Anti Keylogger Shield may offer some protection for your account
by Daniel Whitcomb 
Apr 12th 2008 at 9:00AM
Hackers are getting more and more brazen lately, hiding various trojans and keyloggers not only in random forum links, but in ad banners and even in electronic devices. Even common sense avoidance of suspicious links and websites doesn't always seem to work anymore. Luckily, there are other tools you can use, such as the Noscript extension for the Firefox browser. Lifehacker reported on a new one yesterday as well: Anti Keylogger Shield for Windows.
This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty.
Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better.
[Thanks for the forward, DrDiesel!]
Filed under: Odds and ends, Account Security
Reader Comments (Page 1 of 2)
Drakz Apr 12th 2008 9:15AM
Thanks xD
And a question
When you gonna make others pimp my profile ?
Thanks
John Apr 12th 2008 9:20AM
A freeware program by an unknown company, there's no way there could be a keylogger hidden in that. Seriously, I hate to break it to you, but downloading software like this is how people get keyloggers.
PeeWee Apr 13th 2008 6:15AM
If I were to do this, I'd make a fully legit progam... at first. If it blocks out other's keyloggers, all fine and dandy, it'll just make more accounts available to you later on. Add an auto-update function, so people even open up their firewalls for your software as well. Have an unsuspecting website like wowinsider promote your software as well, adding even more users. And then... BAM! Add a keylogger in one of the updates, and cash in.
Tavil Apr 12th 2008 9:24AM
Thanks for the program recommendation!
Seems to be working just fine.
Thanks again.
And John i don't think WoW insider would post a program if it was not legit. They do their research I'm sure.
Scribblette Apr 12th 2008 11:29AM
"And John i don't think WoW insider would post a program if it was not legit. They do their research I'm sure."
Not always. See the Phat Loot post earlier about the Orb of the Sin'dorei, where Mike states that the Highborne Elves split into the Blood Elves and Night Elves (which is bollocks, and 30 seconds of googling or wowwiki shows so).
These are human bloggers subject to human failings, so even though the intent is honorable, taking it as 'truth' may still leave you wondering how that pole wound up in your lower intestine.
More importantly, they clearly state that they're NOT the ones who did the testing - as they point out, it was LifeHacker who tested the software, and if you check the LifeHacker post replies, there are people saying it did NOT work for them!
So, be careful, be prepared, and don't blame WoWinsider if things go pear shaped after you install the software.
Spirit Apr 12th 2008 9:35AM
Anything that tells me to download a keylogger is a little scary:
"Install any key logger, example KGB Spy. Start AntiKeyloggerShield.."
dafire Apr 12th 2008 9:47AM
well.. the most accounts stolen get not stolen by keyloggers. they get stolen by trojans that read the account data from memory of the wow client.
perhaps you have saved your accountname in the wow client and you always only enter your password.. it won't help against those "keylogger".
Seajay Apr 12th 2008 10:08AM
After a spate of hackings in my guild we had a talk and came up with a foolproof way of 'never' being hacked.
Maybe someone can find a hole in this and if so please let me know but this is how we purport to never again be hacked.
1: First of all make sure you have no existing key logging software on your machine :)
2: Without wow open right click on your desktop (or anywhere) and select 'crete new text document'
3: Write a random password in this file and save it, for example Leadership77breaksconverted.
4: By using ONLY the copy and paste functions (ie: Ctrl+c [copy] and Ctrl + v [Paste] or right clicking) select this password and go onto the wow website, change your password to this new one.
5: Whenever you log in DO NOT TYPE YOUR PASSWORD. Just open up this text file and select the text then Ctrl+c Ctrl+v it into the password box whenever you need to log in :)
This works by basically meaning you will never again actually type in your wow password. Any keylogging software you ever DO accidently download will only record a Ctrl+c Ctrl+v key press, that could be anything ^.^
If you want to be really anal about it all tick the 'remember my account name' in the wow login and you wont even type that lol.
