The other day a customer returned a piece of security software as she deemed that it would not fulfil her security requirements because it did not have keystroke encryption to protect her from key-loggers. I wondered how this encryption worked, and how you were actually protected.
WARNING – Technical Content
Well, I finally got in touch with the manufacturer today, to ask the question. I learned a couple of things:
1) The protection is only installable into a specific array of browsers, and will not protect you from a keylogger if you are, for example, typing a Word document. The particular software I was loking at supports Internet Explorer 6 and 7, as well as Firefox 3.
2) I was expected to take on faith that it is "designed to protect against keyloggers". When I asked how it was protecting me (including information which should be made public, such as the encryption algorithm being used (Security 101- only use peer-reviewed, publicised encryption algorithms.)) I was told it was against SOP to provide the details.
I still don't know enough about their implementation to know whether it really works or not. I'm looking at what seems to be a similar product here (http://www.guardedid.com/images/GID_Graphic_r2.gif) and it claims to replace the hardware driver, bypassing the software driver and standard set of controls for keystrokes entered while in the web browser.
I completely fail to see how that could work in a functional sense, or how they can be sure that the bad guys haven't done the same thing. We'll see whether they get back to me, but I find this a difficult claim to validate, or even be satisfied of its plausibility
Edit – 31 May, 2009.
So, they, Trend Micro, never got back to me, never sent me the mail I was told (along with the warning that it might not be the depth that I was after)
What all of this means for you, the end user?
Don't just rely on your antivirus to protect you. At the end of the day, they're not liable if you *do* catch a virus, so their only motivation for protecting you is that bad press gets around a bit. You need to be a bit savvy… keep an eye on that lock in the bottom-left if you're doing anything you don't want people to see, and don't open attachments that you're not expecting from people, whether you know them or not. Scan every attachment you are expecting before you open it, just in case. https (the protocol you're using when you've got the lock there) protects your information as it travels the internet, but makes no guarantees about the computers it's connecting either from or to. Act safe online, and you'll stay safe online. It's that simple.