Solved

Protecting Users from Keyloggers

Posted on 2004-10-06
7
629 Views
Last Modified: 2013-11-16
Has anyone found an effective way to protect their networks from keylogging programs?  (Outside of preventing users from opening executable files.)  Are there any good shareware programs that specifically scan for keyloggers?  Spybot-like programs should protect against most keyloggers, right?  Do you guys consider keyloggers to be a considerable threat to network security?  (Their remote depoyment capabilites have me somewhat freaked. :)  

Thanks!!
0
Comment
Question by:meade470
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 18

Assisted Solution

by:luv2smile
luv2smile earned 30 total points
ID: 12237319
I definately consider them a threat to network security as someone can see any information typed including passwords.  However, they are one of many possible threats out there today.

In general, start with basic security concepts: Run and keep updated antivirus software, use a firewall....look at both software firewalls and possibly hardware firewalls, use ad aware programs such as Ad-Aware and Spybot.

Here's an article on the topic:

https://ss.nus.edu.sg:9876/articles/Protecting%20yourself%20against%20KeyLoggers%20and%20Spyware%20in%20general.html

0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 60 total points
ID: 12237562
> Are there any good shareware programs that specifically scan for keyloggers?

i have no direct good suggestions on the specific scanner, but i think you can detect existence of such keylogging programs, by monitoring currently opening files. Sysinternals' FileMon is a good freeware for this. you may learn and download it at http://www.sysinternals.com/ntw2k/source/filemon.shtml.

after running FileMon, if a strange file is keeping opened all the time, it should be suspected as the data file of a keylogging program. you should study more on its host program which is opening the strange file.

anyway, there are some specific software available on the market, such as Anti-Keylogger 5.3, but who knows itself is not a spyware or even a keylogging software? hehe ;))

> Spybot-like programs should protect against most keyloggers, right?

not exact.

> Do you guys consider keyloggers to be a considerable threat to network security?

y. if the log has been sent to the malicious hackers, all the confidential information you inputted should be known by them. you know what it does mean!

> (Their remote depoyment capabilites have me somewhat freaked. :)

if your system is well patched and protected, the malicious guys can not deploy such a software on your system.

hope it helps,
bbao
0
 
LVL 6

Accepted Solution

by:
knoxj81 earned 110 total points
ID: 12238035
Spybot will detect SOME, but won't prevent. As far as preventing you need a program to monitor registry, BHO's, and a good virus scanner as well as a firewall to detect inbound/outbound traffic. Here's a list of the best programs with some sites to use for research:

I would use these programs to help you prevent this from happening again:

Antivirus:
Kaspersky Antivirus 5.0 (new version) http://www.kaspersky.com/personal
This program is the best by far. It updates every 3 hours, scans web browser scripts also.
I've tested many other virus scanners through the years and this is by far the best.

AVG is also a great virus scanner (more for home user) not to mention they have a wonderful FREE edition.
http://www.grisoft.com/us/us_dwnl_free.php

Firewall:
Sygate Personal Firewall Pro - Compared to ZoneAlarm or Nortons which both have tons of exploits to drop their service like a fly. Sygate is the choice for a software firewall.

Sygate has a home editon for free as well.  www.sygate.com

Spyware/Adware/Malware/Dataware:
AD-AWARE - www.lavasoftusa.com
If you can afford it by the PRO version, the extra feature AD-WATCH is well worth it for it monitors your registry and notifies you of any changes made allowing you to ALLOW or REJECT the request on the fly.

RegistryProt 2.0 - http://www.diamondcs.com.au/index.php?page=regprot
This is a free program to monitor all changes to registry. This is a must in security for you windows machine. Big help in eliminating spyware, Trojans, backdoors, etc..

BHO Demon - www.majorgeeks.com/download3550.html  (mirrored)
This is a must now-a-days if your running Internet Explorer! BHO is used in a lot of the recent IE exploits as well as keyloggers. Windows XP SP2 offers something along these lines, but why trust M$.

IDS ( Intrusion Detection System ): - snort.org
I was reading my Windows & .NET Magazine, and it has a great article on SNORT. Setting it up and everything. Page 51! Or you can buy the book SNORT 2.1 Second Edition. This program is absolutly promising, this is for extreme paranoid users & advanced users.

References:
http://isc.sans.org/index.php?off=diary -Everyday info on the latest exploits/virus/security issues.
http://eeye.com - perfect for advisories and the best security software.
www.majorgeeks.com - Every program a nerd could think of!!
www.sygate.com – Great Software firewall.
www.kaspersky.com – Best AV on the market.
www.lavasoftusa.com – Best spyware removal program.
http://www.grisoft.com – Wonderful FREE AV.


Good Luck,

Jorden
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 2

Author Comment

by:meade470
ID: 12238085
Thanks, guys.  These are all great responses.  I'm new to this site--can I award points to all of you for answering, or do I have to choose only one?
0
 
LVL 37

Expert Comment

by:bbao
ID: 12238195
just click the link of "Question and Answer tips", specifically, please go to http://www.experts-exchange.com/Security/help.jsp#hi19 for how to split the points.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238229
Just a hint: I'd advise you use some app to monitor active processes and kill/report everything not explicitly permitted. This way you'll also avoid users running games and other crap. :)
0
 
LVL 2

Author Comment

by:meade470
ID: 12238532
Thanks, guys!  Great site!  I'll see ya around ;)
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question