So I recently decided to do a test consisting on a few internet securities suites keylogger detection capabilities since keyloggers are probably the most costly threat to anyones PC with internet banking etc. Unfortunately my findings were pretty unsatisfactory and alot of the suites I tested were unable to detect keyloggers after they hooked, Norton included.
Does anyone know whether Norton has some kind of monitoring capability to detect when applications hook into key presses (probably not the most technically accurate way of describing it) and if so does anyone know how to enable this? As far as I know identity safe is made to counteract this problem but it seems like a work around solution rather than bringing suspect applications to the users attention for a more thorough solution.
So I recently decided to do a test consisting on a few internet securities suites keylogger detection capabilities since keyloggers are probably the most costly threat to anyones PC with internet banking etc. Unfortunately my findings were pretty unsatisfactory and alot of the suites I tested were unable to detect keyloggers after they hooked, Norton included.
Does anyone know whether Norton has some kind of monitoring capability to detect when applications hook into key presses (probably not the most technically accurate way of describing it) and if so does anyone know how to enable this? As far as I know identity safe is made to counteract this problem but it seems like a work around solution rather than bringing suspect applications to the users attention for a more thorough solution.
So I recently decided to do a test consisting on a few internet securities suites keylogger detection capabilities since keyloggers are probably the most costly threat to anyones PC with internet banking etc. Unfortunately my findings were pretty unsatisfactory and alot of the suites I tested were unable to detect keyloggers after they hooked, Norton included.
Does anyone know whether Norton has some kind of monitoring capability to detect when applications hook into key presses (probably not the most technically accurate way of describing it) and if so does anyone know how to enable this? As far as I know identity safe is made to counteract this problem but it seems like a work around solution rather than bringing suspect applications to the users attention for a more thorough solution.
Hi,
I don't have an official response. The identity safe has a variation of a keylogger built in - how else can it capture the username and password you enter? As for bringing things in for you to be more aware of, I'm not sure. Many threats are better blocked before they get downloaded. Since they are blocked, is there any real need to tell you that you remain safe? I don't need all that information. I do want the program to alert me when it needs my assistance. Otherwise, no news is good news.
In my experience the keylogger protection does seem inadequate for new or unknown keyloggers. Not that I have had problems with keyloggers, just that with my own occasional testing NIS does not automatically detect, warn, &/or block when keyloggers are in use. Of course, a keylogger has to get past the several layers of protection offered by NIS (five layers according to Symantec), install on the machine (get past Windows UAC), and be able to send that information (get past NIS Firewall and any router firewall that may be present), but considering the identity theft concerns I would like to see more enhanced protection against unknown keyloggers (as well as clipboard, webcam, and screen capture protection) offered in NIS. Remember though that NIS does protect against many known keyloggers with their signature database.
If you have experienced problems with Keyloggers or are concerned about them, you may want to look into programs such as QFX KeyScrambler or Raxco PerfectGuard until Symantec can offer more complete solution(s) for these. KeyScrambler works fine with NIS, but I am uncertain about PerfectGuard (though Raxco includes Symantec in their compatibility list).
@Peter I cant remember the specific threats that I installed since I've already deleted the test VM, from memory it consisted of 3 test products from the internet, 4 malware samples (of which 1 was detected by norton), Admittedly the firewall prevented any transmission of recorded strokes across the internet though. All features were at their defaults however, I disabled automatic program control and enabled Advanced Events Monitoring on the firewall so I could would get alerts on whats happening.
@Dickevans I'm not concerned about Norton alerting on threats that are detected to be definite keyloggers, I'm more than happy for it to take care of those silently, its the ones that are permitted to hook that I would like to get an alert to since all the test products and some of the malware managed to capture (not transmit keystrokes).
@SecurePC The firewall did prevent transmission so that part was effective, I would have probably prefered that the loggers were terminated before they managed to hook my key presses though. Kaspersky and Bitdefender were pretty good for this and nothing entered on a secure browser page was captured, thanks for the contribution! though I'll definitely check out those programs you recommended! Would still prefer to use Norton in conjunction with something else than KIS/Bitdefender!
Keystoke logging in itself may not be enough to convict a process as being malicious, and the firewall is doing its job by preventing any of the data from being sent out. The following thread, and particularly the posts by Reese Anschultz, might be helpful: