Keylogger prevention

[Tseng]

Quote:

Originally Posted by Dante

Some friends of mine have an agreement with me and other friends about hacking eachother. We all have a computer standing at the house which we try to protect as much as possible. What we try to reach by this is getting optimal security for our companies files.

There are so many things to ensure safety on those computers, yet we manage to get through every time.
A few months back my little brother managed to get a file uploaded to one of the high security computers of a friend, we've tried with all AV we know, NONE ever saw it. My friend still doesn't know. We have real time access remote desktop, we can control the webcam, there's a file transfer protocol and we can do pretty much anything with the computer we want, even when certain person is on his computer, we have fully stealthed control.

I really doubt that you know that much about security or simply using wrong software (i.e. only AV/Firewall which doesn't have advanced techniques such as proactive defense, registry guard and such) or you (your friend) is grossly negligent about his own security (i.e. always login as admin instead of limited user account, not update his Windows or executing infected files or not setting his windows settings right i.e. disabling remote desktop etc.)

Also consider to get Vista next time you buy a new computer (or you're computer is already good enough for Vista), it makes it harder to remotely execute/install malware (if you keep the standardsettings, read: UAC must stay enabled)

Quote:

Originally Posted by Dante

Really if someone wants to hack you they will manage anyway, it's just the dumb scriptkiddies you stop with a firewall or a like. You need some real professional software/hardware to stop attacks being executed from the very computer that is being hacked.

Halfy true. It keeps most of the script kiddies aways too, but also some of the other hackers. For example good software (or even hardware) firewall can keep all unused ports stealthed. i.e. if someone scans a certain port on a random IP, it would looks like there is no computer under this ip. Bad firewalls on otherside who doesn't support stealthing of ports, will block that port (also prevent the person to connect) but the attacker will get a important piece of information: He now knows that there is a computer reachable at this IP and can try other ports for example.

The Firewall of Kaspersky Internet Security for example has this feature to stealth all ports which aren't specifically allowed or blocked.

Quote:

Originally Posted by Dante

You can do a lot about security, yes, but if you ask me, I feel just as safe with a computer in DMZ + a software firewall as a computer fully loaded with anti-hack utilities.

Not sure i understand what you mean by this. A computer in a DMZ is basicly widely opend to the outside (at least on a certain point) while its protected/seperated by the internal network by a second router (which prevents the computer in the DMZ to communicate with the internal network). But a good software firewall (with proactive defense), antivirus software and spamfilter is basicly mandatory in nowdays time, even if you're carefull with what you're doing, installation or what pages you're visiting.

There was also a test done by Symantec (even though i dislike their products and don't think they are a good security/av software company) on which they connected a "honeypot" PC with basic XP install (iirc no updates, no av, no firewall etc) on it and no protection to the internet and logged the activities on it and within a few hours it was infected with several worms, virus and malware.

[wizzszz]

Quote:

Originally Posted by Amlin

I wish to share with everyone this info: Wikipedia
Lets discuss keylogger prevention methods noted there and maybe share knowledge of other methods not mentioned on Wikipedia. Sad but lots of usefull prevention methods doesnt work with EU login. I`d liked to know if its possible to login EU using speech/handwriting recognition, but as i know it is impossible to login using on screen keyboard or copy/paste.
So i think that usefull keylogger prevention methods working for EU login are:
1) Gold card
2) Alternative keyboard layout. It is easy to install additional language (i advice to use the one you dont use now and from language you dont know, to make it even harder for someone to guess), check in some notepad or smt for strange symbols in usual places and use them as your password. For example use russian keyboard and type your "password". Then your actual password will be "зфыыцщкв". Hard to guess for anyone, easy to remmember for yourself and keylogger user will have hard time to guess that you used russian language if you dont know that language at all. Maybe keyloggers may get info about language in witch text was typed, i dont know, so please someone confirm it.
3) Non-technological methods. Type part of login, switch focus to password, type part of it, then switch back to username and so on, but be sure to type random lengths of username/password every time. I mean dont switch between username/password every letter or every second letter and dont use tab, shift+tab to switch. Use mouse. I didnt tested if its possible to focus on non-typable area of EU login screen but if possible then press several keys on keyboard there too, actually typing nothing in username/password fields. You may do even more complex by typing not to end, but to middle. Simplified example with username "Amlin" and password "Password": Mouseclick in password field, type "word", Mouseclick in username field, type "mli", mouseclick in password field before all *`s and type "Pass" then mouseclick in username field before mli and type "A", click at end and press "n". Result is same, but keylogger got "wordmliPassAn" dont knowing where what went...
Btw if you know/feel/suspect keylogger is in your PC and you wish to change your password then dont forget about other prevention methods that dont work on EU login. To change password for e-mail, EU you may use them, and should.

Sorry, but not a single advice you wrote is helpful.

Once someone got a piece of executable code running on your machine, he can do everything, logging mouseclicks/-moves is done exactly the same way keystroke are logged, and the changed keyboard layout won't help a bit, too.

It will make it a bit harder for scriptkiddies (reusing run-of-the-mill trojans), but someone writing his own trojan will have a good laugh on your "security measures".

You lull people here into a false sense of security with what you post, and this is even more dangerous!

Gotta visit wikipedia now, unbelieveable that stuff like this didn't get deleted immediately.

[Nor Alien]

Buy a Mac!!! LOL jk

Most hackers won't even bother with most of us on the net anyway.... There looking for the big score... Like MA! lol But safe surfing and updating your AV and OS is your best option... other then a gold card for EU. I havn't had any problems with hackers or the like due to the fact that Im just not that intresting of a target.... keep a low profile and use of common sense is your best defense.. If your worried about a hardware device attached to your computer..... then its true... you have bigger problems then hackers outside your house!!!

Not much help I know but being overly paranoid does give the ellusion that you have bigger stuff to hide... That makes you an intrest!

On a side note.. If your wanting to keep certain files safe that only you can find... put it on to a pen drive with security built into it or a software program that runs on it... And do not share this pen drive with anyone.

[NightwolfAA2k5]

To be on the safeside, try not to use netcafe computers, you don't know what people have put on them, or attached to them...

Always keep your Antivirus, Anti Spyware/Adware and firewall software up to date.

Use a Virtual PC or Live CD to browse suspect websites.

Have a gold card

- Nightwolf

[wizzszz]

Quote:

Originally Posted by JackFree

So I guess changing the keyboard layout could help. Of course the question arises that if the keylogger appication is "smart" enough, could it not detect your keyboard layout as well?

A keyboard hook under windows will send both, the 8 bit char code along with a 16 bit key code (9 bit code and some flags).

So no, changing keyboard layout won't help.

[WoenK]

The best thing to always remember:

THERE IS NO SPOON!



One should never feel secure. Some months I read a short article about a virus infecting WLAN routers. Was only a proff of concept test done by an university in California, but looks like it worked.

I find it rather disturbing that over half of the voters found the info useful. This info is as usefull as pulling a tooth out with some tweezers, it some rare situation it could work, but other than giving one the feeling of security, it does not really help.
There is no "easy" security.
Best things were mentioned above, do not tweak around in your system, keep your security software and system always up to date and use IE 7 (Firefox has a better touchy-feely, but is better for those that know from a professional side, that their system is 80% secure)

[Spider]

Some tools that I use on a day to day basis for people dumb enough to get caught in the "Your computer is infected..." scenario:

Superantispyware
Spybot S&D
Adaware
ATF-Cleaner
HiJackThis
Trendmicro Housecall
ComboFix
Smitfraud Fix


Personally, I use Avast antivirus on my computer. Its a decent free AV program. Its also good at blocking websites that have questionable or known threats built into the page. Another nice feature is the boot time scan. I only use Windows firewall, other products(NIS) when they get corrupted have this nice feature of blocking all web access. Also if you are hidden behind a router, which most households now have. Log into the router and turn off the ping response option. This will help to keep your IP from being seen by people using ping to find valid IP address' to hack.

Its been said already, use your head when online. Watch what you download. Where email is concerned, don't open it if you don't know the sender. Also there are safe porn sites if you need to look at it - or just go to the local gas station and pick up a playboy or hustler.

[jambon]

Of course lets not forget to add having a decent A/V like kaspersky and not being retarded when it comes to programs you download and run.

I recall a while back a person offering the HoF finder tool... lmao nothing more than a keylogger

[Compusmurf]

Folks, Mr. Tseng is pretty much right on the money. I'm not going to get into a discussion on what CAN and CAN'T be done.

You want a fully secure, 100% non hackable PC, take your current PC, disconnect all the connections, disassemble the whole pc, crush all the components, lock it in a safe, forget the combo, then lock that safe in another safe and lose the key.

Now, that's NOT very realistic, and any system that is connected to other systems, no matter HOW secure, will ALWAYS have loopholes. It's designed by humans afterall.

Yes, there are ways to mitigate the risks, alot comes from knowing what you're doing, taking the proper precautions. MUCH of the risk mitigation comes from intelligence and common sense. No amount of software from ANY vendor can save you from yourself.

Not everyone will be a computer expert, not everyone will be a security expert. Not everyone will ever have access to the "rainbow" series, or be even forced to read them as a job requirement and be forced to implement this stuff. From friends in the business, I hear CCEVS is replacing alot of the "rainbow books", but the info still pertains.

Don't be so narrow minded on keyloggers and hacking. That's really only a SMALL time issue. For that's only one little tiny part of various other ways on how to gain YOUR information.

For the average home user, yes, it pays to take precautions. However, tho I have a network at home, 7 PC's, a NAS, etc, and I've been doing this professionally for well over 15 years, its NOT my systems I worry about.

Your trip to the grocery store where you swiped your creditcard on an unencrypted terminal.... Your email or forum post that hangs around for the next 100 years. Every single communication you've sent over the internet wires is interceptable by someone and quite likely stored.

You're a small fish, yes. The "big boys" aren't after your EU account. Those that want your EU account are generally your fellow EU players.

[Xzion]

I will say that for me goldcard is enugh, if someone has a desire to steal my account im sure they will succed anyways if they can crack the GC, my firewall and my computer scanning programs and i couldnt be bothterd try preventing it further then keeping my firewall updated and keeping my computer cleaned and scanned for threats. And if this isnt enugh, well... whatever then, then someone aparently is putting allot of effort into it and assuming the person is good enugh my silly preventions wont help much.

So no, its not usefull for me, its just extra effort into what im already putting there.