If I have WRSA, do I need an anti-keylogger?


Userlevel 3
Badge +12
I have read a lot about anti key logger software lately. In particular, I found one that says it can prevent anyone from activating your webcam remotely or your VOIP to steal information. I am looking at Spy-Shelter and Zemana's Anti-Logger. Does anyone have any advice about this?

16 replies

Userlevel 7
Hi silvanet
 
The simple answer is 'NO' as WSA has anti key logging technology built in.  Click on the gear/cog to the right of the Identity Protection tab abd take a look at what it covers under 'Onliine Protection'.
 
And you can also protect application specifically under the Application Protection tab.  Please see this KB article that explains the terms/type of protection, and look specifically at the section "2. Identity & Privacy > Protected Applications".
 
Hope that helps?  Please do come back and ask further questions if anything is unclear.
 
Regards
 
 
Baldrick
Userlevel 7
Hi silvanet
 
Apologies but I should have precised that the following that I include in my original reply;
 
"And you can also protect application specifically under the Application Protection tab.  Please see this KB article that explains the terms/type of protection, and look specifically at the section "2. Identity & Privacy > Protected Applications"."
 
is only available in the Internet Security Plus & Complete versions...not in the Anti Virus version which I now assume that you have as you have posted your question in this forum.  Apologies for not noticing that before.
 
What I stated in the first paragraph of my response applies to all versions.
 
Hope that clarifies?
 
Regards
 
 
Baldrick
Userlevel 3
Badge +12
Thanks, yes, I have the antivirus. The interface is different, but it does have a tab for Application Protection and does have a button to add applications, but it is not at all clear to me how to add webcam protection or VOIP protection.
 
From a review: SpyShelter can detect the newest, most sophisticated forms of keylogger malware, including screen and sound capturers, webcam controllers, clipboard capturers and SSL-bypassing keyloggers. It also includes a keystroke encryptor to protect sensitive interactions, and it can detect keylogger software that has been purposely installed.
 
Still not clear to me that Webroot has all those features.
Userlevel 7
Hi silvanet
 
You should just go to the relevant folder of the application you want to protect and select the relevant components to log them in under WSA.  For example if I wanted to protect my Logitech webcam I would go to (on my PC) "C:Program Files (x86)LogitechLWSWebcam Software" and select the relavent file(s).  Which are the relevant files in this case I am not sure but suspect that I could find out quite easily with some investigation.
 
Hope that helps further?
 
Regards
 
 
Baldrick
Userlevel 3
Badge +12
The problem there is that I test many different applications, so at any time I may have quite a number of webcam related programs, any of which I suspect could be a means of for example activating my webcam. The same goes for VOIP or many other vulnerabilities. I think I'll just spend the money to test how those anti-keyloggers work and if they're compatible with Webroot.
Userlevel 7
Hi silvanet
 
Understand where you are going and why, and if I am honest I think that your concern is misplaced.  Having said that if any mainline security app will work well with an other then it it will be WSA.
 
Good luck with your search...I hope that younfind what younare looking for.
 
Regards
 
 
 
Baldrick
Userlevel 7
Hi Baldrick:
Your explanation is quite clear and to the point. Prior to purchasing and installing Webroot I had a antivirus on my PC plus SpyShelter Premium. SpyShelter is no longer needed, Webroot does it all....thanks for the good advice
Userlevel 3
Badge +12
I appreciate your experience and you may be right, but if you read my replies I'd still be interested in how one would go about adding every possible application that may exploit VOIP or webcams in Webroot. I have not read anywhere, even from Webroot, that it blocks remote webcam activations (for example).
 
Just reading today I'd be interested also if Webroot addresses the newly widely publicized SSL vulnerabilities. http://zd.net/1nnF9Sw
Userlevel 7
Regardless of what the end function of the malware it still has to run and thus we can catch it. At the risk of sounding a bit smart it cant magically just activate your webcam something has to poll the webcam and then send the data somewhere.
 
