"Rawr is trying to access the keyboard directly"

Topics: Off-Topic
Aug 7, 2009 at 3:47 PM

I am using Comodo Firewall.  Comodo not only notifies me when programs attempt to make connections to the internet, it also notifies me when they try to do things like access my keyboard, which is apparently a favorite trick of keyloggers.

Whenever I choose to open an existing file, or attempt to load a character from the Armory, I receive this alert from Comodo:  "Rawr is trying to access the keyboard directly."  It then gives me the option to allow or block this behavior.  I have always chosen to block it.

Despite blocking this behavior, I am still able to open files and load characters from the Armory.  Therefore, I conclude that this sudden need to access my keyboard isn't necessary to the operation of the program.  I honestly can't figure what on earth Rawr needs to do with my keyboard that isn't served by the dialog box widgets themselves.  Any ideas?

Another interesting Comodo alert:  Rawr attempts to install a global hook to C:\Windows\system32\explorerframe.dll.  Yet another one that I deny, and yet another one that doesn't seem to be necessary to the functioning of the program.

Do we have a malware author hiding somewhere in our open source community?  That sounds more sensationalist than I meant it to, sorry.  I don't know who gets to touch the source code of Rawr.

Aug 7, 2009 at 4:43 PM

I'll wait for someone who knows MS Net better, but I would suspect that this is behavior caused by MS Net. But hey, never hurts to doublecheck.

Aug 7, 2009 at 6:31 PM

I'm guessing it's just cause by .NET using the common controls library.  Anything could be hooking when that gets loaded and Rawr has zero control over that.  The amount of dlls loaded when you open up a file dialog is amazing and depressing all at the same time.


Aug 7, 2009 at 8:56 PM

Comodo has really been acting weird for a little while now, as effective a protection as it is.  I had to completely unload it from my system for the time being, as I could not even run or install a web-based Java application of any sort, even if I forced it to trust the source, trust the folder it was installed to, whatever.  Hell, it totally blocked the splash screen of any Java application, which crippled most programs.  And I spent upwards of 20 hours trying to "fix" it, to no avail.

Aug 7, 2009 at 10:16 PM

I review the code in Rawr to ensure nothing malicious is included. And I always build releases only from what's checked in, so anyone can review the checked in code if they like.

Everything you describe sounds like Comodo (never used it) is just screwing up.

Aug 8, 2009 at 4:58 AM

Thanks all for the many replies.

I don't think Comodo is screwing up, I think it's reporting the actual actions of Rawr.  However, the cause of the action is probably benign (.NET) instead of malicious.

Denying Rawr direct access to my keyboard has not prevented me from using the program, thankfully.  I am extra skeptical, you understand, of any executable program targeted at players of WoW.  That's why I run a firewall that does more than just prevent incoming connections.

Anyway, you understand why I was concerned.  Thanks!

Aug 8, 2009 at 8:12 AM

As you should be, I wouldn't blame anyone for being skeptical. When I said that Comodo is screwing up, I mean that it's reporting actions when are benign; Rawr doesn't read any keypresses outside of its own window (and you're not typing any secure information into Rawr either). Regardless, I'm glad you're still able to use Rawr.