Increase detection and an anti-keylogger tool

Ben111
Ben111 Posts: 2 New Member

I have an idea to further increase the detection rate of the Deep Guard. As an an example. A user captures a new Trojan that is not yet covered by real-time protection. Deep Guard responds and asks in the cloud and gets the answer that they do not know. And now comes my idea. Give Deep Guard the opportunity to upload the suspicious file to Virus Total to see if the file is already known there. If e.g. G Data already knows the file as a Trojan Deep Guard can respond immediately and move the file into quarantine. This would also reduce false alarms. If Virus Total still has no information about the file should Deep Guard course, as usual, the file in a sandbox to run to check how it behaves.
Furthermore, I must praise the banking protection but also criticism practice. You have developed the protection of banking really well but if you enter credit card data, there is no protection. If a keylogger is overlooked, nothing is 100%, he has the data from the credit card and can cheerfully shop and clear the account, even plunging the victim into debt. Your software urgently needs an anti-keylogger tool that will not let keylogger have a chance. You have developed a very good software and I am sure that an anti keylogger tool for you is no problem to develop it and insert it into the software.

Comments

  • Ukko
    Ukko Posts: 3,666 Superuser

    Hello,

     

    Sorry for my reply.

     

    I'm also only F-Secure user (their home solutions).

     

    Maybe your ideas about good points - but I able to suspect that it's partly implemented with suitable view.

     

    And, for example, with your direct examples:

     

    --> if file is pretty 'known' under virustotal - most likely - this is already known malware (and if F-Secure do not detect it at the date - most likely - will be detection after some days/week).

    if file is detected only by some of companies - most likely - often it will be false positive;

    If file is detected as Trojan by G-Data - most likely - it detected by F-Secure too.

     

    --> so, potentially, not visible any 'addition-points' to DeepGuard design (increase security or decrease false positives).

    but it will add troubles to privacy-state. What if users do not want to upload their 'suspicious' files. If it will be only 'hash' check - so.. if file is not uploaded before -> no result. and so on (troubles to perfomance-state; another privacy-concerns...).

     

    --> about Banking Protection and keyloggers.

    Main design of Banking Protection that if data is entering to suspicious/malicious form (or captured by keylogger or anything else as real-time scripting) -> network connections are restricted. And with common view -> captured data should be uploaded/transferred to malicious servers - what MAYBE will be restricted/blocked during Banking Protection session.

     

    With other meanings: keylogger (malicious software) should be detected as malware. If this is not detected by F-Secure -> so... any other malware also can be undetectable. Trouble with keyloggers that, most likely, their main functionality is not malicious (or even suspicious) actions.

    And possible to create MANY 'safe' keyloggers which will be 'not detected' by any of security software. Until it goes to be used only by harmful steps. OR when such keyloggers will be with additional features like 'transferred data to third party server from user's system' (with hidden-steps) and so on.

     

    Thanks!