How can i protect from keylogger?

[e><ius]

How do I setup an alarm that will go off if someone installs and runs a keylogger in my network?

Could I also prevent the person from accessing the logger by having the system auto-set a password (non-default) before he does? maybe that would prevent him from even getting a chance to use it.

[Aardpsymon]

what sort of network?
what sort of keylogger?
what monitoring/control software do you already have in place?
why are you so worried about key loggers specifically?
are your users trusted enough to even install software in the first place?

[morganlefay]

Dont make them-users- administrators of the machine...usually limits the install of software...assuming windoz here

as for hardware keyloggers....dont know/?

MLF

[Aardpsymon]

and what about self contained programs that just run without an install.

[morganlefay]

Security is a mutli level issue...

one of those levels is monitoring....and the software installed on machines...

Have an AUP...(acceptable use policy)

If user violates it...fire them

MLF

[e><ius]

this is a semi-public network at a technology and entertainment education center where access and installations are necessary. i hang out with the admins but don't run the show. he kicked out this guy who installed stealthkeylogger or spy____ (i think)... saw him while he was patrolling the lab. my friend was looking for a setup/program that could auto-detect such installs without denying ordinary program installs. i dont know the details of his network platforms or logs, and probably wont see him anytime soon until i get a job.

[Cider]

Give the users limited accounts. As for software app to stop the execution of a program run off a flash disk - I dont know ...

[e><ius]

Give the users limited accounts. As for software app to stop the execution of a program run off a flash disk - I dont know ...

as i just posted, i cant set 100% limited accounts bc users need to have ability to install and run their own programs. or if i do, would i have to list all the programs they can/cant run? gonna be a long research till i can make a huge library. i'd hate to have to do that.

[nihil]

You could try this:

http://dewasoft.com/privacy/kldetector.htm

You would need to check that it was still installed and running.

Basically the scenario you describe is a no hoper. I would imagine that the machines are shared by multiple users.

If you used something like the above, you would have to educate the users to check that it started and was still running before they logged out. It would require a script to disable it and re-enable it which would be beyond the wit of most skiddies.

There again, you can get a demo of a process protector from DiamondCS, that allows you to protect one process. You would have to buy it if you wanted to protect more.

You will not be able to detect a physical keylogger with software.

And, put a warning on each screen "This system is not secure.......do not use it to transmit personal, confidential or financial data"

As a scanner, A-Squared is very good at finding keyloggers in particular......... run that every night?

As I said, pretty much a no-hoper there.

[Aardpsymon]

well, lets ask the extra question,
WHY do users need to be able to install their own software? I know its annoying to have to install every single piece of software, but I can't imagine the chaos if our users could install software. Never mind keyloggers, what if they put a bit torrent client on there? Never mind the spray of viruses you could get from the net.

thought occurs that things that just run won't persist after logoff, need an installer to add registry keys. Of course, if users have access to the registry.....