This feature only protects the browser(there is an option to control the whole windows like registry but I disabled it).Btw it's free and worth it!