Nice Anti Key Logger

[jwlsinx]

I am one who is forced to use public computers for much of my internet browsing, which includes online banking, etc. One thing that has always worried me is the potential of key loggers. From personal tests, one thing that I found worked was to use character map to create various parts of the username and password, and then cut and paste them into the appropriate fields. However, many keyloggers can grab images of the current cache on the computer, which defeats the purpose.

Is there any known quick and effective way to determine if a computer is safe to use (a http check that goes through all running processes, that doesn't need to be installed and then run would be the best).



Cheers.

 

[big daddy fatsacks]

i believe there are hardware devices that can grab keystrokes as well. so that defeats anything that is checking processes running on the machine itself. if you do not have a personal computer that you can be responsible for the safety of then i would suggest doing all your banking in person.

 

[UMCPWintermute]

The best way to securely log onto a machine without worrying about keyloggers is to use S/Key.

More information here. It is - in short - a one time password system.

 

[Yoblad]

i believe there are hardware devices that can grab keystrokes as well. so that defeats anything that is checking processes running on the machine itself. if you do not have a personal computer that you can be responsible for the safety of then i would suggest doing all your banking in person.

I agree. NEVER do personal banking or things of that nature on a public computer.

 

[LstBrunnenG]

Bah, nobody at my school is smart or geeky enough to go to newegg (which constitutes the entirety of the banking I've done/will do at school).

 

[lomn75]

Bah, nobody at my school is smart or geeky enough to go to newegg....

You do realize the concept of a keylogger, right? It records, among other things, login/password combos. Doesn't mean squat if the keylogger owner doesn't know about the site you've visited.

Anyway, to the OP: I'm with the "don't do important stuff on public terminals" idea. Even if you can find a good keylog buster, it's probably not legal to use w/o consent of the owner.

 

[bignasty]

i will also say that you shouldnt do any banking or anything on a public computer, not only can u not know who is watching it is not only the public you need to be aware of but the admin of the place whose computers you are using, i admin a local library and i do monitor most traffic in and out of that place as closely as i can, we also have monitoring software installed on all machines so that any given time i can sit at my server, or one of the staff workstations and see what each person is doing on there public machines. I would not sell any of my users info or use it against them as that would be unethical, but i am just mentioning that admins do hold that power, and some may be more corrupt than i

 

[LstBrunnenG]

You missed my point. If nobody at my school is smart enough to go to newegg, do you think they'll be smart enough to find and/or make a keylogger? Let alone widely distribute it enough that I should worry about it?

 

[UMCPWintermute]

The question goes back and forth - how much do you value your private information?

Do you value it enough to take the added steps to prevent against keyloggers by using some kind of secure authentication method, refrain from using public terminals to access sensitive information, etc.? That's a question that only you can answer.

We can provide advice on what to do if you value your information enough to take measures to keep it secure, but if you don't value it - you can feel free to ignore what we say.

If it was me, even if I knew that everyone in my school was technologically ignorant and was incapable of spelling keylogger or packet sniffer, let alone use one, I'd still make sure that my data was secure. But then, I'm just very paranoid.

 

[big daddy fatsacks]

You missed my point. If nobody at my school is smart enough to go to newegg, do you think they'll be smart enough to find and/or make a keylogger? Let alone widely distribute it enough that I should worry about it?

someone is maintaining those public computers right?

 

[jwlsinx]

Well, I value my information quite a bit. The only problem is, is that I am currently living abroad, with all my US banks back home (not any US banks over here). I work for an organization that (currently) doesn't allow one to purchase or keep a computer with them. Since I am in the office now, that doesn't matter as much, but when I go back out, I will only have that once a week internet option. Thats the real problem.

I have seen some javascript / java username and password programs, run server side (like at the e-gold.com website) that keeps one from having to use the keyboard to log in. Is there any way to incorporate something like that in a personal web page hosted elsewhere (https) through frames?

Its kind of a sticky situation as you can see.

 

[sparkles]

well you could just have a website with all your usernames and passwords on it so that you need only cut and paste details, but then that's probably not the smartest option

everything that can be made, can be unmade. security is a trade off between functionality and integrity. you have to weigh up in your own mind the options- is it worth the risk to use the net to do something that *could* be watched.

i'm in a similar situation to you at the moment, and i personally view the risk of someone using a keylogger or other monitoring system to be rather low. if i really wanted to, i could pay large fees and conduct banking over the phone or through my new irish bank (at even more insane rates). however, i feel that the fees i would pay to this would be so much higher than what anyone could take out of my account anyways (curses to the irish pubs ), so i use the net.

 

[big daddy fatsacks]

I work for an organization that (currently) doesn't allow one to purchase or keep a computer with them.

WTF??