Keylogger Detection / Protection

[gawguy]

Stepping back a bit... My topics re computer security stem from reading an in-depth article in June 2010 Rolling Stone Mag about Albert Gonzalez and his drugged out posse of hackers. He "..masterminded the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007â€â€the biggest such fraud in history. Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks. During his spree he was said to have to thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke down..." (And http://en.wikipedia.org/wiki/index.html?curid=24030969)

 

He had a network that went into China and Russia. It was a chilling revelation for someone like me whose assets are just about all online. An excellent article that goes through the evolution of the techniques these guys (kids!) used, their different backgrounds and motives, and their eventual capture. Smart aleck Albert had day job working for US Govt in Cybercrimes Unit making $75k/annum, which enhanced his ability to hide while he watched them chased him.

 

So.....eventually your comments and my explorations have led me to the topic of keyloggers. I have three main questions so far:

 

1) If you only use LAN (not wifi) for computers with sensitive data, does that help protect you from people who would install keyloggers?

 

2) I have read that AVG Free Edition might not protect against keyloggers, so what is the best protection against an installation? I have access to Norton AntiV for free through my ISP which is Comcast. Should I switch?

 

3) Is there a way to see if a supposedly "undetectable" keylogger is on a system.

 

Thanks,

Gaw Guy

[kamui]

1) If you only use LAN (not wifi) for computers with sensitive data, does that help protect you from people who would install keyloggers?

 

Keyloggers are either installed via hacked websites/illagally downloaded software or by people (i.e. family, co-workers, e.g.) with direct access to your PC. In both cases it doesn't matter if you use LAN or Wifi.

 

2) I have read that AVG Free Edition might not protect against keyloggers, so what is the best protection against an installation? I have access to Norton AntiV for free through my ISP which is Comcast. Should I switch?

By the way, very dangerous places are public Wifi networks like on airports at Starbucks e.g.. These a favorite places for hackers.

 

The recent version of Norton gets good grades. But I wonder if it helped with the recently discovered huge Windows security hole?

 

It's a really old saying, but other OS like Apples OS and Linux are currently much more secure against attacks via internet, because of the still low percentage of PCs running non Windows OS (the might change in regard to Apple in the future)

 

Generally you should run the PC in a mode that prevents any changes by other people (i. e. don't login as an admin, but as a user with reduced rights)

 

3) Is there a way to see if a supposedly "undetectable" keylogger is on a system.

 

Some Producers of keylogger software claim, that their keyloggers can't be detected once installed properly. If the keylogger is hardware based (like like being included in your keyboard) no software will find it.

 

Generally, keyloggers installed via hacked website are looking for basic financial data like bank account information, and people who run these operations are not interested in your other personal data at all. Personal data are usually searched by people close to you (at home or at work).

 

As someone said before: The best is to keep the data stored outside your PC. An encrypted memory stick with a biometric lock, which you can hide or put in a safe is probably the most secure way.

 

But what ever way you choose to store and secure your data: You will need a second copy of your data! Any storage hardware can - and finally will - fail.

[gawguy]

As someone said before: The best is to keep the data stored outside your PC. An encrypted memory stick with a biometric lock, which you can hide or put in a safe is probably the most secure way.

 

But what ever way you choose to store and secure your data: You will need a second copy of your data! Any storage hardware can - and finally will - fail.

 

I have been with that plan for a long time except memory media is normal. On the media I store sensitive data in TC container. Isn't that about as good as encrypted stick w biometric lock?

 

I have looked at IronKey options and they look good, just that all these sort of things are very expensive. (They have fun videos on youtube showing Hummers & bobcats running over Ironkey flash drives.) The really important data I have doesn't go outside the house anyway and usually stays on off-line-only systems.

 

It's also written so that if I handed it to you, you might figure out it was passwords, but you wouldn't know what they were or what sites they were for. Pig Latin! No..not even a code..it's just "all up here" - not the pw's, but what they are for.

 

Further question:

If I use a password program, are they pw's safe from keyloggers? I see that Norton Security Suite, which I just installed "free" as part of my Comcast package, has a password and credit card safe thingy. That must be totally safe because if anyone got robbed from the Norton safe, can you imagine the fallout??!! Norton would be the new BP ...or PG&E (they blew up the 53 houses in CA.)

 

If I cut and paste pw's from a word or other file are they safe when pasted, not typed?

 

Thanks for the help and insight. Gaw Guy

[LizardKing]

If I cut and paste pw's from a word or other file are they safe when pasted, not typed?

Yes, that is a way to get around keyloggers. If I need to do sensitive stuff not on my computer, I use a USB key with a portable version of FireFox and a text file to cut-paste my logins. Leaves no traces on any internet cafe confuser.

[gawguy]

If I cut and paste pw's from a word or other file are they safe when pasted' date=' not typed?[/quote']

Yes, that is a way to get around keyloggers. If I need to do sensitive stuff not on my computer, I use a USB key with a portable version of FireFox and a text file to cut-paste my logins. Leaves no traces on any internet cafe confuser.

 

Wow! That answer was worth the cost of admission and all these posts! I didn't know that there was a portable FF. I presume the reason you carry your own is because when you go to an internet cafe either they don't have FF, OR, more importantly, what they have may have vulnerabilities that your up-to-date version does not OR the one they have has been tampered with / hacked already. Is that right? All of the above?

[LizardKing]

All of the above. Portable apps are your friends. There are many useful ones. Do a search on that link or Google for more.

[keekwai]

I have seen USB flash drives infected using the autoplay feature in XP. People should disable autoplay on their personal PC to prevent the spread of virus or malware picked up from another PC.

[acockasian]

This is GREAT stuff!

 

Some things to think about as although 98% of my computer time is spent on Asian porn every now and then something sensitive passes my way.

 

So if I pick up one of those little USB keychain type drives am I correct in assuming 2 gigs is more than enough?

 

 

[gawguy]

I have seen USB flash drives infected using the autoplay feature in XP. People should disable autoplay on their personal PC to prevent the spread of virus or malware picked up from another PC.

That's for sure! However, it's autorun, not autoplay. Different animals. I got autorun virus last time in LOS at one particular internet shop. It hopped onto 2 computers (all partitions) and my camera and was a bitch to fight. Thank you for reminding me.

 

"Putting a blank-read only file named autorun.inf prevents malicious scripts from auto executing. It can only prevent scripts with extension scr from executing. Basically those malicious scr files modify folders, changes the attribute of the folders to hidden and creates dummy folders. I have been using this method, and it works. It prevents he modification of autorun file."

 

Do you agree?

[gawguy]

"Generally you should run the PC in a mode that any changes by other people (i. e. don't login as an admin, but as a user with reduced rights)"

 

Absolutely agree but I've hit a problem. While working online I want to access TrueCrypt. "You must be logged in as administrator to load tc driver." Kind of an ugly problem, yes?

 

GG