Applocker

AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. The AppLocker provides the following enhancements:

You can define the rules based on the attributed from a file. For example, you can allow execution of a file based on the publisher.
You can configure the AppLocker in Audit Mode.
A new user friendly user-interface can be used to configure AppLocker.
Requirement for AppLocker:
AppLocker works only on Windows 7 and Windows Server 2008 R2 computers. AppLocker is available only in the below mentioned editions:
     Windows 7 Ultimate/Enterprise
     Windows Server 2008 Standard/Enterprise/Datacenter
AppLocker requires a service to be running in background. The service name is Application Identifier or AppID. By default, this service is stopped and must be started for AppLocker to work.
To configure AppLocker, follow the steps:
    1. Go to Start > Run > GpEdit.msc
    2. Expand the following node/sub-node:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Application
    ControlPolicies\AppLocker
AppLocker rules are completely separate from Software Restriction Policy rules and cannot be used to manage previous versions of Windows.
AppLocker and Software Restriction Policies are separate. If AppLocker rules have been defined, then only those rules will be applied and Software Restriction Policies rules will be ignored.

Overview of Windows AppLocker

AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that replaces the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs. Using AppLocker, you can:
Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.

Assign a rule to a security group or an individual user.

Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).

Use audit-only mode to deploy the policy and understand its impact before enforcing it.

Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten.

Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets. 

Windows AppLocker

AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
Today's organizations face a number of challenges in controlling application execution, including the following:
Which applications should a user have access to run?

Which users should be allowed to install new software?

Which versions of applications should be allowed?

How are licensed applications controlled?

To meet these challenges, AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker allows administrators to control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx). This helps reduce the organization's cost of managing computing resources by decreasing the number of help desk calls from users running inappropriate applications.
The following topics provide more information about AppLocker:
Overview of Windows AppLocker

Configuring AppLocker Rules

Configuring AppLocker Rule Enforcement

Configuring AppLocker Rule Exceptions

AppLocker Rule Properties

What Is Keylogging?

Many people use the internet to check their e-mails, bank accounts, shop, and to send personal and private information to others. Most Web sites are usually safe, but criminals have found a way to steal a user's information right off his keyboard. Keylogging is a process of recording a person's key strokes, usually without the person's knowledge, and sending the information to an intended target. Doing this, a person can learn everything that is typed on a computer to use as they will. It is also possible to track a person's computer use using this technology.

Before anyone can detect what is being typed on a certain computer, the person has to gain access to the computer keyboard. This can be done in two ways: with keylogging software and with hardware. Keylogging hardware usually records what a user types on his keyboard and stores it in a mini hard disk until it is physically retrieved. These devices are commonly disguised as keyboard plugs and therefore can be difficult to detect. In addition, since it is hardware, anti-virus programs cannot usually detect it.


Keylogging software, on the other hand, does not need a physical access point. This type of keylogger can be downloaded onto a computer without the user's knowledge. Once installed on the computer, it can then record the data typed on the keyboard and occasionally send that data to a target person. That target person can then have access to anything typed on the computer. Though this type of keylogger can be difficult to detect by a user, some anti-virus software may be able to identify it.

One of the most common uses for keylogging is the theft of personal information. Should a criminal use the software or hardware to capture personal information, he can use that information for his own use. For instance, he can go on a shopping spree using the victim's credit card information. This is why it is important for users to do all they can to protect themselves from such intruders. Knowing and understanding the programs running in the computer background and having the appropriate kind of updated anti-malware software are just two methods a person can use to help protect his personal information.

Some may argue there are some good aspects to keylogging. Parents can use the technology to monitor children's activities. It can also be used by companies to monitor an employee's computer use. It may even help save important documents that are lost due to a power outage. These activities, however, may bring up privacy rights issues, so it is important to use these programs in such a way as to not break local laws.

What Is a Computer Cleaner?

In the course of using a computer, various records accumulate that reveal a user’s activities on and offline. A subsequent party can access these records to snoop on the previous user’s actions, and might even be able to gain personal information. A computer cleaner is a utility that wipes these records to maintain privacy.

The number and type of records generated while using a computer are numerous and varied, found in many different places throughout the computer. For example, many software programs keep a list of recently opened files and documents, or recently viewed images or movies. Run and Find histories are also logged. Temporary files archive copies of documents that might persist for months or even years, if not wiped.

Online activities also leave footprints. A Web browser sets aside allocated memory on the hard disk as cache, or a place it can keep copies of recently viewed Web pages so that these pages can load faster on subsequent visits. Browser cache is a rich source of information about previous browsing sessions.

The convenient auto-complete or auto-fill feature scans records of previously typed words to predict input based on the first few keystrokes entered. This feature can inadvertently reveal previous searches and websites visited, even if browser cache has been wiped. A public computer might “leak” personal information such as name and address, if a previous user filled out a form providing this information.


