Techniques to prevent Key-loggers

Besides protecting your System additional measures that can be taken
are:
Monitoring what programs are running on your computer
Monitor your network whenever an application attempts to make a
network connection.
Use an automatic form filler program that prevent keylogging since
they're not using the keyboard.

There are commercially available anti-keyloggers, such as
PrivacyKeyboard:
http://www.anti-keylogger.com.
It uses the methods of heuristic analysis and has no signature base.
PrivacyKeyboard's features:
* No signature base;
* Protection against windows text capturing;
* Protection against keystroke logging;
* Protection against clipboard capturing;
* Protection against active window screenshoting;
* Protection against desktop screenshoting;
* Protection against attacks of spy programs;
* Protection against hardware keyloggers;
* Full UNICODE support;
* The ability to work at the background, transparently for the
user
* The ability to disable keyloggers instantly

Problem is you'll have to part with $89.95 ...

but if you're looking for a free alternative try:
- Spybot Search & Destroy, a freeware tool that does a pretty decent
job at detecting all kinds of spyware.
Latest update protects against the following Keyloggers:
+ Perfect Keylogger
+ Ardamax
+ Elite Keylogger

http://www.safer-networking.org/

Windows Defender, a free program that helps protect your computer
against pop-ups, slow performance, and security threats caused by
spyware: http://www.microsoft.com/athome/secu...e/default.mspx

The Sysinternals web site hosts several utilities to help you manage,
troubleshoot and diagnose Windows systems and applications.
Utilities for looking under the hood to see what processes are doing
and the resources they are consuming:
http://www.microsoft.com/technet/sys...s/default.mspx

In this article:
http://www.lazybit.com/index.php/a/2...ger_protection
Alex provides some free and valuable advice about keylogging
protection such as using the on-screen keyboard available in W2000 and
XP that can be launched by executing "osk" or the technique of mouse
highlighting and overwriting.

Or you can also download Click-N-Type virtual keyboard free from:
http://www.lakefolks.org/cnt/

Also worth reading is Wikipedia's article on Keystroke logging:
http://en.wikipedia.org/wiki/Keystroke_logging

http://magikomputer.blogspot.com/200...rotection.html

Any other ideas for protection against keyloggers?

Hakako

Hakako wrote:


> Use an automatic form filler program that prevent keylogging since
> they're not using the keyboard.


What exactly stops the malicious program from simply reading the data from
the form?

> Any other ideas for protection against keyloggers?


Very simple: Don't install any.

Sebastian G.

Hakako <> wrote in
news:555c9a84-79e2-44e5-baa2-:

> Besides protecting your System additional measures that can be taken
> are:

This is, surely, the most important part. Don't install software that you
don't trust. If you think there's malware (a keylogger) on your machine
then in theory there's nothing you can to do protect against keylogging.
Sure, there's stuff you can do with real software that works against real
key-loggers, but in theory once you've run malware that machine is hosed
and you should flatten and re-install.

[snip]

> Any other ideas for protection against keyloggers?

You didn't seem to mention hardware loggers. These are small, hard to
notice, and hard to protect against, but they require physical access to
the machine. You only need a few moments to unplug a keyboard and connect
the doo-hickey.

The one I've read about (keyghost or something similar??) couldn't handle
the shifted character that -on my keyboard- is next to the 1 key. "¬" (I
don't know how well that's going to make it through Usenet.)

bealoid

On Sun, 10 Feb 2008 00:20:15 +0100, Sebastian G. wrote:

> Hakako wrote:
>
>> Use an automatic form filler program that prevent keylogging since
>> they're not using the keyboard.
>
> What exactly stops the malicious program from simply reading the data from
> the form?
>
>> Any other ideas for protection against keyloggers?
>
> Very simple: Don't install any.

If it's a software keylogger, the best product on the market is at
www.spycop.com it costs, but you get what you pay for. They update it
regularly.

traveler 66

On Sun, 10 Feb 2008 13:15:52 -0800, traveler 66
<> wrote:

>>> Any other ideas for protection against keyloggers?
>>
>> Very simple: Don't install any.
>
>If it's a software keylogger, the best product on the market is

<snip>

common sense.

For once I agree with Sebastian, Don't install any.
--
Jim Watt
http://www.gibnet.com

Jim Watt

On Sun, 10 Feb 2008 10:22:58 GMT
bealoid <> wrote:

> > Any other ideas for protection against keyloggers?
>
> You didn't seem to mention hardware loggers. These are small, hard to
> notice, and hard to protect against, but they require physical access
> to the machine. You only need a few moments to unplug a keyboard and
> connect the doo-hickey.

This is particularly a problem at my workplace. I cannot trust anyone
here. Unfortunately there are no useful counter-measures other than
using key files on a USB stick, from which you boot, which isn't quite
easy to handle (backups and such), and not quite secure. A
smartcard-based solution would be nice.


Regards,
Ertugrul Söylemez.

