Ping a Specific Port

Question

Spencer Ruport

Asked: 2009-07-12 15:46:26 +0800 CST2009-07-12 15:46:26 +0800 CST 2009-07-12 15:46:26 +0800 CST

Reliable software keylogger detection?

772

I may be dreaming here,

But is there a reliable method for keylogger software detection? I'm primarily a developer but I run a couple servers and the thing that worries me most is a software keylogger on my personal system that does a good job of keeping quiet.

Is there any way to be sure there isn't a software keylogger on my personal system snagging all my RDP passwords?

4 Answers

Voted

Oskar Duveborn · Answer 1 · 2009-07-12T16:34:45+08:00

If you aren't careful about how you trust and authenticate your RDP connections - your passwords and anything else you type is easily snaggable in near real-time over the network any way... so why worry about local keyloggers? ;)

As some have already said, no - there is no reliable way. A rootkit can easily make itself completely undetectable for all eternity without even having to disguise as another processes. Nothing is secure. Stuff is just insecure to varying degrees ^^

One trick could be to wipe the system and install it without being connected to a network. Set up Bitlocker using TPM and have it verify that all system files are unmodified on each boot - and let it deny you booting/decrypting if not (then you'll have to do a controlled wipe again). Still, there are certainly still flaws where a keylogger could be installed without being detected.

All in all, using only passwords aren't nearly good enough for anything requiring a moderate level of security. Two-factor authentication with one-time-use passwords would help, as would smartcard-based authentication or other independent device certificate-based authentication.

David M Williams · Answer 2 · 2009-07-12T16:03:28+08:00

David M Williams

2009-07-12T16:03:28+08:002009-07-12T16:03:28+08:00

Ideally, your servers will be pretty tight - are these corporate servers or personal servers which also are used for web surfing?

In general, I don't believe there is any "one" way to reliably detect any arbitrary keylogger, but these general things may help.

Check the Task Manager. If there is any task running that you do not recognise look it up using Google.
Use msconfig to determine what is running at start up
Ensure your anti-virus software is up-to-date
Run a program like Malwarebyte's Anti-Malware, or Spybot Search&Destroy
Perform a search for the most recent files stored and check anything which is continually being updated

2

CesarB · Answer 3 · 2009-07-12T16:16:46+08:00

CesarB

2009-07-12T16:16:46+08:002009-07-12T16:16:46+08:00

There can be no reliable way unless you fully control the client system's hardware, because there are also hardware keyloggers.

And even if you do, there is still the old camera trick.

2

Adam Brand · Answer 4 · 2009-07-12T18:14:13+08:00

Adam Brand

2009-07-12T18:14:13+08:002009-07-12T18:14:13+08:00

You could try running something like KeyScrambler to protect yourself. From what I understand, it hooks into the system at the kernel level and sends any programs hooked into the global keyhooks (keystroke loggers) gibberish information.

Other than that, theoretically you can create a program that monitors at least the api calls, but I wasn't able to locate one.

0

Reliable software keylogger detection?

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?