Ok thats pretty much it. I dont see how anyone can ever be hacked using this process, in fact I actually have now found it even quicker to log in after learning to use it a few times :)
thethirdmoose Apr 12th 2008 10:33AM
Sorry, but that won't work. Many keyloggers actually monitor the contents of the memory where the password is entered, so they will still be able to grab your password.
matthewreingold Apr 12th 2008 11:17AM
clipboard monitoring is easy for a keylogger or a trojan
thats exactly how they do it. It's not that they monitor each keystroke, they monitor all the keys put in between each time you hit enter...it designates that
Daveti Apr 12th 2008 2:28PM
You want to know how far you have to go to be "completely safe" from keyloggers? If I have two computers at my desk, I can designate one of them as my "Security Machine"
The second computer never takes any risks, never runs any unnecessary software, all it has is an OS, virus scanner etc, and a copy of Firefox with noscript. It never browses the internet or goes anywhere dangerous, and gets patched constantly. As soon as I log into WoW on my XP machine, I pull up WoW's website on the other system and change the password to something random and long. Then perhaps for convenience I save the password encrypted somewhere.
Keyloggers are poorly named, since many of them don't even hook they keyboard anymore, and go directly to the memory space of the application they're stealing the information of.
Oh, and the "security" of this system still breaks down if the 2nd computer gets a keylogger on it. Perhaps a Virtual Machine on the 2nd computer that is set to wipe back to an initial state on each boot (and uses an on-screen keyboard since we can't trust the keyboard of the VM's host not to be logged).
Seem a bit excessive? I think it is.
Long story short, the only "secure" computer is one that's turned off... And even then I could probably call you up get you to turn it back on for me, if I were that determined. Just use good scanner software, be safe and smart in your browsing/downloading, and that's really all you can do.
David Apr 23rd 2008 1:04PM
key loggers don't actually capture they "key" they capture the operating system event. In the case of a paste event, they would just capture your password being pasted into the field. Your solution might work for some, but not all key loggers, they would just be monitor for both key events and paste events.
Scott Macleman Apr 12th 2008 10:18AM
@Seajay
Its pretty conceivable that a keylogger could save the clipboard to a file too so,
Ctrl + C, , ctrl + V. bang your pwd is gone...
Seajay Apr 12th 2008 10:24AM
Concieveable or likely?
I had not heard of any key loggers using a clipboard recording function, really only hearing about them actually logging keys, but if this is a widespread thing keyloggers do then please say so :)
thethirdmoose Apr 12th 2008 10:33AM
Sorry, but that won't work. Many keyloggers actually monitor the contents of the memory where the password is entered, so they will still be able to grab your password.
Scott Macleman Apr 12th 2008 10:21AM
Last line should be
Ctrl + C, #save clipboard# , ctrl + V. bang your pwd is gone...
It parsed out my angle brackets
ceckjustin Apr 12th 2008 10:25AM
I think your suggestion of 'Remember My Account Name' as being anal is a bit... dumb. This is because when you use that option, your account name is saved in a text file in the wow directory. Wouldn't be hard for some program to read that...
Seajay Apr 12th 2008 10:42AM
If you already have a key logging software on you machine then typing your username in is going to get you hacked.
Having it auto saved is hardly dumb if it requries the keylogging software to be slightly more advanced. At best it prevents you being hacked, at worst you're in the same position you would've been in anyway.
I think some of you are losing the bigger picture here, we're not attempting to make these password and account details 100% impregnable to any and all intruders onto your machine with limitless resources and a burning desire to get YOUR password. It is simply a way of ensuring a bit more security for yourself.
Doing what I outlined above will prevent a plain simple 'key logger' accessing your information very easily. If they're going to the trouble of saving all the data used on your clipboard, scanning the text files in your wow directory and plain old spying on your keyboard from the tree across the road they're going to get your account anyway!
A little bit of perspective here please guys.
Mats Apr 12th 2008 11:37AM
hear hear.
Be smart, don't log on to wow on a PC that is not your own, don't use the same password for wow as you use on your forum account, nor the same account name. Do not use leveling services, do not loan your account to a friend, change your password every now and then. Use the launcher, use Remember Username option, use a Antivirus program.
Now, even if you do all these things, you can still get hacked, but it will prevent 95% of all attempts to hack your account.
mikey Apr 12th 2008 1:43PM
Well said, Seajay. And thanks for the advice. This is, in fact, exactly what I do. Will that alone save my butt? No. But every link in the chain of defense is important and what you've outlined is definitely worth adding to the arsenal. As you said, some of these folks need to get a little perspective. Thanks again.