How to protect ourselves against keyloggers?

Discussion in 'other anti-malware software' started by Wai_Wai, Apr 4, 2006.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    How to protect ourselves against keyloggers?

    Hey.
    Apart from the obvious method of installing a anti-virus OR anti-keylogger program, what lese could we do to stop keyloggers from stealing our important data/passwords etc. ?

    Thank you. :)
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My strategy for keyloggers.
    1. I will use a snapshot software to recover my system partition during reboot or restore (once or twice a day).
    That makes my system clean without any keylogger (existing, new or undiscovered) and all other infections.
    2. RIGHT AFTER that, I will do my online-banking. I hardly buy on the internet and if I do I will do it the same way.
    Not perfect maybe, but sufficient enough IMHO. Are AK-scanners so much better ? I doubt that very much.
    3. Between two recoveries they may steal my personal files, a good encryption will make them unreadable and useless for the thief. No genius is going to spend his time on breaking my encrypted files, he might break one of my wife's shopping lists. :)
     
    Last edited: Apr 4, 2006
  3. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    Don't install them. :)

    Seriously, they're just trojans like any others. Depending on what you use your computer for, the consequences may be more or less devastating, but your knowledge, habits, OS patches, browser etc. configuration and security software should already be geared to keeping you free of malware.
     
    Last edited: Apr 5, 2006
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Unless he has a bot-net of thosands of zombie computers to do it for him ;)

    Why not just install SU and put the argument to rest, Erik? It doesn't take but a few MB of RAM.. even your old computer can handle it. (I don't mean that as criticism, but rather encouragment.)
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Wai asked for possible solutions for keyloggers, so I gave him my solution.
    Wai doesn't need to use my solution, the choice is up to him.
    Restoring a clean snapshot doesn't require any knowledge of keyloggers.
    Recognizing false positives, bad objects, bad processes does require knowledge and experience.

    I prefer to try and test other snapshot solutions first, like Rollback, FDISR, DeepFreeze, ... and then ShadowUser.
    The final result of these softwares is the same, but speed of restoring, userfriendlyness and the specific advantages of each software are also important for me.
    Assuming that all have a trial period of 30 days, I need already 4 months to evaluate them and make my final choice. That doesn't bother me because I don't have to pay anything during 4 months and I'm not in a hurry either. :)
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Are you trying to tell me, that any encryption becomes worthless, if the bad guy has a bot-net of thousands of zombie computers to do it for him ?
     
  7. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    Not to put words in his mouth, but I think all he's suggesting is that if something can be encrypyted, it can be decrypted as well, given enough resources...
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes I understand and agree, because any lock is created to be broken.
    I don't use encryption to hide secrets, I just want to discourage the majority of thiefs to steal my personal files.
    All these stealing malwares will be removed by a clean snapshot anyway within a period of 4 upto 8 hours.
    If a very small number of people want to break my encryption, they will be very disappointed.
    If I really had a secret I wouldn't put in on my computer.

    Because I do my online-banking right after restoring a clean snapshot, it's almost impossible to record my password with a keylogger.
    My online-banking requires also a special file, that isn't stored on my harddisk. Without that file, I can't access my bankaccount even with my password and that means nobody can.

    There are just too many conditions that need to be fullfilled at the same time to steal anything from me. The lesser security softwares I need, the better.
    Malwares and security softwares have one thing in common : they make your computer working slow. :)
     
  9. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    I don't wish to alarm you, but in this day and age of static ips, the trend these days is towards non persistant malware, that doesn't need to survive a reboot.

    If you rely only on imaging software plus encryption and nothing else it is possible that a hacker can continously automatically exploit the same weakness each time you log on to install malicious software.

    So even if you reboot, to start a new season, it doesn't protect you, since the malware might re-establish connection in seconds.

    I hope you understand that they don't have to break your encryption while the files are on your computer.

    They only take seconds or minutes to steal your encrypted files, after which they can break it at their leisure using stolen computational power for as long as they wish. Depending on how inventive your passphrase is, it can be simple or hard to break. Most people simply don't have good passphrases.