So your looking at any one (or a combination) of the following:
 
1) A dropped file either from a exploit/email or similar
2) Said file pulling down further malware
3) A process to activate webcam/skype program
4) Then send said data out of your PC 
 
So your looking at a number of layers in which to catch this
 
File execution (looked after by WSA)
If it comes from a website (the web shield)
Unusual file behaviour (heurstic engine)
Outgoing traffic (Firewall)
If the said file tries to gather data from a browser window (ID shield and/or Keylogger shield)
 
Its also worth noting that Keyloggers are kinda old hat at this stage, there are better/easier ways to get data from people (social engineering) these days. In fact I havent seen a keylogger on a customers PC in a very long time.
Userlevel 3
Badge +12
Thank you. Great explanation. They may not then be up-to-date, but I checked Top Ten Reviews for 2014 on this. I agree that they may not be the best source. I'd be interested in Webroot's comment on Top Ten reviewing WRSA so low. I personally have tried every program they reviewed except G-Data and BullGuard and I chose WRSA as the best for my experience. Amazingly, PCMag review completely different puts WRSA right at the top (where it should be). TechRadar reviewers also seem to be sniffing soda crackers. Tom's Guide, usually pretty good, surprisingly doesn't even mentioin WRSA. PC Advisor rates the highest some of the worst and resource hog products I have ever used (they almost seem to be a propaganda tool for Symantec). AV Comparatives Independent Tests don't even include WRSA. At best, the reviews are completely misleading. 
Userlevel 7
Badge +62
:DHello silvanet
 
We appreciate all your Review Information...interesting indeed! Thanks for the input also!;)
Userlevel 7
Badge +6
It's important to understand that WSA is not a general, blanket anti-keylogger.
It specifically focuses on the brower/OS and protecting their stores of sensitive credentials. It does provide some protections system wide, which I'm not exactly clear on.
 
Other applications, such as Microsoft Word or notepad, are not protected. They can be keylogged. I've watched it myself with samples gathered from the wild. (Disclaimer: This was on an isolated network on a dedicated physical machine that I shortly wiped afterwards. Do not perform your own testing.)
 
It's important to understand that keyloggers use valid hooks that exist for a reason - other programs use them as well. Blanket anti-keylogger requiring a user to allow/deny is not in the product scope for WSA or many other antivirus. You also have to weigh the value of information typed outside of a browser. Unless you're being specifically targeted, no one in Russia cares about watching you type a college paper.
 
I personally run an anti-keylogger. However, it's not something I recommend on the "top three security must-do's" that I tell people.
 
The market rewards set-it-and-forget-it products in the PC protection category. If you're an enthusiast about protection that specifically knows and can handle keyloggers, you are likely getting that protection elsewhere.
 
This is commentary - I take no position on Webroot's approach in this specific regard either way. Webroot seems especially adept at making design decisions that don't provide the black-and-white answers people are looking for. That doesn't make them wrong. Computer security is a land of maddening grey. I could type pages and pages on this and I'm at work.
Userlevel 7
Hi silvanet
 
My personal take and response to your question is a simple one (but it is mine)...basically most of the market & the reviewers just do not understand what WSA is about and how radically different the underlying technology is.  That is not to say that the reviews of the other, more traditional security apps are worthless...not at all...but when it comes to WSA they prefer not to try to understand and therefore come to the wrong conclusions about WSA, or just plain dismiss it.
 
And specifically about TopTenReviews...as I have said here before...there have previously been allegations (and I stress that they are allegations) of payment for results.  Now whilst I am not saying these are true I have to say that I tend to not take too seriously sites that have been tarnished by such claims...and when I look at some of their 'recomendations' I much disagree with them based on personal experience...but again...ths is just my PERSONAL view ONLY.
 
Hope that helps?
 
Regards
 
 
 
Baldrick
Userlevel 3
Badge +12
Thanks. I agree. Not to say for example Bitdefender is not great at finding viruses and cleaning them, but there are other reasons I don't want to use it as my main always on AV protector. I'll take WRSA for that over anything out there every single day; but one can clearly prove to themselves that some of the top sellers and top reviewed products very significantly slow your computer. Many of my highly tech savvy expert friends in computer forensics and security won't even use AV protection at all - preferring alternatives for protection. I'm not a novice. At some point I have incurred attacks that no AV program has caught. I have found System Internals' process explorer very useful in pinpointing and cleaning infections in Windows OSes before the major AV programs get around to covering the newest techniques. It's free, and I highly recommend anyone to learn more about it.
Userlevel 2
To protect those unprotected apps you mentioned , i just added them manually to application protect. I even invluded windows essential executables - such as explorer.exe, cmd.exe, mstsc.exe, notepad.exe, etc - and was able to leverage wsa anti keylogger for those. Works very well!
Userlevel 7
Hi Interested _in_Tech
 
Do be careful not to overdo the protection as it can turn around and bite you in the form of making some application nor operate as expected...so I would really make sure that you are only protecting what you really, really need to...i.e., software applications that may contain confidential information, such as Instant Messaging clients or tax preparation software.
 
Regards, Baldrick

Reply