Bitcoin Forum>Economy>Economics
Pages:
Author

Topic: How to make sure your machine isn't software key logged ? (Read 3062 times)

bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
How to make sure your machine isn't software key logged ?
April 23, 2013, 03:26:01 PM
#34
Quote from: jdbtracker on April 23, 2013, 02:55:43 PM
What about using it in a virtual environment? It is a secure sterile environment with controllable variables, I've read up on it since I have a lot of dangerous programs on my computer, to test them they have to be run in a Virtual Environment for security and monitoring purposes, it could work for the Bitcoin wallet as well.

Does anyone know any drawbacks to this method? because if they are using a hardware Keylogger or maybe it's one of those keyloggers that uses the tilt sensor to decipher keys pressed on a smart phone, it is not going to be very effective.


I would propose the inverse, use the virtual environment for browsing and anything network related.
In the real operating system use the client with USER privileges, either you use Windows or Linux.
jdbtracker
hero member
Activity: 727
Merit: 500
Minimum Effort/Maximum effect
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 02:55:43 PM
#33
What about using it in a virtual environment? It is a secure sterile environment with controllable variables, I've read up on it since I have a lot of dangerous programs on my computer, to test them they have to be run in a Virtual Environment for security and monitoring purposes, it could work for the Bitcoin wallet as well.

Does anyone know any drawbacks to this method? because if they are using a hardware Keylogger or maybe it's one of those keyloggers that uses the tilt sensor to decipher keys pressed on a smart phone, it is not going to be very effective.

bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 02:39:02 PM
#32
Quote from: w00t on April 23, 2013, 11:59:46 AM
Quote from: bitsalame on April 23, 2013, 11:53:25 AM
Quote from: Kaiji on April 23, 2013, 11:36:05 AM
Quote from: w00t on April 23, 2013, 11:15:59 AM
Quote from: Kaiji on April 23, 2013, 10:57:57 AM

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?
No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.


Yes if you have any of those above enabled. I though more of vulnerability in the browser itself.

Which are also exploited with 0day exploits, even for Chrome.
There is nothing theoretical about that.
If you want to browse securely use Sandboxie, that's your internet condom.
CRkfx1
newbie
Activity: 39
Merit: 0
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 12:11:24 PM
#31
Quote from: Coincrazy on April 20, 2013, 09:59:42 AM

How do I ensure that my machine does not have a software key logger ? I.e. that a software key logger isn't already on my machine ?


Like others have stated, you can never be absolutely sure you're not infected, unless you're using cold storage and the container has a physical lock and is under constant trusted surveillance, even then it's not truly secure.

In the meantime, I'd recommend using an offline password manager such as http://keepass.info/.
w00t
full member
Activity: 188
Merit: 108
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 11:59:46 AM
#30
Quote from: bitsalame on April 23, 2013, 11:53:25 AM
Quote from: Kaiji on April 23, 2013, 11:36:05 AM
Quote from: w00t on April 23, 2013, 11:15:59 AM
Quote from: Kaiji on April 23, 2013, 10:57:57 AM

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?
No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.


Yes if you have any of those above enabled. I though more of vulnerability in the browser itself.
bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 11:53:25 AM
#29
Quote from: Kaiji on April 23, 2013, 11:36:05 AM
Quote from: w00t on April 23, 2013, 11:15:59 AM
Quote from: Kaiji on April 23, 2013, 10:57:57 AM

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?
No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.
Kaiji
full member
Activity: 140
Merit: 100
Hoist the Colours
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 11:36:05 AM
#28
Quote from: w00t on April 23, 2013, 11:15:59 AM
Quote from: Kaiji on April 23, 2013, 10:57:57 AM

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?
w00t
full member
Activity: 188
Merit: 108
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 11:15:59 AM
#27
Quote from: Kaiji on April 23, 2013, 10:57:57 AM

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.
Kaiji
full member
Activity: 140
Merit: 100
Hoist the Colours
Re: How to make sure your machine isn't software key logged ?
April 23, 2013, 10:57:57 AM
#26

Can your computer become infected with a keylogger just by clicking on a compromised website link?
bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 21, 2013, 12:11:46 AM
#25
Quote from: Kazu on April 20, 2013, 11:19:03 PM
Quote from: bitsalame on April 20, 2013, 09:57:51 PM
Quote from: doobadoo on April 20, 2013, 09:00:38 PM
Quote from: Kazu on April 20, 2013, 02:22:57 PM
Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.

Dude, windows XP is super legit. You can get full source now. XP > Lunix.
Either that is a joke or you are a joke.
Kazu
full member
Activity: 168
Merit: 100
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 11:19:03 PM
#24
Quote from: bitsalame on April 20, 2013, 09:57:51 PM
Quote from: doobadoo on April 20, 2013, 09:00:38 PM
Quote from: Kazu on April 20, 2013, 02:22:57 PM
Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.

