Results 1 to 8 of 8

Thread: suggestion for a new feature

  1. #1
    Senior Member TwistedMike's Avatar
    Join Date
    Apr 2008
    Location
    Canada
    Posts
    129

    Lightbulb suggestion for a new feature

    i was browsing all of the features of Kaspersky internet security 2009 and i noticed that they had a secured virtual keyboard now as soon as i seen this i thought this is a must for a feature request for Spybot.
    For the fastest, safest browsing experience get Google Chrome

  2. #2
    Junior Member
    Join Date
    Mar 2008
    Posts
    23

    Default

    Quote Originally Posted by TwistedMike View Post
    i was browsing all of the features of Kaspersky internet security 2009 and i noticed that they had a secured virtual keyboard now as soon as i seen this i thought this is a must for a feature request for Spybot.
    I agree. Taking in consideration that Spybot fights spyware (not only), and keyloggers are a type of spyware, would make sense for a virtual keyboard.

    Regards

  3. #3
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Hmmm...

    "Secured" sounds... difficult.
    Creating a virtual keyboard is not really diffcult, but one really has to take care it does not create a false sense of safety. Various different types of "keylogging" activity tak different approaches... a few quick thoughts:

    1. A global hook into keybeard functions is the oldest tric. Protocols any keypress into a file, which'll include passwords. Used for personal spying mostly, passwords would have to be searched for manually.
      Counteraction: here, a virtual keyboard using e.g. GetWindowText/SetWindowText could paste characters from a virtual keyboard into a password field without sich a keylogger noticing.
    2. A modern keylogger might simply capture the contents of all edit fields that are password masked using the same GetWindowText and would this bypass the above.
      Counteraction: no virtual keyboard will help here. If it is a browser application, interpreting the website and storing the password out of the field to only inject it when submitting a dialog would be a partial solution.
    3. Modern keyloggers can track the mouse movements as well, in the worst case recording screenshots plus mouse position whenever the mouse is clicked due to the amount of data, such a dense recording would be limited to cases where the focus might be on masked fields, aka passwords fields).
      Counteraction: on Vista, elevation that is allowed to drive UI input to other windows. Does not help if the passworded app is already elevated, nor against the problem described in 2.
    4. The password stealer type of virtual keyboard might work e.g. as a BHO, capturing passwords from all web forms with fields that are masked or have a suspicious password-field-like name.
      Counteraction: a virtual keyboard would have to paste false data into the form, and inject the good password only at a very low level, like a LSP. In the hope that the stealer is not on LSP level as well and acting after itself. Even then, it might cause trouble, become incompatible to anonymization features like Tor, and more important, does not properly work with secure (https) connections, skipping the global security for a local one.

    I could add a few more arguments, but I think the point is getting clear: a somewhat useful virtual keyboard has to apply itself on many levels and be customized to the various browsers and still would only make you safe from maybe 50% of all keyloggers. Rigging together a simpler one that protects aginst maybe 20-30% would indeed be simple, but in both cases, the huge danger I see is that it would create a false feeling of being safe fom keyloggers!

    More details on dow you think a [really] "secure" virtual keyboard should work are welcome of course
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  4. #4
    Senior Member TwistedMike's Avatar
    Join Date
    Apr 2008
    Location
    Canada
    Posts
    129

    Default

    well mabe you could make like a test virtual keyboard and see how that goes and if it go good keep it if it doesnt get rid of it.
    For the fastest, safest browsing experience get Google Chrome

  5. #5
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    How do you define "goes good"?

    Sure, it might be that people like it a lot. But user perception does not change the fact that it creates a false feeling of security.

    And as for tests, sure, I could select a dozen keyloggers and say that it works perfectly from blocking 100% tested keyloggers. At the same time, I could always find a dozen that are still monitored and could say 0%. I guess that's what Kaspersky did - tested those they would counter and then labeled it "secure".

    So my main issue still stands: either tell me a concept that will block a reasonably lage amount of keyloggers (for me that would be > 95%, and I highly doubt that is possible), or how this would not fool people into believing a security that it does not grant.

    See, I'm no marketing person advertising something as great when I feel its not really as good for the user in the end
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  6. #6
    Senior Member TwistedMike's Avatar
    Join Date
    Apr 2008
    Location
    Canada
    Posts
    129

    Default

    well i don't want to annoy you with this topic so i will say no more maybe someday in the future this could be possible but not now.
    For the fastest, safest browsing experience get Google Chrome

  7. #7
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    It wasn't annoying, we just don't want to dissappoint or bloat with a feature that might not be as cool/effective as it sounds

    In fact, I even remember how I discussed various password input methods with a team member one or two years ago... he had some interesting ideas, but we went in a circile for a long time I think
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  8. #8
    Senior Member TwistedMike's Avatar
    Join Date
    Apr 2008
    Location
    Canada
    Posts
    129

    Default

    well with Spybot expanding as fast as it is maybe in the future like a couple of SB version later this could be implemented be for now it will just be left as a suggested idea that isn't completely safe yet because of many risks.
    Last edited by TwistedMike; 2009-01-13 at 00:00.
    For the fastest, safest browsing experience get Google Chrome

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •