I am the author of the Last Resort keystroke capture program for the Macintosh, published by Working Software, Inc.. I am writing up the surveys for LR for Mac, DOS and Windows and will send them shortly. I have a couple of comments, which the list might be interested in hearing. Your entries for the Macintosh should record the file type and creator code, which are, for Last Resort, 'cdev' and 'mIKE' respectively (case is significant). If someone were to write an automated scanner meant to protect a disk against such utilities, it would be much more reliable if it looked for the creator codes, as Mac programs are usually written to not depend on having a particular file name. These codes live in the file system, but are not part of the name space as '.EXE' would be on DOS. You can view them with ResEdit's "Get File/Folder Info" item from the File menu. We spent a lot of time pondering the problem of password theft. We decided that the benefit to the consumer of having this utility available to save data outweighed the obvious danger of password and text theft. The problem increases, though, if one is not aware that Last Resort is installed. The Read Me file on the distribution disks has a discussion of this problem (as well as the problem of people snarfing your files when you share your disk to the whole company or campus), and there is a way to disable key capture temporarily, for password entry. I'm not real happy with the ease one can sneak Last Resort onto someone's machine, but I take a little ironic solace in knowing that similar programs that are "more hidden" than LR are available in source code form from Phrack, at least for DOS. On the plus side, I have gotten many, many letters, e-mails and phone calls from people who say it saved their butts when a piece of critical information would have been lost. I had the habit of taking customer orders over the phone while in the middle of debugging a program (like Last Resort!) and would frequently crash before the order could be saved or printed. LR saved my company real money in this case. David Pogue's book _Hard Drive_ is based in part on Last Resort, in that a key capture utility is used to recover a password that saves the world. I was quite tickled by this. I'm sad to say, though, that I know of one case in which Last Resort precipitated the end of a relationship, in which a fellow discovered the love letters his girlfriend had e-mailed to someone else in his Last Resort files. This particular fellow was glad that he found out about it, but I still feel a twinge of guilt when I think about it. I certainly support any effort made to document the existence of these programs. I might suggest that one way to defend against them would be to watch for the patching of certain system calls - patching GetNextEvent or installing a jGNEFilter on the Mac, and warning the user if this happens. It's easy to detect such patching; for the most part it will be innocent, but a hacker who had a fair amount of Mac programming knowledge could make a keystroke capture program in an evening of work, so attempting to catalog them all will provide only moderate protection against them. BTW... most of those other commercial keystroke capture programs (no names here) are clones of Last Resort. Some of them even had the gall to use our logo in their advertising (in a claim they were better than us). LR might not do as much as some of them, but I know that it is more reliable than the competitors I have tested. So if you are going to actually _use_ a key capture program for your own (legitimate!) use, consider getting The Real Thing, the One True Key Capture Program, the Saviour of Data: Last Resort. I don't work for WSI any more, but we remain friends, and they can be reached at: Working Software, Inc. PO Box 1844 Santa Cruz, CA 95061-1844 (408) 423-5696 (800) 229-9675 (408) 423-5699 FAX working@scruznet.com 76004.2072@compuserve.com Cheers, Michael D. Crawford crawford@scruznet.com <- Please note change of address. crawford@maxwell.ucsc.edu <- Finger me here for PGP Public Key.