How can I detect a keylogger on MY system?

[onceagain]

Quote: Originally Posted by anika123 We are not solving any keystroke capture problems.

The bottom line is that (for the reason I indicated above) if someone else has physical access to your machine, you have no assurance whatsoever that your machine is secure (in this case, you have no keylogger installed). Someone can easily install a keylogger, and configure and name it in such a way that it looks like a normal system process. Hell, someone could replace launchd with something that does everything launchd does, PLUS log keystrokes. You just never know.

So - that said - if you have concerns, then clean install, encrypt your stuff, and keep the computer itself in a physical secure location (such as in a safe, locked drawer, or whatever). If you can't do these things, then you have no security.

[anika123]

Quote: encrypt your stuff,

What does this do? I have never looked into it. So if someone stole or electronically viewed your hard drive they would see gibberish? Would that not make my old macbook pro really slow?

[SirDice]

Quote: Originally Posted by anika123 You have already basically said that if there is a weakness someone will exploit it for money. I totally agree. That is why the money spent would be more productive at the Pre OS level as I have described before. If you apply logic to it and forget your needs for software freedom then you will see that the benefits of a pro defense is better than what we have now. IMHO

Even though you have a point I'm not so sure people are willing to give up that freedom to install everything.

Quote: Are you saying that you can spot and stop viruses at will?

Yes, been there, done that.

Quote: Really though, you think that you will never fall for a virus?

I can smell them a mile away.

Quote: Also, I wonder if most of this thread should be moved to coat room? We are not solving any keystroke capture problems.

I would agree, it's gone a bit off-topic but a good subject to discuss nonetheless

[SirDice]

Quote: Originally Posted by anika123 What does this do? I have never looked into it. So if someone stole or electronically viewed your hard drive they would see gibberish?

Exactly, they would also need to obtain the key to unlock the data.

There's a snag though, if you're currently using it, it means it's decoded because you supplied the key. Any software you run at that point would also be able to access it.

It's main use however is to protect the data in case your laptop (or memory stick, external hd etc.) gets stolen or lost.

[anika123]

Quote: it means it's decoded because you supplied the key.

Thats what I thought, pandora's box.

[SirDice]

Quote: Originally Posted by onceagain The bottom line is that (for the reason I indicated above) if someone else has physical access to your machine, you have no assurance whatsoever that your machine is secure (in this case, you have no keylogger installed). Someone can easily install a keylogger, and configure and name it in such a way that it looks like a normal system process. Hell, someone could replace launchd with something that does everything launchd does, PLUS log keystrokes. You just never know.

You don't really require physical access but as I said before with physical access all bets are off.

Here's an interesting read on how to hide and subvert stuff in OS-X. It's quite hefty on the technical details but an interesting read nonetheless.
http://www.phrack.org/issues.html?is...&id=16#article

[onceagain]

Quote: Originally Posted by anika123 What does this do? I have never looked into it. So if someone stole or electronically viewed your hard drive they would see gibberish? Would that not make my old macbook pro really slow?

It gives you a chance to keep your private stuff private when your machine is out of your hands, by requiring a password (of sorts) to view it. Without it, it looks like trash (mileage may vary, depending on the quality of the encryption package used).

It does NOT make a machine run really slow, at least in my experience. Ran just fine on my Powerbook G4 12".

While it may not be perfect, it's a hell of of a lot better than leaving your stuff unencrypted.

Quote: You don't really require physical access but as I said before with physical access all bets are off.

Sure - the OP was concerned about snooping boyfriends and such that have physical access - that's what I was addressing. Physical access makes a big difference.

[anika123]

SD that is some good reading. Makes perfect sense to me. Thanks

[SirDice]

Quote: Originally Posted by cwtnospam If it installed on your computer without your permission, it is by definition NOT a trojan. It's a worm or a virus, but not a trojan.

Wrong. A trojan is, by definition, something that does an action you didn't expect or agreed too. Like installing a virus scanner that isn't really a virus scanner. Or by clicking on a link agreeing to scan your pc or disinfect some non-existing virus. Perhaps you should look up the greek saga that lent it's name to this type of malware.

A worm and a virus are both self replicating. The difference between a worm and a virus is that a worm is self contained. A virus needs to 'attach' itself to other programs. Those fake anti-virus programs do not self replicate.

[cwtnospam]

And how do you know it isn't self replicating? The only person that uses the computer says he didn't install it. The fake av software might not be a Trojan but the payload of a virus, designed to get the unsuspecting to fork over credit card information.

[onceagain]

I wonder if you can get infertility treatments for fake AV programs that can't self-replicate.

[SirDice]

Quote: Originally Posted by cwtnospam And how do you know it isn't self replicating? The only person that uses the computer says he didn't install it.

Contrary to what you might think malware doesn't spontaneously execute itself once it arrives on your system.

Quote: The fake av software might not be a Trojan but the payload of a virus, designed to get the unsuspecting to fork over credit card information.

