How to protect ourselves against keyloggers (or anything similar)?

[WaiWai]

How to protect ourselves against keyloggers (or anything similar)?

Hey.
Apart from the obvious method of installing a anti-virus OR anti-keylogger program, what lese could we do to stop keyloggers (or anything similar) from stealing our important data/passwords etc. ?

Thank you.

 

[JDrake]

Well it's pretty easy to detect (see) a hardware keylogger, as its just a little attachment that is inbetween the keyboard's wire's plug and where you plug it into the computer (in the back, usually).

 

[HeroOfPellinor]

Assuming you're talking about undetectable software keyloggers.

What some sites do is give you a scrambled keyboard on the screen. You can either click each letter with your mouse or hit the correspondoing key on your keyboard.

 

[dwcal]

If you're talking about software keyloggers, use a Linux boot CD to log in to all your websites. If you're stuck in Windows, copy and paste characters from text on your screen instead of typing in passwords.

 

[JimKiler]

Originally posted by: dwcal
If you're talking about software keyloggers, use a Linux boot CD to log in to all your websites. If you're stuck in Windows, copy and paste characters from text on your screen instead of typing in passwords.

If you are being keylogged and you use copy and paste, I am sure whoever is watching you would be smart enough to read the file you store passwords in, as they already compromised your machine.

 

[mechBgon]

1) don't play with fire. No cracks, warez or random junk you found on the Internet.

2) don't use an Administrator-level user account for daily-driver stuff, use a Limited or Restricted-User account. Huge obstacle to that stuff getting onto the system in the first place.

3) corrolary to #2, make any other users of your computer use a low-privilege account as well.

4) patch all your software, ranging from WinAmp to Adobe Reader to Sun Java to Firefox and IE, everything. Plus Windows and Office, using the Windows Update and Office Update sites.

5) keep your firewalls up and your antivirus software on, fully-armed and up-to-date.

6) use pure mental rays to form letters on the screen without typing :Q

 

[WaiWai]

Originally posted by: HeroOfPellinor
Assuming you're talking about undetectable software keyloggers.

What some sites do is give you a scrambled keyboard on the screen. You can either click each letter with your mouse or hit the correspondoing key on your keyboard.

What sites or software can provide scrambled/visual keyboard for us to type our passwords in?

 

[dwcal]

Originally posted by: JimKiler

Originally posted by: dwcal
If you're talking about software keyloggers, use a Linux boot CD to log in to all your websites. If you're stuck in Windows, copy and paste characters from text on your screen instead of typing in passwords.

If you are being keylogged and you use copy and paste, I am sure whoever is watching you would be smart enough to read the file you store passwords in, as they already compromised your machine.

I don't mean copy and paste the entire password. I mean paste one letter at a time: find a letter "a" somewhere, copy and paste it, find a letter "b" somewhere, copy and paste it, etc. I know it's not completely secure. Something could be watching the clipboard too. It's more a trick to save for emergencies.

 

[foodfightr]

Step #1
Start->Run->Msconfig google every process you are unfamiliar with. Disable everything that is not neccesary or that you do not use, or do not want to run. I'd also look briefly at the services tab (or Start->Run->Services.msc) but please be very careful.

Step #2
Download a program called HijackThis and carefully review its results.

Step #3
Try typing a few characters that you know you will not be able to find in sequence and then try searching for them using the search for "a word or phrase in a file" option. This will help you determine if you have some of the more basic key logging applications.

Step #4
Use ZoneAlarm to monitor which files ask for internet access, use BOClean for trojan protection. Coupled with a spyware program and an antivirus program, I'd say you're golden. If you really know what you're doing its hard for someone to get you, unless they brew up some really nasty home made application just for you.

 

[nyker96]

There's one thing that I can recommand which block a keylogger for me a while back, it's the ZoneAlarm Pro firewall, it alerts you if some program is trying to access the internet i.e. upload stuff, that can tell you which program is doing this and when you get a warning it tells you location of file, and which internet address it's trying to access. Very handy both info usually is enough for you to do a search and find out the program is a trojan/keylogger trying to send its sniffed info out to its master.

 

[manko]

I heard that using the Windows built-in Accessibility > On-Screen Keyboard to enter passwords may prevent some keyloggers from capturing the characters entered, but I'm not sure how effective it really is.

 

[josh0099]

Originally posted by: WaiWai

Originally posted by: HeroOfPellinor
Assuming you're talking about undetectable software keyloggers.

What some sites do is give you a scrambled keyboard on the screen. You can either click each letter with your mouse or hit the correspondoing key on your keyboard.

What sites or software can provide scrambled/visual keyboard for us to type our passwords in?

I know INGdirect uses a visual keyboard....

 

[ForumMaster]

use ZoneAlarm Internet Security Suite. when i install a new program for keyboard shortcuts, it tells me that this program wants to monitor my keyboard and mouse. should i let it? i don't think so!

 

[her34]

regarding firewalls:

better keyloggers can be renamed and installed anywhere. so if a program called "svchost" or "iexplore" in your windows directory is trying to connect, it's hard to know if it's legit or not

 

[xtknight]

Secure your machine behind a NAT firewall and watch what requested incoming files you open (such as e-mail attachments or web sites). Disallow rootkits to be installed by disallowing driver installation (user account?)

First and foremost, use a secure web browser like Firefox or Opera. And don't forget to install that WMF patch that affects all browsers.

If you're paranoid you have one now, flash your BIOS, delete all *.bat files and boot.ini in C:\, clear your MBR, and reinstall Windows. No keylogger will ever carry on from that.

You could always use Linux which is virtually immune to all that keylogger crap that comes from spyware or even anywhere else. I don't even know if a Linux keylogger worm exists.