Jump to content
Important Announcement: Planned Forum Shutdown ×
Important Announcement: Planned Forum Shutdown

Firefox Question

blues

By blues,
in Other Emsisoft products

 Share

Recommended Posts

blues

blues

Posted
Posted

I know that many legitimate programs are identified as key or screen loggers by OA so that we are aware of potential issues and have the opportunity to deny this activity if we choose.

 

I can remember Firefox being identified in the past as a "keylogger" but since about a week or so back I now see it also identified as a "screen logger" as well.

I don't recall seeing this previously.

 

Has something changed with Firefox or is OA now identifying a characteristic of Firefox that was there all along but not alerted to?

 

Would just like to ensure that this isn't indicative of any potential breach of security especially when I log into a financial institution via "Banking Mode" (and utilize Sandboxie.to enhance security).

 

Thanks in advance.   I continue to be hugely impressed by the tandem of  OA & EAM.

Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

I've noticed that quite a few of the apps I run have this 'screen logger' warning.  I was wondering what it is that OA spots that makes it think that an app is doing this?   I'm guessing that it's use of some set / family of screen control features (ie an API or subset) which can be used in a program to do a bunch of things one/some of which might be logging. 

 

I'm hoping that the problem is that when programmers write apps they often use general libraries of program code; such a library might offer a set of functions or procedures to do various things, none of which are logging, but all of which use the same underlying OS API as a logger might use, and perhaps OA is unable to tell if logging is actually taking place.  Some clues would be useful.... eg links to MSDN pages where such things are described. 

Link to comment
Share on other sites
Nick

Nick

Posted
Posted

@blues,

 

I experienced the same, during the manual upgrade (via GUI) of one of the recent versions of FF - I don't remember which one exactly, but I'm sure it wasn'tt any of the 19.xx.

 

For some reason, OA didn't trust the new components of FF automatically and asked me what to do during the upgrade process - actually 3 or 4  pop-ups. The same happened shortly after with Thunderbird as well.

Perhaps it was just a temporary problem (server side related) with the online look-up (see the "Contact Anti-Malware Network in realtime" option in Programs/Options).

 

Cheers,

N.

 

--------------------

Win XP Pro SP3
Avast! Free AV 8.0.1483
Online Armor Free 6.0.0.1736

Link to comment
Share on other sites
blues

blues

Posted
  • Author
Posted

I noticed this morning that when I had the keylogger permission blocked for Thunderbird that I could not check for updates by going to "help", "about Thunderbird", "Check for Updates".

When it was re-enabled I was able to do so.

I deleted the OA keylogger permissions for Firefox last night so we'll see when it next resurfaces.   As I recall, "Plug-in Container" asked for the permission about a week or so back while trying to run a video.  If I didn't give it permission it wouldn't run.  I don't recall the other specific instances where within Firefox.exe itself the permission was requested or needed.

Hopefully one of the Emsisoft folks can tell us more and whether there are any concerns on our end.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

Hopefully one of the Emsisoft folks can tell us more and whether there are any concerns on our end.

I doubt there is any reason to be concerned. There are many legitimate programs that function in such a way that Online Armor will detect as a "screen logger" or a "key logger". To know more than that, we will need Debug Logs.

To get Debug Logs, please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with Firefox and these warnings. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

Link to comment
Share on other sites
blues

blues

Posted
  • Author
Posted

Thanks, Arthur.  I'm not too concerned, more curious.  With Sandboxie, any changes would be deleted once the program is closed in any case.

 

I suppose I was more concerned about the possibility of a malware initiating the screen or key logging though I'm pretty sure OA or EAM would pick up any attempt at code injection etc.

I'm not going to bother with debug logs at this juncture but do appreciate the info for future reference.

Link to comment
Share on other sites
blues

blues

Posted
  • Author
Posted

By the way, as withThunderbird, I found that if I blocked Firefox within the keylogger menu of OA and then went within Firefox to "Help", "About Firefox", "Check For Updates" it would not work.

 

However, If I went back and "allowed" the Firefox entry within OA's keylogger menu, then all was copacetic.

 

Looks like Firefox and Thunderbird require these permissions to function properly.  

 

From here on I'll just let OA, EAM & Sandboxie do their respective jobs to protect both Firefox and Thunderbird as well as the overall system from any intruders.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

... If I went back and "allowed" the Firefox entry within OA's keylogger menu, then all was copacetic.

 

Looks like Firefox and Thunderbird require these permissions to function properly.

Their updater must do something that triggers the keylogger protection in Online Armor.
Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

I understand.  But the fact remains that quite a few programs I have seem to use features, hopefully innocently, which look to OA as if they might not be innocent.  I'd quite like to pursue with the programmers of those programs the idea that perhaps they should change what they're doing.  It's going to be hard to do that if I can't tell them which API functions are the problem areas.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

The issue is that a HIPS does not make decisions automatically, unless rules are explicitly created for that application. Online Armor does use methods to reduce the number of notifications you will receive, and each notification will have an option to remember your decision (and many times even to add the application as Trusted).

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 06/29/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...