    For a strong passphrase,I typically recommend at least 15 characters with at least one Non-alphanumeric/special characters(try avoiding common punctation marks like ? or . particularly at the end, mix them in somewhere).
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Fernando Villegas,
    I also have a router and firewall. Besides my security setup isn't finished yet and wasn't really the subject of this thread either.
    I wasn't talking about poor encryption, my password will be long enough and I will print it first on paper (paper has no technical failures), before I use it. I won't forget or lose my encryption password like some people do.
    I'm a total newbie in security, but that doesn't mean I'm stupid. ;)
     
  11. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    Good to hear you are going to rely on a layered security!
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes that's what they are telling me all the time at Wilders "Layered Security", but I'm still fishing, reading, choosing, ... and trying to understand how malwares do their job. I have still a long way to go. :D
     
  13. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    Mr ErikAlbert,

    It's like buying a new computer, if you keep waiting because you know next year's computers will be faster and more powerful at the same price, you will never buy one!
     
  14. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    I've heard that running a password manager like KeePass can be helpful for subverting keyloggers. But not if you were already infected with one before you installed it.

    Also running off a bootable cd (ex. Knoppix) would be another way to bypass keyloggers. Then try running a virtual keyboard or password manger (like KeePass) off the cd and you'll also be able to bypass any hardware keyloggers. ;)
     
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Hmm... Not sure if I understand you but:
    - you keep a clean and recent snapshot
    - you restore your clean version before you go e-banking
    - you restoe your recent version after you go e-banking

    Is that what you mean?
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My philosophy is based on how ShadowUser (SU) works.
    A good SU-user separates his Operating System from his personal files.
    So you need at least two partitions : system and personal partition.
    In SU you put your system partition in ShadowMode and that allows you to reboot over and over again with a clean harddisk.
    As long you don't need to change your system partition, you always boot with the same system partition.
    You can't lose any personal files, because they are stored in ANOTHER partition.

    Between two reboots you can get infected of course with any kind of threat, including keyloggers and those threats can do their evil job. After all SU isn't a security software.
    In order to avoid this, users usually keep their other security softwares, like scanners and HIPS.
    Other users use a security suite (firewall + AV + AS) in combination with SU.
    Whatever you use as additional security softwares, SU brings your harddisk DAILY back in a clean state and that is for me much more reassuring, than anything else.

    Now SU isn't the only possibility, alternatives are DeepFreeze, Rollback Rx, FD-ISR, ... and any other software that works with the same principle.
    For me to find out which one meets my wishes.

    Like always, it depends how much FAITH you put in security softwares.
    If a scanner tells me "Congrats, no threats found.", that isn't very reassuring for me. What if the scanner missed something?
    If HIPS asks me to allow or not to allow a certain process or object, I'm not sure, I took the right decision.
    You can't say always YES or NO with HIPS and that's a problem, because the answer needs to be correct.

    So the safest and most reassuring way for me is a clean snapshot on a daily base.
    Are snapshots safe? NO but any software can be compromised and what common is for all softwares is a boring subject. ;)
     
    Last edited: Apr 9, 2006
  17. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    Using multiple (even old) PCs is another possibility from recycling them.
     
  18. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Enough resources? An attacker has no way of brute-forcing a 256-bit AES key in a reasonable time, not even if he makes a botnet with every existing computer on Earth. 256 bit is 10^77 possible keys (more than the number of atoms in our galaxy); it took years for http://www.distributed.net/ to break a 64-bit RC5 with hundreds of thousands, possibly millions computers partecipating.
     
    Last edited: Apr 9, 2006
  19. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Secure banking was mentioned.

    With my bank I enter my personal ID nr (not a secret - fairly easy to obtain I think).
    To create my password/signature into the bank;
    i first enter a 4 digit password into my handheld personal passwordcreation-box - choose "2" in the box to create signature - "1" in the box appears and askes my to enter the first four digits from the bank website - "2" in the box askes me to enter next four digits from the web site - now the box gives me the 6 digit password to enter the password into the banks website.
    I am inside.

    Now I can do any internal or external transaktion.

    If I make a transaktion aimed outside my own accounts I must confirm the validity of that transaction again with the similar procedure which at the end creates a new 6 digit signature/password.

    I dont know if this has yet been broken and it would be interesting to now how this works in other countries.

    How can that be broken?

    Best Regards
     
Loading...
Thread Status:
Not open for further replies.