Hi

I have just had a looked at some of the messages placed over the last few months and I note that there is mention of anti-keylogging software. Just how significant a threat to the average user is the use of keylogging software. Is this something that I should worry about or is the threat more imagined than real?

Mike

Hello Norrismj.

Keyloggers are a real threat, and growing, due to the increasing number of people performing financial operations online and other activities involving sensitive data.

Hardware keyloggers are not detected by many (most) anti-spyware or anti-virus solutions. They are used, for example, in private investigations. In many cases a hardware keylogger is detectable via visual inspection, but it may not be that easy.

Software keyloggers are in principle detected by good anti-spyware and anti-virus applications, although no product detects everything.
If you have an updated anti-virus solution which also has spyware detection, and if you take care with what you download/execute, you should be ok.
If your anti-virus product does not do specific spyware detection (which most good anti-viruses already do), you are advised to get an anti-spyware application. In fact, you can get one anti-spyware on-demand scanner even if you have a spyware-detecting antivirus, to provide a second opinion.

According to your level of experience and particular situation, you may also be interested in a sandbox. DefenseWall, for example, warns about certain keylogging activities.

Some AV/AS don't offer detection on comercial keyloggers.
But if access to you're computer is limited only to you, you have safe computer habits and started with a clean system, it's unlikely that a keylogger affects you.

Personally I don't worry at all about keylogger on my laptop, but I use some protection software when I'm on other computers (friends, work, airports, etc).

{QUOTE-> DefenseWall, for example, warns about certain keylogging activities. <-QUOTE}
More certain, DefenseWall blocks those types of keyloggers that are possible to block without huge compatibility issues and warns about those of the keylogging activities that may be used by a legitimate software.

As to how serious keyloggers should be taken, personally I would much rather my hard disk be totally wiped out by a virus than have my bank account wiped out by someone who stole my pass codes via a keylogger.

I was just reading about Defensewall. It sounds like a pretty good way to prevent keyloggers. I also just started using Returnil. I guess a keylogger would disappear when you restart, but until then I guess a keylogger could track your info and send it out.

- Start with a pristine "clean" image of system drive of OS and programs only.
- Image the system drive.
- Run with Faronics anti-executable.
- Restore the clean image whenever you want. Mine restores in 2 1/2 minutes flat.


= No keyloggers without all the extra weighty security programs.

{QUOTE->
= No keyloggers without all the extra weighty security programs. <-QUOTE}
Or follow the advice given here (http://www.wilderssecurity.com/showpost.php?p=1156834&postcount=25) to prevent them in the first place. You can tighten security even more by adding a Software Restriction Policy as described on http://www.mechbgon.com/srp/ if you're using XP Pro.

mine wil protect you.;D

{QUOTE-> Hi

Is this something that I should worry about or is the threat more imagined than real?

Mike <-QUOTE}

my experience would suggest that for many the threat is more imagined than real.

If, however you want to use Internet Banking, pay credit card bills etc then I would suggest that you consider using a Returnil, DeepFreeze type program.
Reboot just before going to your bank and any keylogger that might have been there should now be gone

I would rank it up there with any type of malware, maybe worse (http://www.nytimes.com/2006/02/27/technology/27hack.html?_r=1&pagewanted=1&ei=5094&en=bd1daecaefa11240&hp&ex=1141102800&partner=homepage&oref=slogin).

this is what Kris with AD had to say about them.


{QUOTE-> Regarding keyloggers:

Purging your sandbox environment is no guarantee that while during your subsequent browsing - even if it is directly to your bank or online store - that you will not be exploited. Just ask those who logged onto the Bank of India on 30th August last year.

What you said is absolutely true - no keyloggers present is ideal. But the keylogger protection in SafeSpace caters for the 'what if' scenario, and I feel safer knowing that *if* the unexpected happened, I would still be safe.

Keylogger protection or no keylogger protection. I choose the former.

Best regards,

Kris. <-QUOTE}

{QUOTE-> - Start with a pristine "clean" image of system drive of OS and programs only.
- Image the system drive.
- Run with Faronics anti-executable.
- Restore the clean image whenever you want. Mine restores in 2 1/2 minutes flat.


= No keyloggers without all the extra weighty security programs. <-QUOTE}

Gerard, thank you so much for this. I will definitely read up on this and try it out. I hope it is not too difficult because my knowledge is very limited. I am also wondering if using these products will protect an external hard drive and USB stick????

A friend sent me an article where the gentleman claimed that he discovered his new laptop had a hardware keylogger built into it. He then made the inference, if I remember, that all new laptops were produced with keyloggers.
Can anyone confirm or deny this claim?
Don't ask me to dismantle my laptop, I'm hardware illiterate.::)

{QUOTE-> mine wil protect you.;D <-QUOTE}

I have never heard of it. I will look it up.

Where exactly would a hardware keylogger (such as the one pictured in the link) be placed?

http://www.spygadgetonline.ca/images/SPG-KL102.JPG

{QUOTE-> Where exactly would a hardware keylogger (such as the one pictured in the link) be placed?

http://www.spygadgetonline.ca/images/SPG-KL102.JPG <-QUOTE}


I believe that would be somewhere between the keyboard and the PC.

@lonewolf:

I believe benny bronx was thinking of the laptop described earlier

{QUOTE-> @lonewolf:

I believe benny bronx was thinking of the laptop described earlier <-QUOTE}


I believe you are right.
That's what I get for staying up so late.
In that case, i'm really do not know.


EDIT:

I did find this googleing around

198000

So I guess they do make them small enough for laptops.

Good morning:

No, I meant generally speaking, where would a hardware keylogger most likely be. The picture was just for ...... I don't know, it was late.

As far as the two examples shown, I, and most members, are way too anal about their computers not to quickly notice one of these.

{QUOTE-> As far as the two examples shown, I, and most members, are way too anal about their computers not to quickly notice one of these. <-QUOTE}
I guess that answers my question. I didn't know if they would be obvious or not.
Thanks!

{QUOTE-> this is what Kris with AD had to say about them. <-QUOTE}

So I guess even with a sandbox or virtual program that empties everything, a keylogger can still get your passwords and stuff during that session and send it out.....even though it will not be able to remain on the system. So how can your product prevent this?

{QUOTE-> So how can your product prevent this? <-QUOTE}
Flush the sandbox before doing anything sensitive (entering bank credentials, etc) and start a new, fresh sandbox session.
A little bit of discipline :)

That would work only if you installed sandboxie (or returnil or deep freeze) on a fresh install and always used it when surfing, correct?

Correct :)
Install your sandbox/virtualization tool on a fresh/clean system and do your surfing inside the sandbox. Before doing anything sensitive, flush the sandbox, perform integrity checking* and start a clean sandbox for online banking/shopping.

* Optional but highly recommended. Tools for integrity checking: rootkit scanners, Prevx CSI, RunScanner/Autoruns, Tiny Watcher, Sentinel, etc.

{QUOTE-> So I guess even with a sandbox or virtual program that empties everything, a keylogger can still get your passwords and stuff during that session and send it out.....even though it will not be able to remain on the system. So how can your product prevent this? <-QUOTE}

The quote of what I said actually states that even if you get infected with a key logger during a SafeSpace session, it will fail to record anything - passwords included.

Best regards,

Kris.

{QUOTE-> The quote of what I said actually states that even if you get infected with a key logger during a SafeSpace session, it will fail to record anything - passwords included.

Best regards,

Kris. <-QUOTE}

Even if there is a keyloger during a virtual session, it is unable to capture key strokes or screen shots???? That is awesome. I am going over there right now to take a look. I have never heard of anything like that. Thaks