December 19th, 2007, 09:03 PM
Avoiding keylogger trouble
I was wondering if it was a good idea to use the "remember password" function to avoid keyloggers registering those keystrokes.
Is there any reason not to use said function on a regular basis?
December 19th, 2007, 09:16 PM
well i guess in that sense it would have it's pros and cons. assuming the keylogger wasn't there at the time you saved your password then that would avoid sending your keystrokes to some bored kid in china. but who all uses your computer or even has access to it? There's a couple small, free programs that will show the plaintext of all remembered passwords. Not to mention if someone cane&abel'd your computer you'd be completely naked...
December 19th, 2007, 10:22 PM
I have heard good things about Roboform, but like xiphias360 said, if the keylogger is installed at the time of configuration, you are hosed anyway... you might be able to copy and paste each letter of the password individually from different documents... but even that could pose a risk
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
December 20th, 2007, 02:58 AM
It all depends on who has access to your computer, like xiphias360 said. If it is your personal desktop/laptop and you connect to the internet the same way everyday (through a secure wireless, or secure modem) then you should be fine, just don't let some stranger with a USB drive use it =)
If your taking proper security measures, then you shouldn't be worried about keyloggers anyways. A good firewall should thwart most keyloggers.
December 20th, 2007, 07:48 AM
Why don't you try to prevent getting a keylogger in the first place?
Experience is something you don't get until just after you need it.
December 20th, 2007, 08:07 AM
Hello Godfearin', and welcome to AO.
Saving passwords is a double edged sword as it goes. If you don't save them you are vulnerable to keyloggers. If you do save them you are vulnerable to password rippers.
Also, please remember that the keyloggers of this day and age also do screen captures
There is an argument for saving password and logins to media and just doing a cut and paste, but I remain totally unconvinced that this will block more than the crude, scriptkiddie tools.
SirDice has my vote:
Why don't you try to prevent getting a keylogger in the first place?
December 20th, 2007, 02:26 PM
Your response just made me think a little. Why do most people ask a computer related question like the worst has already happened, and they are trying to fix it now? =)
Originally Posted by SirDice
December 20th, 2007, 04:59 PM
I did not read the question that way.
I assumed it to be asking if storing passwords was a good idea because they avoided keystroke logging.
The answer is NO!
1. If you are compromised you MUST assume that the perpetrator has loaded both a keylogger and a password sniffer. It then becomes the old "catch-22" or "damned if you do, damned if you don't" scenario.
2. When your files get corrupted you won't remember your password because you never type it in. Make sure you write them down........... last but one page in the family Bible or Koran is a good place.......... perps never look there
SirDice has, as usual, cut straight to the heart of the issue. Basically, if you put yourself in a position to get compromised, you have already lost the battle, so to speak.
You need to think security basics:
1. Never run with privileges beyond those that the immediate task requires. Learn to use "run as" if need be.
2. Do not click on unknown links, open e-mails from people you don't know, and particularly attachments from people you do know. Unless you are expecting them check with the sender first, or just use a pre-arranged code in the message (hey that's real difficult huh?). Something like: "The attachment to this missive contains a virus that will drink all your beer, then take your gf/so out on the razzle and pay for it with your credit card" That doesn't translate too well from the Chinese
3. Even if you are happy with the source, you should download the attachment without opening it, and scan it first. Here are two resources:
OK............ a hex editor will do the job?
OK(2) it boils down to how well you rate the security awareness of the sender?
4. Protect the basics. Not only does a fair proportion of malware require elevated privileges, a lot of them require to make entries or amendments to the Registry. If you run Spybot Search & Destroy and activate "Teatimer" you may get some warning.
Now for the more subtle one:
Lots of free stuff there. In particular I recommend RegistryProt ........... been using it for at least 8 years now.................. also try the free edition of ProcessGuard.
OK this stuff just warns you, and is no defence for "clicky,clicky" idiots, who would get bored long before they properly conditioned their defences.
5. Turn off your machine when you are not using it. You are paying for the electricity at least........... or perhaps you believe that Iran and North Korea should pursue their uranium enrichment programmes so they will have enough cheap electricity to allow their people to leave their computers on 24/7 just like Americans do?
Incidental to that: a machine with variable availability is pretty useless to botmeisters
I don't think that this is the thread to start discussing advanced keyloggers, but I do hope someone will raise the issue.
These little buggers come and live in your RAM, your video card RAM, your sound card RAM even in your BIOS/CMOS EEPROM chip (you can flash that huh?.......... well so can they!).
Won't appear in the Registry, startup list or anything........... try getting rid of them using anything short of C4 or 9mm Parabellum.
It is a whole "brave new World" out there folks.
OH! and a Merry Christmas and Happy New Year to you all
December 20th, 2007, 09:01 PM
I read a good one the other day, suggested by a security expert, that I never thought of before: write your passwords down and store 'em in your wallet. A simple idea, but they safeguard our money and credit cards so why not passwords as well?
Originally Posted by nihil
December 20th, 2007, 10:09 AM
You may be nearly 100% sure at present stage of keyloggers' development remembering your password is something like going to an attacker and telling him the password voluntary. SirDice is right, preventing should be a priority and as ArPaNET says a firewall can help, but besides you also need a reliable anti-keylogger and that's a kind of problem. Well-known free programs like Ad-aware or Spybot, if I'm not mistaken, won't protect you really effectively, you can buy some software, it will be quite reliable in fighting various malware but may fail with keyloggers, Spy Sweeper is alright,and Spyware Doctor, I run some of them om my PC's, and you shouldn't forget about an anti-virus. I also use PrivacyKeyboard, a specialized anti-keylogger, as my search for the kind of software was long and full of frustration caused by different programs, I may say that Privacy is worth trying. There are also some online scanners which you may run from time to time, though I doubt their efficiency. You may also visit keylogger.org site, their team specialises in counteracting keyloggers, they may give several useful tips. To sum it up, you should act before someone steals your information, though judging from experience no one can guarantee you absolute protection.
By earthbound4u in forum Network Security Discussions
Last Post: December 5th, 2006, 09:43 PM
By wannabhax0r in forum Newbie Security Questions
Last Post: December 13th, 2005, 01:50 PM
By WickedFrozen in forum Newbie Security Questions
Last Post: December 8th, 2004, 04:43 AM
By eaz135 in forum AntiOnline's General Chit Chat
Last Post: April 13th, 2003, 04:04 AM
By oblio in forum Non-Security Archives
Last Post: December 13th, 2001, 08:50 PM