Antivirus software detects threats by heuristic analysis like it analyzes the commands as they are performed, monitoring for common viral activities such as replication, file overwrites, and attempts to hide the existence of the suspicious file. So can heuristic analysis detect keylogging activity?
Asked
Active
Viewed 246 times
0
-
See here: http://security.stackexchange.com/questions/23778/will-antivirus-detect-all-keyloggers – Aria Aug 28 '16 at 12:55
2 Answers
2
Most systems provide APIs and hooks that allow apps to capture keystrokes (for instance for keyboard shortcuts)
A heuristic could detect the use of such facilities and flag the app for further analysis or provide means to whitelist/block the app, similar to those firewall prompts on Windows.
Modern keyloggers seem to also log the clipboard, presumably to account for paasword manager users.
As all heuristic analysis, it's subject to being subverted/bypassed by a creative keylogger developer.
The logging can also be subverted by tools like KeePass that adds bogus keystrokes when inputting passwords to confuse keylogger.
This rapidly leads to an arms race of increasing costs for both sides :)
GnP
- 2,299
- 1
- 15
- 25
0
I'll give a bad answer like one I've seen some time ago: yes you can, all you have to do is flag everything as a keylogger.
As said in another answer, this would be complex to do, it's a permanent fight. A keylogger may also not be where you expect it, and might be out of reach of a virus. You may for instance snoop on USB packets, or "simply" (it's complex) flash USB controller firmware. An antivirus will have no way to act against such an unknown threat.
user1532080
- 583
- 2
- 8