Open j-waechter opened 8 years ago
Also, by the way, Interception is special and specific software, it's an illusion that it's opening anything, look at this statement:
"every malicious bit of software that is able to call DLL functions (even from non-elevated processes) is able so simulate keyboard and mouse input or log the user input if a user has just".... Windows?, Windows hooks? or any other means, the system has been pwned already at this stage.
Interception, Windows hooks, Windows! turns into just some warming welcome to what already had open the gates ;-)
If I understand correctly, you mean using Windows hooks is exactly as efficient in keylogging as the Interception library. If that's true, that's a good point.
Are you concerned any little bit about key loggers? You mentioned you use the library personally.
What about some #ifdef
/#endif
in this repository to let a concerned user compile the library without the receiving functionality? Would you accept a pull request?
For the limited functionality tagged as keylogging, there isn't much needed, Interception provides extra features but regarding keylogging vectors, it isn't special compared to alternatives.
No, I'm not concerned. My personal position is that of not expecting malwares relying on specialized 3rd party software that may help keylog for them to be able to keylog, they will do it otherwise. If my machine got to the point of running malware without my knowing, that's the problem already, at that point the malware could be doing anything, including keylogging through any feasible means.
As I said, 1. is won't fix, I'm really not interested in that solution.
Thanks for the information. I'll leave it up to you to close this issue or not because of point 2.
Hello,
to my understanding, every malicious bit of software that is able to call DLL functions (even from non-elevated processes) is able so simulate keyboard and mouse input or log the user input if a user has just the Interception driver installed. I don't want to use the driver and library in this state.I would suggest a version of the library that only allows sending, but not receiving to prevent keyloggers.Further,are there any ways for some kind of authentication so that only applications are able to send user input that are trusted by the user, without forcing the user to type admin passwords on every application start if the account is not an admin account?