The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions that helps to locate incompletely removed applications on the system. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw. A successful attack would have the affect of either causing the Windows Shell to crash, or causing code to run in the user's context.
By default, this is not remotely exploitable. However, under very unusual conditions, it could be exploited via a web page. Specifically, if the user has installed, then uninstalled an application with custom URL handlers, and the application's uninstall routine failed to correctly remove the application completely, an attacker could attempt to mount an attack by constructing an HTML web page that seeks to overrun the buffer. Such a web page could be delivered either by posting it on a web site or sending it by email.
Affected software: Windows 98 and 98 SE, Windows NT4 and NT4 Terminal Server Edition, Windows 2000
News source: Microsoft Security Bulletin MS02-014
Download Patch: Windows 98 and Windows NT with active desktop
Download Patch: Windows NT4 or Windows NT4 Terminal
Download Patch: Windows 2000
An unchecked buffer exists in one of the functions that helps to locate incompletely removed applications on the system. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw. A successful attack would have the affect of either causing the Windows Shell to crash, or causing code to run in the user's context.
By default, this is not remotely exploitable. However, under very unusual conditions, it could be exploited via a web page. Specifically, if the user has installed, then uninstalled an application with custom URL handlers, and the application's uninstall routine failed to correctly remove the application completely, an attacker could attempt to mount an attack by constructing an HTML web page that seeks to overrun the buffer. Such a web page could be delivered either by posting it on a web site or sending it by email.
Affected software: Windows 98 and 98 SE, Windows NT4 and NT4 Terminal Server Edition, Windows 2000
News source: Microsoft Security Bulletin MS02-014 Download Patch: Windows 98 and Windows NT with active desktop Download Patch: Windows NT4 or Windows NT4 Terminal Download Patch: Windows 2000
To test the software's claims, TechTV Labs installed a recently released key-logging app, WinWhatWhere Investigator 4, an alarmingly solid performer that provides myriad ways to monitor and record keystroke activity. In our test, Anti-keylogger was able to ferret out the software, which was buried in an obscure file location.
When the software detects a key logger, you'll get the path name for the file and a frightening message:
"Anti-keylogger has detected unauthorized keystroke monitoring programs running on your system. All your passwords, credit card details, and confidential documents (as they are typed) are probably saved in the Log."
In one scan, the program listed a common .dat file (a Windows file that contains user information) as a key logger. The application was technically correct, but you might not want to delete the file. According to a company spokesman, the software uses mathematical calculations to determine the location of a key logger, though when asked precisely how it works he declined to elaborate further, alluding to trade secrets.
There are some un-install issues associated with the application, plus more importantly, the software doesn't offer much beyond detecting and removing key loggers. It doesn't, for instance, leave the offending program on your computer at the same time that it disables its features. The only option is to delete it, a function that's available only to registered users.
Additionally, another drawback is that the software only works with Windows 95/98/Me. Windows NT and NT-based operating systems like Windows 2000 and Windows XP won't be able to use the software.
Meanwhile, a cheaper alternative, Anti-Keylogger 2002 from Centurian Software, is scheduled for release soon.
Conclusions: Anti-Keylogger 1.12 hunts down key logging software so that you can delete it from your computer. Aside from its being a one-trick pony, it's expensive and at times brings back results for software that you might not want to delete.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.