key loggers

I hope this is the right forum to ask my question.
Is there a difference in key loggers ?
What I mean is key logger that works under Windows
does it also works under Linux.
Are there known key loggers that works under Linux.
And if that is the case what can we do to detect it , or privent that it get installed.
regards
dobby9

Key loggers are just programs that run in the OS. So a Windows key logger would not work under Linux simply because it’s a Windows program. You would have to write a Linux key logger.

Sure, it’s possible to create a key logger under Linux too. If I hand you a computer with Linux installed which I have modified, you may not be able to tell if I have installed something that logs everything you do. The question really is, can a key logger be installed by a virus or by malware acquired from unsafe web browsing. Then, the answer for Linux is just like for other malware: the chance is much much smaller than for Windows.

To be safe for secure transactions you should to use your own computer, and not use other people’s computers. (This is assuming that you keep your computer well maintained, of course.)

It takes social engineering to install rootkits, malware, viruses and key loggers on Linux. You have to convince the user to enter their root password to install the object. User-space, kernel-space, hardware-space are all seperate in Linux. Drive-by infections don’t occur in Linux because of this and the fact that Linux doesn’t support Active-x controls.

There have been some Linux and Unix viruses throughout history but in every case the server admins did not patch their systems or follow best-practices for securing servers.

For desktop computers, even though we have almost the market share of Apple systems, we still have not seen infections. Despite what the Microsoft horde will tell you, this is not due to lack of targets because of small market-share. People are trying to infect Linux systems because it would be big news when somebody actually accomplished infecting a Linux system with a virus or spyware. It is the structure of Linux that makes writing viruses difficult.

Unless someone who knows your root password sat down at your computer and installed a key-logger; you don’t have one.

mooreted wrote:
> It takes social engineering to install rootkits, malware, viruses and
> key loggers on Linux. You have to convince the user to enter their root
> password to install the object. User-space, kernel-space, hardware-space
> are all seperate in Linux. Drive-by infections don’t occur in Linux
> because of this and the fact that Linux doesn’t support Active-x
> controls.
>
That is one way but there are other ways besides social engineering to
do this. Crack a weak user password and you are set, crack a weak root
password and you most likely will never find out it is on there.

> Unless someone who knows your root password sat down at your computer
> and installed a key-logger; you don’t have one.
>
Unless you had a vulnerable service running and they got in that way. Or
brute forced an account via ssh. There are tons of ways to break in
besides social engineering or drive-by infections. To think you are
invulnerable (not saying you do) because of the way linux is built is
just false.

In essence don’t let strange or untrustworthy people near your PC.
Make sure you have good passwords, in Linux you can use these keys ^*$()# as part of your password.
When the Suseupdater has a security update install it.

OK updated my system as soon as updates are there
Use a strong password
Never login as root in GUI
Run rkhunter
Run avast4 virus scanner
After a few minutes my screen is lock
What else can I do to make it as secure as possible
dobby9

Don’t go to dodgy websites. There may be unknown vulnerabilities in proprietary plugins like Flash Player and Acroread. It’s too limiting to not use them at all, but at least you can reduce the risk. Have a look at the Flashblock add-on for Firefox which prevents flash panes from autoplaying.

Yes, if your root password is God, you deserve to get hacked. :slight_smile:

But, while it’s not impossible to get infected running Linux, the chances are slim. Just use some common sense and don’t enter your root password unless you know why your doing it and the risks involved. Don’t download software from the Internet, use the repositories. Stay away from bouncing bunnies. :slight_smile: You don’t need to update your software all the time, but you do need to keep up with security updates.

One of my favorite sites is LinuxSecurity.com.

Here is a great article to start learning basic security:

Linux Security for Beginners - Table of Contents

Work smart and Linux will treat you right.

The truth is there no system unbreakable
It just how many effort they put in breaking you’re system.
There is No such thing as no risk
dobby9

LOL, any operating system is sure to has bugs and that’s why we need to keep updating to ensure computer security.
Cyber crime attack Windows and Mac OS with keyloggers and sure can make one for Lunix.

The best way to protect your computer against keylogger is:
-always keep updating your system.
-install trustful anti-spyware, anti-keylogger, anti-virus programs.
-install and keep updating firewall.

Good luck dude!

In its simplest definition,

A keylogger is something that intercepts signals between the keyboard and the OS proper. This is not generally difficult because the I/O required is published and easily accessible. You can have both hardware devices (plug the keyboard into the keyloggeer which then plugs into the system) or software, and you hope that the OS has sufficient security policy in place to prevent rogue, unauthorized installation. This is why you should never do anything related to your Personal Information on a shared system, always use your own, personal hardware.

My most recent amusing encounter with a keylogger is the extremely popular alternative Google Keyboard installable on any Android device through the Play Store which provides a full keyboard instead of a custom “one hand” keyboard/keypad. In the Terms of Agreement Google is very up front and transparent about how the use of the keyboard sends everything to Google which “may” be used as they wish.

So, not all keyloggers are criminal or under-handed, it can also be with complete disclosure.
:slight_smile:

TSU

On 2013-09-01 02:26, tsu2 wrote:
>
> In its simplest definition,
>
> A keylogger is something that intercepts signals between the keyboard
> and the OS proper. This is not generally difficult because the I/O
> required is published and easily accessible. You can have both hardware
> devices (plug the keyboard into the keyloggeer which then plugs into the
> system) or software, and you hope that the OS has sufficient security
> policy in place to prevent rogue, unauthorized installation. This is why
> you should never do anything related to your Personal Information on a
> shared system, always use your own, personal hardware.