Snoops cannot read computer cookies because the contents are encrypted, but they can see which websites issued the cookies, inadvertently revealing surfing habits to any would-be busy-body. A computer cleaner takes care of this by wiping cookies.

Windows Internet Explorer makes use of a file called index.dat, which stores information about websites visited and keeps an index of cookies received. Even if using the built-in privacy features of the browser to wipe history, cookies and cache, the index.dat file will remain intact. Only a comprehensive computer cleaner will wipe the index.dat file. Explorer creates a new, ‘blank’ one at the next session.

A good computer cleaner will address all of these issues and more, and should be easily configurable to optionally preserve certain files such as useful cookies. Running the utility from a USB memory stick or flash drive will allow you to clean footprints from a public computer or work station without installing the software.

Although a computer cleaner does a good job of protecting privacy at a basic level, it is not a forensic tool. Windows operating systems lock a portion of the hard disk to use as a designated paging or swap file, for example. This file contains a great amount of unorganized (and therefore seemingly chaotic) data that nevertheless provides records of usage. Readily available tools allow anyone to view the contents.

You can set Windows or a computer cleaner to wipe the paging file at shutdown, but this action typically delays the shutdown process by several minutes or longer. Also, shutting down a public or work computer might not be practical. More obscure traces of activities left untouched by a computer cleaner might also persist that would not likely be found by the casual snoop, but could be recovered by law enforcement or administrators.

What Is an Internet Spy?

The term Internet spy typically refers to something or someone that is monitoring activity on a computer. Most often, the term is used to talk about software designed to capture screenshots of what a person is doing online, or log all text a person enters into the keyboard. This type of computer software is frequently used to steal credit card numbers, passwords, and other private details. Occasionally, it is used to catch a cheating spouse or monitor the activity of a child to ensure their safety. An Internet spy may also refer to someone who physically — rather than remotely — looks through someone else’s computer files to view what websites he or she has been visiting and conversations with other people.

Internet spy software is often downloaded when a person is trying to download other media, like desktop wallpaper, videos, or games. The malicious programs are bundled into the media and can start gathering data as soon as it is accidentally opened. Malware like this can sometimes be avoided by being very cautious about downloading new files, and reading reviews written by other downloaders, if available.


A reputable anti-virus program can usually spot an Internet keylogger or other software application designed to spy on someone. The program should be set to automatically scan the computer every day or so to quickly delete suspicious files. Installing an anti-virus program that is reputable is especially important because some malware programs are designed to look and act like anti-virus programs while either subtly doing harm or being blatant by demanding money to fix viruses that do not actually exist. For example, Norton™, Kaspersky® Lab, and avast!® are generally well-known and respected names in the anti-virus business, while Advanced Anti-virus Remover, Personal Anti-virus, and Anti-virus IS are widespread fake programs.

As for an Internet spy that is an actual person looking through private files on another person's computer, this can usually be avoided by password-protecting the computer. Typically, when a computer is password-protected, it cannot be completely booted up without the user entering a password. When using the Windows® operating system, the user can also set the computer to enter screen-saver mode after being idle for a certain amount of time, then require a password to exit. In conclusion, no matter how an Internet spy tries to steal information or snoop, whether that spy is a nosy human or a simply a software program, there is usually a way to counter the method.

How Do I Choose the Best Open Source Keylogger?

When considering an open source keylogger, you should think about the types of features you want in the program and how you intend on using the keylogger. Different programs can provide you with different functions, such as the ability to e-mail the log to a particular account or take screen captures of visited websites. You should ensure the keylogger you choose can support the use you want, for example if you want to use it to back up your data or to track the activities of someone else. Before you download and install any open source keylogger, you should also make sure it is a reputable program to avoid malicious software and that you only use keyloggers in a legal way.

An open source keylogger is a program to track and record each keystroke made by the user of a computer. This means that each key someone presses is tracked, and all information typed on that computer is saved in one or more files. An open source keylogger is simply a keylogger program that is free to use and modify under an open source license.

You should look for any particular features you want in any open source keylogger program you consider using. Some programs can e-mail a copy of the keylogging file to any account you enter, while others may be able to take screenshots of websites visited. Not all of these functions are available in all programs, however, so you should look for software with the features you want.


As you look at various programs, you should also keep in mind how you want to use your open source keylogger. If you want to use a keylogger on your computer to backup data that you type, in case of system failure, then you can use a fairly simple and basic program. More elaborate programs can be used to track usage by children or to monitor websites visited on public or work computers. These programs are often more discreet as they track user activity.

You should be sure that any open source keylogger you use is safe and that you only use the software in legally responsible ways. As with any program you download and install, you should be sure the maker of the software is reputable and that you only download the program from trusted websites with good reputations. This can help you avoid malware that may be installed onto your computer, or keylogger software that can send your private data to a remote terminal. You should also only use open source keylogger software in ways that do not violate the privacy of other people, including employees, or you may face legal and civil consequences for doing so.