Are Keyloggers a threat?

Discussion in 'privacy problems' started by n8chavez, Oct 24, 2011.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I have been reading some threads here lately about keyloggers, which ones function the best, which are are proactive, etc. I was wondering though if there are a real concern for me and if I need to do anything to help prevent them.

    I use LooknStop firewall, a heavily tweaked Sandboxie, and RollbackRX. My way of thinking is that keyloggers don't pose much of a threat to me. They would have to be able to access the internet, which is filtered by LnS. If I were to get infect by something else I could simply roll back my system to a previous state. I also have three sandboxie boxes configured to filter what can be run inside of them and what has the ability to access the internet from inside them. Also, all three boxes are configured with low privileges.

    I don't really care if it can capture what I type, as long as what it captures can't be transmitted. Or am I thinking about this all wrong?
     
    Last edited: Oct 24, 2011
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    unless the malware is using another process to connect to the 'net.
    i know LnS can control this but if you have been infected who's to say what that malware can do exactly?

    and how could you be sure 100% you are not infected since some malware are made to operate 'invisibly'?
    you could be infected and not even knowing about it.

    your SBie is your best and first line of defense.

    also, you have to worry about all type of loggers, not just keyloggers...'
    a screen logger could be just as bad as a keylogger.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Add Internet Access or Start/Run Restrictions on Sandboxie. All offline software keylogger wouldn't work correctly.
     
  4. COMPYPY

    COMPYPY Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    80
    In my point of view I will surely have anti keylogger on my system if i am security freak.
    Most important information from your computer can be traced which are ids and passwords and you need some anti keylogger to prevent or minimize the chance of tracking your password.
    I cant mention the name but one of the Great computer expert who run his blog/forum (c) has advised me that you need anti keylogger and net tracker if you want to go without any antivirus/antimalware on your computer.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    HIPS, application restriction, and virtualization are more than enough in almost all cases. The only exception are for online threats.
     
  6. COMPYPY

    COMPYPY Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    80
    Sometimes keylogger get pass from all the above mention action.
    On virtualization if online keylogger attack occurs and you type password at that time ( i mean in virtualization period) it can be tracked by keylogger
    Anti keylogger are not a memory eater or system hogger and you can get free version as well than why one should not have it on the security setup.
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    All that's well and good. And, you're right, an HIPS *could* do the job, but I've seen them bypassed. An the whole HIPS concepts goes against virtualization, making them both overkill. I'm thinking very basic here. There are two things I think are most important here. If I were to to get a logger, of any sort (clipboard, screenshot, webcam, etc), the probability says that it'll come from the internet using either IE, Opera, or Miranda. All of these are sandboxed to allow certain exe files the ability to run and access the internet. Second, whatever data the logger captures will have to have internet access to upload that data to whoever attempted to spy on me in the first place. A firewall, such as LnS, will prevent that. Granted the x64 version doesn't have .dll authentication, but it should still prevent the logger if denied, right?
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That's why I said application restriction. As in Sandboxie's Internet Access and Start/Run Restrictions.
    If it cannot upload data or run, then what's the point? Online ones are covered for me as well.
    They are virtually useless for my system. Sandboxie, SRP, Comodo, Perpspectives, NoScript, LastPass, TrafficLight/WOT/DNS, etc. are more than enough.
     
  9. markedmanner

    markedmanner Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    134
    Comodo with D+ and a sandboxie with the restrictions that J_L mentioned I would believe would be more than enough. Unless you are downloading cracks etc.
     
  10. x942

    x942 Guest

    The only time I have EVER seen a stand alone keyloger is with commercial ones. Most of the time they are bundled with backdoors, trojans, and rootkits. That said Almost every sample I have seen lately (last 5 or so years) has had keylogging capabilities.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Look at this thread :cool:
    https://www.wilderssecurity.com/showthread.php?t=312489
     
Thread Status:
Not open for further replies.