I have seen “cable interceptors” connected on the keyboard, mouse, and
video cable, on a school. The teacher could switch to any computer, have
a look, or intervene.

> My most recent amusing encounter with a keylogger is the extremely
> popular alternative Google Keyboard installable on any Android device
> through the Play Store which provides a full keyboard instead of a
> custom “one hand” keyboard/keypad. In the Terms of Agreement Google is
> very up front and transparent about how the use of the keyboard sends
> everything to Google which “may” be used as they wish.
>
> So, not all keyloggers are criminal or under-handed, it can also be with
> complete disclosure.
> :slight_smile:

Wow. I was not aware of that one, not even installed it. I use the
default keyboard by Samsung. But I have used the “voice keyboard” that
translates voice to words. It doesn’t run locally, it sends the voice
pattern to google.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

tsu2 wrote:
> My most recent amusing encounter with a keylogger is the extremely
> popular alternative Google Keyboard installable on any Android device
> through the Play Store which provides a full keyboard instead of a
> custom “one hand” keyboard/keypad. In the Terms of Agreement Google is
> very up front and transparent about how the use of the keyboard sends
> everything to Google which “may” be used as they wish.
>
> So, not all keyloggers are criminal or under-handed, it can also be with
> complete disclosure.
> :slight_smile:

Hmm, I don’t think sending keystrokes to a remote server is a feature
that normal people would expect from a keyboard. I’d guess rather that
there would be a presumption of privacy. So I’d say that only mentioning
it in the T&C rather than in bold print in the list of features was
indeed ‘underhand’ and probably breaches some European law or other. At
least I’d hope it does.

A prediction on a related topic: with the growth of cloud-based
features, it will become a requirement to state the legislative
environment under which all cloud-based services and storage are
provided to a device. So a Google keylogger that transmitted data to a
server in a legal environment open to the NSA would have different
consequences to one open to GCHQ, for example, depending on where your
device is and where you are a citizen.

On 2013-09-02 12:45, Dave Howorth wrote:
> tsu2 wrote:

>> So, not all keyloggers are criminal or under-handed, it can also be with
>> complete disclosure.
>> :slight_smile:
>
> Hmm, I don’t think sending keystrokes to a remote server is a feature
> that normal people would expect from a keyboard. I’d guess rather that
> there would be a presumption of privacy. So I’d say that only mentioning
> it in the T&C rather than in bold print in the list of features was
> indeed ‘underhand’ and probably breaches some European law or other. At
> least I’d hope it does.
>
> A prediction on a related topic: with the growth of cloud-based
> features, it will become a requirement to state the legislative
> environment under which all cloud-based services and storage are
> provided to a device. So a Google keylogger that transmitted data to a
> server in a legal environment open to the NSA would have different
> consequences to one open to GCHQ, for example, depending on where your
> device is and where you are a citizen.

Indeed…


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

I agree with you. But personally I still don’t like Keylogger. If protecting own computer against malicious attack that would be approvable. To spy or monitor without telling the users, that’s quite unacceptable. There’s no privacy at all!

Key logger on UNIX/Linux is just too dangerous and too bad for password security: to understand how bad a key logger can be, I developed a password logger for tty, and found on Linux system, the process names can be changed on the fly, and found even without root, so long as /dev/ptmx and /dev/tty permission are set as 666, by create a bash function, when the user run ssh, the password/passphrase can be captured. I created this program to understand whether this type of logger can be detected, but after thinking, seems it’s not possible or at least very hard to be reliable.

The following are the contents captured during the test:
root@rl53’s password: abcd
root@rl53’s password: 1234
root@rl53’s password: mnbv
gwz@rl53’s password: pppp
gwz@rl53’s password: qqqq
gwz@rl53’s password: eeeee

and because hard to detect, this is very bad for password security.

Hello there.

Is there really NO way to detect and remove them? (short of reformatting disk & re-installing os, sw, patches, backups, …)

Help!!!

DM

Okay, I’ll ask the question. Why do you think there is a key-logger on your system? Are you talking about your own personal computer or a company computer. I’m not sure about elsewhere, but here in the US, it is legal for a company to use key-loggers, read your emails, etc. and many companies do. If you try and thwart this process, you will most likely find yourself without a job at the very least.

If it is your home computer, as the others have said, it is highly unlikely that you have a key-logger installed. And as the others have said, common sense rules the day. Strong passwords, be aware of where you go and what you download and, if you don’t live alone, don’t leave the computer turned on and disable any auto-logon features. As an added note, if you’re using a laptop, be wary of any wifi hotspots, there have been instances of even reputable(?) companies using key-loggers.

On 2014-06-19 22:56, sparkz alot wrote:
>
> Okay, I’ll ask the question. Why do you -think- there is a key-logger on
> your system? Are you talking about your own personal computer or a
> company computer. I’m not sure about elsewhere, but here in the US, it
> is legal for a company to use key-loggers, read your emails, etc. and
> many companies do. If you try and thwart this process, you will most
> likely find yourself without a job at the very least.

It is completely illegal in Spain, and probably a good part of the
European Union. In fact, companies have been fined for “only” reading
emails sent/received by employees. People doing it risk not only fines,
but prison. It is a comparable crime to placing security cameras on the
bathrooms.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)