I don't use Yahoo search engine very often so I only noticed yesterday that Yahoo has a search suggestion keyword function, live as you type.
Other people may be familiar with this but I'm not so I would like to hear others input.
It acts like a keylogger or actually it is a keylogger in my opinion and each letter of the word you type on your keyboard, that same key, as if you pressed "r" or whatever, acts as and doubles as the "enter" key as if you were submitting form information by using the enter key and "something" involved with the markup in that page has your browser automatically connect to the internet with the "r" information and feeds back information from Yahoo which basically are words that appear in a drop down menu.
In my opinion the malicious potential for this function is staggering because it notes and transmits the keystrokes in real time, absent offering real time info on the screen it is invisible, doesn't have an executable (.exe, .hta), employs a completely trusted process on a trusted site, doesn't use a "log" file to hold information for future retrieval, will not appear in a process viewer, goes straight through a firewall and goes unrecognized by antivirus and various scanners.
I believe that protection-ware that works in real time and or browsers themselves should pick up on something like this and warn the user with an option to continue warning since one can only imagine the harm that could be caused if the user stumbled across a or was victim of a counterfeit website impersonating a bank or other that used such a function as this minus any tell tale info appearing on the screen such as search keyword suggestions.
It would make a nice addition to both Avast Home and Pro.
