Wai_Wai Posted April 4, 2006 Share Posted April 4, 2006 How to protect ourselves against keyloggers (or anything similar)?Hey.Apart from the obvious method of installing a anti-virus OR anti-keylogger program, what lese could we do to stop keyloggers (or anything similar) from stealing our important data/passwords etc. ?Thank you. Gouki: Title edited. Rules. Link to comment Share on other sites More sharing options...
Gouki Posted April 4, 2006 Share Posted April 4, 2006 First, PLEASE read this forum rules. As for your 'problem' ...Physical access to machines (no need to Operating System access), is a pretty good problem. Big part of Keyloggers can be connected between the keyboard and the computer. Invisable to the 'distracted' eye, since they are really small 'gadgets'.As for software based keyloggers, I think the best idea is to instruct users (in a company scenario) to be carefull with eMails and IM. Other than that, maybe keeping an eye open on the services running.Take care.P.S: Please try and follow the rules the next time. Link to comment Share on other sites More sharing options...
LLXX Posted April 5, 2006 Share Posted April 5, 2006 Firewall will alert you if anything is trying to send keylogs out through the network.You also have to be careful of what you download and run. Link to comment Share on other sites More sharing options...
Wai_Wai Posted April 5, 2006 Author Share Posted April 5, 2006 Thanks for your reply.I wonder if there're some other preventive methods (apart from security-software-based help like Firewall/anti-keyloggers) could be done to prevent keyloggers to record our keyboard activities.How about if a user type the password via a visual keyboard (by clicking keys on the screen)?Does it help? Link to comment Share on other sites More sharing options...
Gouki Posted April 5, 2006 Share Posted April 5, 2006 Yes. That would help, allot. However, that would not make it completly secure (Well, *nothing* is totally secure).Implementing an on screen keyboard would help allot, however, there are 'keyloggers' for mouse movements. Randomly changing the buttons from the on screen keyboard, every time it starts, would be a solution to this.My bank has it and it works like a charm. Link to comment Share on other sites More sharing options...
Wai_Wai Posted April 6, 2006 Author Share Posted April 6, 2006 Yes. That would help, allot. However, that would not make it completly secure (Well, *nothing* is totally secure).Implementing an on screen keyboard would help allot, however, there are 'keyloggers' for mouse movements. Randomly changing the buttons from the on screen keyboard, every time it starts, would be a solution to this.My bank has it and it works like a charm.Thanks.Does it matter what onscreen keyboards I use?Any recommendation?Is it possible for hackers to record my monitor?Other than the abovementioned, any other precautions? Link to comment Share on other sites More sharing options...
Gouki Posted April 6, 2006 Share Posted April 6, 2006 It is possible to record your monitor, however, they would need a server side application running at your system. This can be preventedd by carefully choosing what you download and install.As for suggestions to the OSK ... Sorry, but I have no idea of wich one is best.Better than all of this? Buy a blackbox (firewall) Link to comment Share on other sites More sharing options...
HyperHacker Posted April 8, 2006 Share Posted April 8, 2006 When I enter a password on a public computer, I enter the letters in random order. Like instead of entering "password" I might enter "ord", then click before the first character and type "asw", then click after the "a" and type another "s", and so on. By clicking rather than using the arrow keys, it comes out garbled in a key log. Link to comment Share on other sites More sharing options...
Wai_Wai Posted April 8, 2006 Author Share Posted April 8, 2006 (edited) When I enter a password on a public computer, I enter the letters in random order. Like instead of entering "password" I might enter "ord", then click before the first character and type "asw", then click after the "a" and type another "s", and so on. By clicking rather than using the arrow keys, it comes out garbled in a key log.This trick sounds interesting.Tease the hyperhacker Edited April 8, 2006 by Wai_Wai Link to comment Share on other sites More sharing options...
Delprat Posted April 8, 2006 Share Posted April 8, 2006 (edited) When I enter a password on a public computer, I enter the letters in random order. Like instead of entering "password" I might enter "ord", then click before the first character and type "asw", then click after the "a" and type another "s", and so on. By clicking rather than using the arrow keys, it comes out garbled in a key log.This trick sounds interesting.Tease the hyperhacker Too bad, it's easy to work around :1/ brute force cracking is far easier when you had "keylogged" the right characters2/ mouse clicks and/or time between key presses allows to know "words" to permit into the passwordIn fact the only good password is the one which changes randomly after each use ++ Edited April 8, 2006 by Delprat Link to comment Share on other sites More sharing options...
LLXX Posted April 9, 2006 Share Posted April 9, 2006 When I enter a password on a public computer, I enter the letters in random order. Like instead of entering "password" I might enter "ord", then click before the first character and type "asw", then click after the "a" and type another "s", and so on. By clicking rather than using the arrow keys, it comes out garbled in a key log.Also won't work if the keylogger doesn't log keys in-order, but just hooks editboxes and retrieves their contents. A few of them do this. However, it's still a little extra security at little cost. Link to comment Share on other sites More sharing options...
Wai_Wai Posted April 9, 2006 Author Share Posted April 9, 2006 When I enter a password on a public computer, I enter the letters in random order. Like instead of entering "password" I might enter "ord", then click before the first character and type "asw", then click after the "a" and type another "s", and so on. By clicking rather than using the arrow keys, it comes out garbled in a key log.Also won't work if the keylogger doesn't log keys in-order, but just hooks editboxes and retrieves their contents. A few of them do this. However, it's still a little extra security at little cost. So a visual keyboard is a solution to "Delprat & LLXX problems", right? No one has any idea what visual keyboard should I use? Link to comment Share on other sites More sharing options...
Delprat Posted April 9, 2006 Share Posted April 9, 2006 So a visual keyboard is a solution to "Delprat & LLXX problems", right? No one has any idea what visual keyboard should I use?Hit <Win>+U on your keyboard, click on the "visual keyboard" line, then press the "start" button... About "editboxes hooking", that's for "badly" written apps... some doesn't use "masked editboxes", but "editboxes with real *" (bad explanation, but i hope you'll understand).I've also seen a "password safe" app whith a masked editbox, but with a false password behind the mask (not the one typed in) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now