19 total posts
Defeating DIY Hardware Keyloggers
Thank you for your quick and impressive response. First, there is more information here then I can assimilate at 3:00 AM, and secondly, I'm not the only nocturnal person on this forum.
Even at a quick scan of these sites, I can see that the WinXP on screen keyboard won't work, nor will a cut and paste from a text file. Obviously I will need to do more research. Any direction that you favor?
An ounce of prevention...
All though the castle cops link that Marianna provided is reputable then this LINK you might consider installing some kind of prevention program.
When you get your computer set up the first time press CONTROL + SHIFT + ESCAPE and take a note of the running processes.
When you install another piece of software that you know to be good, do the same, take a note of running processes.
Then when you go to a financial site, press CTRL + SHFT + ESC and check what is running, if there is something that does not look right google the process name and find out what it is!
Also check your IE addons, they can be housed in there sometimes too.
Thwarting keyloggers; editing processes vs encryption
The advice to check what processes are running and then Googling each to see if it's valid is too labor intensive to be practical. I just checked my Task Manager, for instance, and found I have 64 processes running. Surely there must be an easier solution.
I use WPA-PSK encryption on my home wireless network. Isn't that enough to thwart keyloggers?
You are the exact problem IT people need to address.
WPA has nothing at all to do with keyloggers.
Is it too labour intensive to ensure your financial details are secure and safe or are you happy to think that something totally unrelated to what you are doing is going to protect you from being hacked?
The only sure fire way is to do as i said. Otherwise id not have said it.
Thar be booty to be plundered!!
If you are on an unknown computer and want to enter a password for a site use the on-screen keyboard. Every windows computer should have one installed by default, on XP it is in Start - All Programs - Accessories - Accessibility.
If you don't actually use the keyboard to enter the password then that should defeat just about any keylogger, hardware or software.
Onscreen keyboard does not stop software keylogging
A software keylogger is attached to the keyboard API DLL. This is at the kernel level. The on-screen keyboard feeds through this. Other than websites which produce their own Java keyboard (which then never goes through the keyboard api), you have to find the keylogger using anti-malware software. The onscreen one is only good for hardware loggers (which are quite rare - someone has to plug it into the cable).
Clarification from Rickybee Please
Are you saying If you don't actually use the keyboard to enter the password then that SHOULD defeat just about any keylogger, hardware or software.?
Or are you saying If you don't actually use the keyboard to enter the password then that WILL defeat just about any keylogger, hardware or software.?
Unfortunately SHOULD is not an adequate answer. I can get that from any $7/hr Cirsuit City employee.
If you are not Positive then you shouoldn't Post such an answer. If you are Positive then thank you & I will use your suggestion from here on out. Please advise.
I'm using a program called "KeyScrambler" (http://www.qfxsoftware.com/). Don't know if it helps, but it's free and it does popup to say if the page is protected or not.
KeyScrambler is the way to go. It works in FireFox and IE. You can get it on the Mozilla Web Site.
The reviews on Firefox are not as impressive as your views of this software.
Seems like more problems than benefits in this software.
Why do you like it so much?
My question, as a followup, would be what are its limitations since a free version won't ever be as adequate as a paid version. I suppose you are limited to the amount of upgrade versions, as hackers continue their ever-vigilant dastardly deeds.
Still waiting for someone to tell me why.
I'm still waiting for someone to explain why my McAfee firewall and anti virus progams coupled to a network encrypted using WPA is not enough? I would suggest as a non-technical computer user who banks and manages his mutual funds online, that they are effective and adaquate.
Re: Still waiting for someone to tell me why.
A firewall will help you to see outgoing/incoming connections to your computer. If the firewall is properly cofigured, then any spyware should be stopped. An up to date anti-virus does help with identifying malware. The key here is making sure that you keep your definitions up to date.
However, WPA-PSK will not protect your from malware. It will protect you from someone using a wireless packet sniffer. WPA has nothing to do with a keyboard sniffing program.
Beating Keyloggers - low tech solution
Its not the best, but when I am on a PC I don't trust (all of them.... I'm a Mac guy) and I get a user id / password prompt, I alternate between the two fields. I enter the first few characters of the user id, then mouse over to the pawword and do a few characters of that, maybe throw in a random backspace, switch back to the user id field and complete and then back to password
So if my user name / password is ABCDE and 12345 the key stroke logger would see AB12CDE345 which might be enough to throw off the simple minded .
Any thoughts on the efficacy of this approach?