zonealarm=party quarantined

[jukofyork]

I never chat and have it turned off permanently, so never noticed this [img]/images/graemlins/smile.gif[/img]

Possibly party uses these global hooks for the same reason as Yahoo IM and MSN messenger install keyboard hooks? I also not sure on this either, but somebody here might know why they use this.

I have seen Party try to take a screenshot also, but not sure what triggers it to do this, but I have not seen it try to grab text from another application yet.

ProcessGuard also has the added benefits that it blocks kernel level drivers (Ring 0/root-kit Trojans), and can also block injection of dll's into foreign processes.

Juk [img]/images/graemlins/smile.gif[/img]

[SamIAm]

[ QUOTE ]
If you don't want to chat, I see no reason not to use SnoopFree.

[/ QUOTE ]What if you want to add a new buddy to your buddyList? That's the only other time I can think that I type in Party; all the cashier stuff is in IE. (Whether you like it or not. [img]/images/graemlins/smile.gif[/img] )
-Sam

edit: Tested this myself. Blocked Party from Screen View or from Keyboard Hook, and I could still add folk to my buddy list.

[SamIAm]

[ QUOTE ]
SnoopFree detects programs attempting three functions:
1) Inserting a keyboard trap
2) Doing a screen capture
3) Accessing an application not owned by themselves (ie. not owned by Party).

Since installing SnoopFree a couple of days ago (as a result of reading this thread) only #1 has occurred to me

[/ QUOTE ]That's pretty weird. About 5 seconds after I logged in, it tried to take a screenshot. (I denied it! Chumps.)
-Sam

[Terry]

I confirm that search works but chat does not. I haven't had it try to access the screen yet in several hours of play.

Something new in my PartyGaming folder last night: DM.dll

It contains some interesting text:
IsWindowVisible
NONHUMANCLICK_THRESHOLD
CreateToolhelp32Snapshot

Something new for you Windows wizards to have a look at.

[jukofyork]

[ QUOTE ]
I confirm that search works but chat does not. I haven't had it try to access the screen yet in several hours of play.

Something new in my PartyGaming folder last night: DM.dll

It contains some interesting text:
IsWindowVisible
NONHUMANCLICK_THRESHOLD
CreateToolhelp32Snapshot

Something new for you Windows wizards to have a look at.

[/ QUOTE ]
- IsWindowVisible is a standard GDI (= windows graphics) function and is totally normal and used by alot of applications..

- NONHUMANCLICK_THRESHOLD is an internal constant for Party Poker and pretty much does what it says I guess (Most programmers in most programming languages use all capitol letter to represent constants in their code. This is done to make it easier to tell the difference between a constant, a variable and function [the other two things you saw are examples of functions]).

- CreateToolhelp32Snapshot is also win32 standard function and is used for profiling (= speeding up code) and debugging I believe.

Juk [img]/images/graemlins/smile.gif[/img]

[Slider2]

Skype chat also uses keyboard hooks, so it appears to be a fairly common technique. Maybe Party's use of same is not necessarily "evil" (although I'd err on the side of caution given their: "We do not scan your hard drive or take screen shots from your machine.").

Has ProcessGuard done any "Guarding" for you yet Juk?

[otter]

Same result here

[Ray Zee]

its smart of course to protect your computer and be able to see whats invading it.

but its almost foolhardy to not have a separate computer or at least hard drive for your online gaming. as well as a separate bank account at a separate bank from where you do personal banking. its just too dam easy for someone to get into your files.

[MFM00]

[ QUOTE ]
...

Possibly party uses these global hooks for the same reason as Yahoo IM and MSN messenger install keyboard hooks? I also not sure on this either, but somebody here might know why they use this.


Juk [img]/images/graemlins/smile.gif[/img]

[/ QUOTE ]

A standard reason for hooking the keyboard is for 'global hotkeys' i.e. F12 is detected, does something in your app even if the keystrokes are headed to another app.

Its not obvious to me why chat should need this unless Party programmers are into FPS :-)

Simply renaming llh.dll stopped the keyboard hooking (the only Snoop Free detectable action so far on my computer) so failing to load it must be a soft (continuable) error ( if they even bothered to check).

Exiting still causes a hard error for me so improper unhooking may not be the cause of that problem.

[jukofyork]

[ QUOTE ]
Skype chat also uses keyboard hooks, so it appears to be a fairly common technique. Maybe Party's use of same is not necessarily "evil" (although I'd err on the side of caution given their: "We do not scan your hard drive or take screen shots from your machine.").

[/ QUOTE ]

Somebody pointed out that these hooks being related to the chat window may actually be something to do with blocking 'spam bots' which I used to see at party quite often (they seem to have stopped now?).

[ QUOTE ]
Has ProcessGuard done any "Guarding" for you yet Juk?

[/ QUOTE ]

It only blocked Party from snooping so far, but I have been hit by some pretty nasty stuff in the past. Luckly I always managed to get rid of them (something called about::blank was an total [censored] to get rid of though!). Hopefully PG will block more than just Party! [img]/images/graemlins/smile.gif[/img]

Juk [img]/images/graemlins/smile.gif[/img]