Ertugrul Söylemez

On Feb 11, 11:07 am, Ertugrul Söylemez <e...@ertes.de> wrote:
> On Sun, 10 Feb 2008 10:22:58 GMT
>
> bealoid <sig...@bealoid.co.uk> wrote:
> > > Any other ideas for protection against keyloggers?
>
> > You didn't seem to mention hardware loggers. These are small, hard to
> > notice, and hard to protect against, but they require physical access
> > to the machine. You only need a few moments to unplug a keyboard and
> > connect the doo-hickey.
>
> This is particularly a problem at my workplace. I cannot trust anyone
> here. Unfortunately there are no useful counter-measures other than
> using key files on a USB stick, from which you boot, which isn't quite
> easy to handle (backups and such), and not quite secure. A
> smartcard-based solution would be nice.

I was going to reply to the other poster that I was talking about
remote key-logging, since it's your responsibility to physically
protect your computer.
But obviously, if there are dozens of computers at your office that
would be Mission Impossible.
As far as I know there are PC & Notebook Security Combination Cable
Locks, which are literally bolted-into your computer's VGA or Serial
port.
It protects your computer with 2 steel bolts that cannot be accessed,
together with a 6'6" steel cable sheathed in black PVC and a included
security plate, that gives you the option of securing the cable to an
area without a convenient attachment point.

Here you can see the specs:
http://gadgetofficeinspector.blogspo...able-lock.html

Hakako

On Mon, 11 Feb 2008 02:46:53 -0800 (PST)
Hakako <> wrote:

> >> You didn't seem to mention hardware loggers. These are small, hard
> >> to notice, and hard to protect against, but they require physical
> >> access to the machine. You only need a few moments to unplug a
> >> keyboard and connect the doo-hickey.
> >
> > This is particularly a problem at my workplace. I cannot trust
> > anyone here. Unfortunately there are no useful counter-measures
> > other than using key files on a USB stick, from which you boot,
> > which isn't quite easy to handle (backups and such), and not quite
> > secure. A smartcard-based solution would be nice.
>
> I was going to reply to the other poster that I was talking about
> remote key-logging, since it's your responsibility to physically
> protect your computer.
> But obviously, if there are dozens of computers at your office that
> would be Mission Impossible.

Exactly.


> As far as I know there are PC & Notebook Security Combination Cable
> Locks, which are literally bolted-into your computer's VGA or Serial
> port.
> It protects your computer with 2 steel bolts that cannot be accessed,
> together with a 6'6" steel cable sheathed in black PVC and a included
> security plate, that gives you the option of securing the cable to an
> area without a convenient attachment point.
>
> Here you can see the specs:
> http://gadgetofficeinspector.blogspo...able-lock.html

Still the cable can be cut apart to install a logger right inbetween, or
a camera could be installed to intercept my typing. Connected USB
storages may be intercepted through hardware. Or even the entire
Machine could be replaced, while I'm at home sleeping.

So the "security cable lock" is just an anti-lamer measure, just like
unconfigured firewalls are. Someone really interested in my data will
easily get around it.


Regards,
Ertugrul Söylemez.

Ertugrul Söylemez

On Feb 11, 12:44 pm, Ertugrul Söylemez <e...@ertes.de> wrote:
> On Mon, 11 Feb 2008 02:46:53 -0800 (PST)
>
>
>
> Hakako <1001w...@gmail.com> wrote:
> > >> You didn't seem to mention hardware loggers. These are small, hard
> > >> to notice, and hard to protect against, but they require physical
> > >> access to the machine. You only need a few moments to unplug a
> > >> keyboard and connect the doo-hickey.
>
> > > This is particularly a problem at my workplace. I cannot trust
> > > anyone here. Unfortunately there are no useful counter-measures
> > > other than using key files on a USB stick, from which you boot,
> > > which isn't quite easy to handle (backups and such), and not quite
> > > secure. A smartcard-based solution would be nice.
>
> > I was going to reply to the other poster that I was talking about
> > remote key-logging, since it's your responsibility to physically
> > protect your computer.
> > But obviously, if there are dozens of computers at your office that
> > would be Mission Impossible.
>
> Exactly.
>
> > As far as I know there are PC & Notebook Security Combination Cable
> > Locks, which are literally bolted-into your computer's VGA or Serial
> > port.
> > It protects your computer with 2 steel bolts that cannot be accessed,
> > together with a 6'6" steel cable sheathed in black PVC and a included
> > security plate, that gives you the option of securing the cable to an
> > area without a convenient attachment point.
>
> > Here you can see the specs:
> >http://gadgetofficeinspector.blogspo...curity-cable-l...
>
> Still the cable can be cut apart to install a logger right inbetween, or
> a camera could be installed to intercept my typing. Connected USB
> storages may be intercepted through hardware. Or even the entire
> Machine could be replaced, while I'm at home sleeping.

Yeah right, and even the entire office could be vandalized or even
demolished while you are away on vacation.
Gimme a break, will yah?

Hakako

On Mon, 11 Feb 2008 04:32:55 -0800 (PST)
Hakako <> wrote:

> > Still the cable can be cut apart to install a logger right
> > inbetween, or a camera could be installed to intercept my typing.
> > Connected USB storages may be intercepted through hardware. Or even
> > the entire Machine could be replaced, while I'm at home sleeping.
>
> Yeah right, and even the entire office could be vandalized or even
> demolished while you are away on vacation.
> Gimme a break, will yah?

This threat is real for some people. In my case, it's not that bad, but
for some the possibilities I mentioned must be considered.


Regards,
Ertugrul Söylemez.

Ertugrul Söylemez