Dude, windows XP is super legit. You can get full source now. XP > Lunix.
bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 09:57:51 PM
#23
Quote from: doobadoo on April 20, 2013, 09:00:38 PM
Quote from: Kazu on April 20, 2013, 02:22:57 PM
Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.
Kazu
full member
Activity: 168
Merit: 100
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 09:27:48 PM
#22
Quote from: doobadoo on April 20, 2013, 09:00:38 PM
Quote from: Kazu on April 20, 2013, 02:22:57 PM
Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.
Don't troll. AVs are a joke and if you've got a lot of money in bitcoin wallets its not worth risking it on your own ability to identify keyloggers. Could be a rootkit for all you know in which case you're really screwed.

doobadoo
sr. member
Activity: 364
Merit: 250
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 09:00:38 PM
#21
Quote from: Kazu on April 20, 2013, 02:22:57 PM
Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.
RenegadeMind
copper member
Activity: 1380
Merit: 504
THINK IT, BUILD IT, PLAY IT! --- XAYA
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:47:30 PM
#20
Quote from: bitsalame on April 20, 2013, 08:39:47 PM
Quote from: RenegadeMind on April 20, 2013, 08:10:46 PM
Quote from: bitsalame on April 20, 2013, 08:03:02 PM
antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.

Do you understand the term "false negative"?

Blech. Sorry. Guess I need more coffee... Sad My bad. I somehow was thinking false positive.

Behaviour filters (heuristics) *could* pick up the behaviour, but... that goes to what I'd mentioned above, and not false negatives.
bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:39:47 PM
#19
Quote from: RenegadeMind on April 20, 2013, 08:10:46 PM
Quote from: bitsalame on April 20, 2013, 08:03:02 PM
antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.

Do you understand the term "false negative"?
RenegadeMind
copper member
Activity: 1380
Merit: 504
THINK IT, BUILD IT, PLAY IT! --- XAYA
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:29:12 PM
#18
Quote from: Anon136 on April 20, 2013, 08:07:32 PM
hey ren how do you hardware block ports?

Hahaha! Cheesy

Well, I haven't done this in a very long time, so off the top of my head, I can't remember the specifics.

This is very old (2006), and applies to Windows XP (or Windows 2003 server - I forget):

http://renegademinds.com/Home/Blog/tabid/60/EntryID/57/Default.aspx

However, the "Options" tab seems to be missing in Windows 7. (Could be a driver issue as well though...)

Ok - After looking around, it seems there's an answer here at Stack Exchange:

http://serverfault.com/questions/197900/where-did-tcp-ip-filtering-go-in-windows-server-2008

Not sure I like the "new" way of doing things... Seems kind of crappy to me. Oh well.

I don't know how to do it on Linux though. But, given how configurable Linux is, there must be a way - just that I don't know it.

RenegadeMind
copper member
Activity: 1380
Merit: 504
THINK IT, BUILD IT, PLAY IT! --- XAYA
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:10:46 PM
#17
Quote from: bitsalame on April 20, 2013, 08:03:02 PM
antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.
Anon136
legendary
Activity: 1722
Merit: 1217
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:07:32 PM
#16
Quote from: RenegadeMind on April 20, 2013, 07:41:54 PM
Quote from: NoL1m1tZ on April 20, 2013, 04:23:01 PM
There is a whole lot of stupid going on in this thread... If you're scared that you have a keylogger disconnect from the internet, boot into a live session of ubuntu, run the obvious virus scans, then reinstall windows. If your smart though you will never have to worry about that.

+1

The only real way is to have a seriously hardened machine (firewalls, AV software, ports blocked at the hardware level, etc.) and use that machine ONLY for BTC transactions and nothing more. Take it offline when not using it to complete a transaction (i.e. remove the physical connection and do not rely in 'soft' ways, such as disabling a NIC through software).

Whether that machine is from a live CD or whatever is another question, and largely unimportant as far as I can tell. The point is that the machine must be hardened and dedicated and offline except when needed.

hey ren how do you hardware block ports?
bitsalame
donator
Activity: 714
Merit: 510
Preaching the gospel of Satoshi
Re: How to make sure your machine isn't software key logged ?
April 20, 2013, 08:03:02 PM
#15
In short, in security it is said that a compromised computer isn't your computer anymore.
There isn't a way of being SURE that something doesn't exist, and antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

If you suspect the possibility of being infected, delete everything, reinstall a clean OS (don't use warez, if you want free, use free open source software) and use it only for bitcoins.
Pages:
Bitcoin Forum>Economy>Economics
Jump to: