Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Avoiding keylogger trouble

  1. #1
    Junior Member
    Join Date
    Dec 2007
    Posts
    1

    Avoiding keylogger trouble

    I was wondering if it was a good idea to use the "remember password" function to avoid keyloggers registering those keystrokes.
    Is there any reason not to use said function on a regular basis?

  2. #2
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    well i guess in that sense it would have it's pros and cons. assuming the keylogger wasn't there at the time you saved your password then that would avoid sending your keystrokes to some bored kid in china. but who all uses your computer or even has access to it? There's a couple small, free programs that will show the plaintext of all remembered passwords. Not to mention if someone cane&abel'd your computer you'd be completely naked...

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    I have heard good things about Roboform, but like xiphias360 said, if the keylogger is installed at the time of configuration, you are hosed anyway... you might be able to copy and paste each letter of the password individually from different documents... but even that could pose a risk
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    It all depends on who has access to your computer, like xiphias360 said. If it is your personal desktop/laptop and you connect to the internet the same way everyday (through a secure wireless, or secure modem) then you should be fine, just don't let some stranger with a USB drive use it =)

    If your taking proper security measures, then you shouldn't be worried about keyloggers anyways. A good firewall should thwart most keyloggers.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Why don't you try to prevent getting a keylogger in the first place?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello Godfearin', and welcome to AO.

    Saving passwords is a double edged sword as it goes. If you don't save them you are vulnerable to keyloggers. If you do save them you are vulnerable to password rippers.

    Also, please remember that the keyloggers of this day and age also do screen captures

    There is an argument for saving password and logins to media and just doing a cut and paste, but I remain totally unconvinced that this will block more than the crude, scriptkiddie tools.

    SirDice has my vote:

    Why don't you try to prevent getting a keylogger in the first place?

  7. #7
    Junior Member
    Join Date
    Dec 2007
    Posts
    1
    You may be nearly 100% sure at present stage of keyloggers' development remembering your password is something like going to an attacker and telling him the password voluntary. SirDice is right, preventing should be a priority and as ArPaNET says a firewall can help, but besides you also need a reliable anti-keylogger and that's a kind of problem. Well-known free programs like Ad-aware or Spybot, if I'm not mistaken, won't protect you really effectively, you can buy some software, it will be quite reliable in fighting various malware but may fail with keyloggers, Spy Sweeper is alright,and Spyware Doctor, I run some of them om my PC's, and you shouldn't forget about an anti-virus. I also use PrivacyKeyboard, a specialized anti-keylogger, as my search for the kind of software was long and full of frustration caused by different programs, I may say that Privacy is worth trying. There are also some online scanners which you may run from time to time, though I doubt their efficiency. You may also visit keylogger.org site, their team specialises in counteracting keyloggers, they may give several useful tips. To sum it up, you should act before someone steals your information, though judging from experience no one can guarantee you absolute protection.

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Removing the (local) admin privileges from an account stops 99.999% of all malware dead in it's tracks.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    Quote Originally Posted by SirDice
    Why don't you try to prevent getting a keylogger in the first place?
    Your response just made me think a little. Why do most people ask a computer related question like the worst has already happened, and they are trying to fix it now? =)

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I did not read the question that way.

    I assumed it to be asking if storing passwords was a good idea because they avoided keystroke logging.

    The answer is NO!

    1. If you are compromised you MUST assume that the perpetrator has loaded both a keylogger and a password sniffer. It then becomes the old "catch-22" or "damned if you do, damned if you don't" scenario.

    2. When your files get corrupted you won't remember your password because you never type it in. Make sure you write them down........... last but one page in the family Bible or Koran is a good place.......... perps never look there

    SirDice has, as usual, cut straight to the heart of the issue. Basically, if you put yourself in a position to get compromised, you have already lost the battle, so to speak.

    You need to think security basics:

    1. Never run with privileges beyond those that the immediate task requires. Learn to use "run as" if need be.

    2. Do not click on unknown links, open e-mails from people you don't know, and particularly attachments from people you do know. Unless you are expecting them check with the sender first, or just use a pre-arranged code in the message (hey that's real difficult huh?). Something like: "The attachment to this missive contains a virus that will drink all your beer, then take your gf/so out on the razzle and pay for it with your credit card" That doesn't translate too well from the Chinese

    3. Even if you are happy with the source, you should download the attachment without opening it, and scan it first. Here are two resources:

    http://virusscan.jotti.org/
    http://www.virustotal.com/?9f4b11a2b...bc0b1f8617:eng

    OK............ a hex editor will do the job?

    OK(2) it boils down to how well you rate the security awareness of the sender?

    4. Protect the basics. Not only does a fair proportion of malware require elevated privileges, a lot of them require to make entries or amendments to the Registry. If you run Spybot Search & Destroy and activate "Teatimer" you may get some warning.

    Now for the more subtle one:

    http://www.diamondcs.com.au/software.php

    Lots of free stuff there. In particular I recommend RegistryProt ........... been using it for at least 8 years now.................. also try the free edition of ProcessGuard.

    OK this stuff just warns you, and is no defence for "clicky,clicky" idiots, who would get bored long before they properly conditioned their defences.

    5. Turn off your machine when you are not using it. You are paying for the electricity at least........... or perhaps you believe that Iran and North Korea should pursue their uranium enrichment programmes so they will have enough cheap electricity to allow their people to leave their computers on 24/7 just like Americans do?

    Incidental to that: a machine with variable availability is pretty useless to botmeisters

    I don't think that this is the thread to start discussing advanced keyloggers, but I do hope someone will raise the issue.

    These little buggers come and live in your RAM, your video card RAM, your sound card RAM even in your BIOS/CMOS EEPROM chip (you can flash that huh?.......... well so can they!).

    Won't appear in the Registry, startup list or anything........... try getting rid of them using anything short of C4 or 9mm Parabellum.

    It is a whole "brave new World" out there folks.

    OH! and a Merry Christmas and Happy New Year to you all

Similar Threads

  1. KeyLoggers
    By earthbound4u in forum Network Security Discussions
    Replies: 18
    Last Post: December 5th, 2006, 10:43 PM
  2. Keylogger
    By wannabhax0r in forum Newbie Security Questions
    Replies: 11
    Last Post: December 13th, 2005, 02:50 PM
  3. Keylogger removal
    By WickedFrozen in forum Newbie Security Questions
    Replies: 8
    Last Post: December 8th, 2004, 05:43 AM
  4. Perfect Keylogger
    By eaz135 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: April 13th, 2003, 04:04 AM
  5. Trouble Trouble Trouble
    By oblio in forum Non-Security Archives
    Replies: 18
    Last Post: December 13th, 2001, 09:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •