KeyScrambler for Sandboxie?

[SnDPhoenix]

Most ppl that use Sandboxie no longer worry about their security, but some ppl (not me) still worry about their privacy while using Sandboxie (you know what im talking about tzuk), well i was looking through FF extensions and came across this interesting plugin called Keyscrambler Personal, https://addons.mozilla.org/en-US/firefox/addon/3383, and what it does is scrambles your keystrokes so keyloggers cant decipher what your typing, and according to the site, the way it works, briefly put:

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.

so i was thinking, would you know how to create a driver for Sandboxie that would perform the same operation as Keyscrambler, cause honestly it is a good idea, and i even ran a SAFE keylogger just to see if it actually works or not, and lo and behold, it does its job, plus it might satisfy all those ppl out there wondering "how secure is my private information is Sandboxie?"

[Paul_K]

As a user of the Pro version of KeyScrambler, Anti-Keylogging software from QFX Software, I can confirm that it does provide the user with a feeling of additional security. I have no real way to test it for myself, though.

In the event that the user's PC would become infected by key logging software, there is a very good chance that KeyScrambler will make the logged keystrokes useless.

I have found some sites where I have had to turn it off - where the scrambled text was showing up in the text box instead of the unscrambled text that I intended. Also, program updates appear from time to time since little in the software world can remain static, especially where spyware and malware are concerned.

With the work involved in keeping Sandboxie free of bugs, adding new features, etc., it might be a little to much to maintain a key scrambler too. Unless, of course, there's a large support group behind the scene at Sandboxie.com.

There's a link on QFX's home page (under "QFX News") to a .pdf document that discusses test results of 3 different key scramblers.

[street011]

the idea is realy nice ofcourse, but afaik a good keylogger also uses the device driver to get keys, not the text put in the screen... i'll check the addon out maybe later today after work.

tzuk, i realy support this idea!


sndphoenix, about the "you know what im talking about tzuk" keeps mee wondering... can you fill us/me in here?
If you don't want to post critical vunerabilities on the forum please pm me.

[SnDPhoenix]

sndphoenix, about the "you know what im talking about tzuk" keeps mee wondering... can you fill us/me in here?
If you don't want to post critical vunerabilities on the forum please pm me.

Lol, no all i meant by that is that he knows what i mean about all these ppl that are worrying about their privacy because me and him and even you guys have seen/read all these threads about it.

[tzuk]

tzuk, i realy support this idea!

I like it too, it sounds really smart! But I don't think it's applicable to Sandboxie.

With the KeyScrambler approach, the driver has a trusted friend on the Firefox side -- the add-on. I suppose it tells the driver when Firefox has the focus, so the driver can scramble away, and the add-on will un-scramble.

That's how I suppose it works, anyway.

Now, I could make Sandboxie scramble keys on the driver level, and unscramble them at the application level, but this acheives nothing, because:

1. Any key-loggers in the sandbox would be application level key-loggers -- because can't sandbox drivers
2. Sandboxed applications have to see the unscrambled keys

So the only benefit here is 'hiding' keystrokes aimed at a sandbox process, from being seen by un-sandboxed loggers, and the cost is that Sandboxie has to monitor which app has the focus, and never make a mistake about it. Or people will complain.

I think that has very little merit and a very high cost. And besides, it cannot guarantee 100% security. Just suppose that un-sandboxed 'key-logger' would adapt to examine the contents of text-boxes in the browser, instead of listening for keys.

[Anon_A]

Hello. I realize this is an old thread but, I have a question about this exact subject. It would be directed to Tzuk but, if anyone else knows and would like to reply that is good also.

Could Sandboxie have the key-scramble option added and also add the ability to single out the applications that need the "un-scramble" (White listing) to see the key strokes? That would take care of the problem with the key logger that might be in the sandbox seeing the key strokes, right? I thought of this seeing that Sandboxie can single out applications for internet access and even to run in the sandbox.

[Twilight]

Actually, the latest and the most popular password-stealing malware, such as zeus and limbo, are POST-grabbers. I.e. it doesn't really matter how the output gets there, it would still capture the form data as it is being send. Moreover, some grabbers plug-in into the winsock and applicable DLLs, so they capture even encrypted, HTTPS data.

So this feature (and all of such software") only provide very imaginary protection. Same with virtual keyboards, malware now takes screenshots of the area

Just be careful what you install and use common sense. If unsure, use sandboxie or vmware and check files on virustotal.com (95-99% detection rate).

)

[stisev]

Actually, the latest and the most popular password-stealing malware, such as zeus and limbo, are POST-grabbers. I.e. it doesn't really matter how the output gets there, it would still capture the form data as it is being send. Moreover, some grabbers plug-in into the winsock and applicable DLLs, so they capture even encrypted, HTTPS data.

So this feature (and all of such software") only provide very imaginary protection. Same with virtual keyboards, malware now takes screenshots of the area

Just be careful what you install and use common sense. If unsure, use sandboxie or vmware and check files on virustotal.com (95-99% detection rate).

)

I agree with what you're saying regarding imaginary protection, but IMO the more "reasonable" protection the better. There may be malware that does screen grabbing/winsock plugin hijackers, etc, but if a simple application penetrates the system somehow, the keyscrambler measures may still be effective.

Regardless, I understand and agree w/ tzuk's sentiments. Sandboxie should remain light!

[SnDPhoenix]

Hmm twilight, I agree that using something like KeyScrambler is not a 100% surefire way to thwart the keyloggers, but considering how many keyloggers there are and how many of them are older and aren't the modern "POST-grabbers" keyloggers, that means for someone using KeyScrambler they still got a nice line of defence against most keyloggers.

Of course though, you dont wanna be too careful and think they KeyScrambler would be the cure-all solution, or thats when you'll get yourself hacked.

Also what you mentioned only applies to keyloggers capturing your data through the means of some kind of local/remote network, but keyscrambler (premium I think?) works on most programs, network programs or not, so even your text editors would be protected (to some degree).
Also you mentioned keyloggers taking screenshots, but you said it as if "now" they take screenys, but really that has been builtin to many keyloggers I remember dating back to 2001, so it isn't new. Plus they aren't really "that" effective, because most confidential information (passwords for example) are starred out. So what does the screenshot capture, a whole line of asterixs?

Anyways, I dont even know why you bumped this thread though, this is over a year and a half old...
Of course I just posted in this thread again as well, but in my case this thread is only a day old now, so I am not guilty.