Sigh.. Fake AV software is the very definition of a trojan. And no it's not delivered as a virus (a virus needs to attach itself to another executable). It could be delivered using a worm but someone has to execute it. It doesn't automagically start itself.

[cwtnospam]

TRIPLE SIGH.
Guess what? If it's delivered by a worm or a virus, there is nothing to stop said worm/virus from running the Trojan.

[SirDice]

Quote: Originally Posted by cwtnospam Guess what? If it's delivered by a worm or a virus, there is nothing to stop said worm/virus from running the Trojan.

You really have absolutely no clue whatsoever on how malware works do you?

[cwtnospam]

I know how software works and I know you're trying to spread FUD.

Viruses run. It doesn't matter when they run, as long as they do. What they do is up to the virus writer.

[SirDice]

Quote: Originally Posted by cwtnospam I know how software works and I know you're trying to spread FUD.

The only one spreading FUD is you my friend. You're the one that goes to great length trying to "debunk" the truth, creating uncertainty and doubt by using false and inaccurate arguments.

Get your facts straight and you will realize there is nothing magical about OS-X that would make it invulnerable to malware. Once you realize that you can take action that will mitigate the risks. For some people that action might be to install an AV. For you perhaps not, I'll let you decide that for yourself.

As for the fear, it keeps you on your toes, keeps you alert. There's nothing wrong with that.

[cwtnospam]

Quote: Originally Posted by SirDice The only one spreading FUD is you my friend. You're the one that goes to great length trying to "debunk" the truth, creating uncertainty and doubt by using false and inaccurate arguments. Get your facts straight and you will realize there is nothing magical about OS-X that would make it invulnerable to malware. Once you realize that you can take action that will mitigate the risks. For some people that action might be to install an AV. For you perhaps not, I'll let you decide that for yourself. As for the fear, it keeps you on your toes, keeps you alert. There's nothing wrong with that.

Fact: There is nothing magical about AV software that will make ANY system 100% secure.

Fact: Many users think that AV software protects them, so they're less careful about what they do.

Fact: AV software is yet another avenue of attack for malware.

Fact: You've recommended no action that will increase security. Zero. Nada. All you've done is try to scare people.

Fact: You've tried to claim that a virus couldn't install a trojan, and you've claimed that it is not (as in never) "delivered as a virus" when you must know that a virus can do anything it likes once it runs.

Fact: You've used the usual technique employed by those pushing FUD. First, claim that OS X isn't 100% secure. An easy claim, since no system is, was, or ever will be. Next, you make the huge leap from less than 100% secure to the idea that Mac users aren't vigilant enough. Then you offer the phony solution of using AV software.

You're right, you are a "security professional," and I mean that in the worst possible way.

[ArcticStones]

.
SirDice and CWT, the content of this discussion is interesting -- but this is turning into a duel. I strongly suggest you both lower the hostility a few notches, alternatively continue your exchange in the form of Private Messages.

-- ArcticStones
.

[SirDice]

Quote: Originally Posted by cwtnospam Fact: There is nothing magical about AV software that will make ANY system 100% secure.

I never claimed it would make it 100% secure.

Quote: Fact: Many users think that AV software protects them, so they're less careful about what they do.

I've said exactly the same thing, you might want to read back.

Quote: Fact: AV software is yet another avenue of attack for malware.

Partly true. Running no AV will certainly not be any worse.

Quote: Fact: You've recommended no action that will increase security. Zero. Nada. All you've done is try to scare people.

No, I'm trying to create awareness. Something you seem to lack.

Quote: Fact: You've tried to claim that a virus couldn't install a trojan, and you've claimed that it is not (as in never) "delivered as a virus" when you must know that a virus can do anything it likes once it runs.

Sure a virus or worm can do what ever it wants but when a payload is delivered by a virus or a worm it's not in the form of a trojan. That would be rather pointless, wouldn't it?

Quote: Fact: You've used the usual technique employed by those pushing FUD. First, claim that OS X isn't 100% secure. An easy claim, since no system is, was, or ever will be.

I never claimed another OS was, is or will be. I do notice however a lot of Mac users seem to think it is.

Quote: Next, you make the huge leap from less than 100% secure to the idea that Mac users aren't vigilant enough.

A lot of Mac users bought a Mac because they didn't want to deal with all the "technical" details of using a computer. I also know that quite a few bought a Mac because they were tired of getting malware on "that other" platform. So yeah, I am assuming they're not vigilant enough.

Quote: Then you offer the phony solution of using AV software.

Not a phony solution. It's part of a solution.

Quote: You're right, you are a "security professional," and I mean that in the worst possible way.

Calling me names doesn't prove me wrong.

[SirDice]

Quote: Originally Posted by ArcticStones . SirDice and CWT, the content of this discussion is interesting -- but this is turning into a duel. I strongly suggest you both lower the hostility a few notches, alternatively continue your exchange in the form of Private Messages.

You're right. I got a little carried away.