Protection Against Keyloggers Any Advice, Zemana ?

Status
Not open for further replies.
Joined
Jul 23, 2008
Messages
9,808
Location
New Jersey
Our I.T. person in charge of keeping our computers running good and keeping them safe say we should have an anti keylogging program installed because avast does not protect against that sort of security breach it does a few other things also but i don't remember what was said anyone know anything about these? One they mentioned was Zemana i think. They are not trying to sell this they just said we should have it on the main computers and some are free. Any help would be great. I only care about the three Computers with customer information one at the shop and two at wifes office.
 
Use sandboxie on your preferred internet browser.

Personally I prefer chrome. Its a good mix of security and speed. Firefox seems bloated on any system I use it on.

Internet explorer is about as safe as sticking $100 bills on your driver side window in a bad neighborhood.

Nothing personally against internet explore, I'm just not a glutton for punishment.

Malwarebytes is free if you want its pretty well known for and when most anti virus company's have problems they turn to malware bytes so that's saying something.
 
Bitlocker is best if more security is needed.don't sweat ie is is safe ,when used with ms anti virus.ie does one part ,av the other ,togueter?good luck hacking and if you did ,ms knows about it.have you ever wondered why they never test ms defender togueter with ie and malicious software removal tool?because they know ms way might be different but its a very secure combo
 
Originally Posted By: yvon_la
Bitlocker is best if more security is needed.don't sweat ie is is safe ,when used with ms anti virus.ie does one part ,av the other ,togueter?good luck hacking and if you did ,ms knows about it.have you ever wondered why they never test ms defender togueter with ie and malicious software removal tool?because they know ms way might be different but its a very secure combo


Ms defender isn't a bad AV or should I refer to it as a anti malware?

Regardless its a anti virus for people with common sense.

Altho Ms defender is a joke when it comes to protecting people from viruses/rootkits and .. Well the list just goes on.

In all honesty if you are a smart user and you don't run as Admin you shouldn't need a virus.

The biggest problem tho isn't virus,rootkits, etc its day one exploits. Simple fact is NO anti virus will protect you from let's day one exploits.


Sandbox's are a great line of defence. You can search the web where ever you like.

You will see video and reviews one after another that praise Sandbox's for their effectiveness.

Iv seen videos where people actually download 200 virus to their PC. Then run the programs. Close the sandbox and scan the PC. Not a single virus between the 5 or so (popular name brand) anti virus.

You simply can't go wrong and if you have children its a great choice.
 
Malicious software removal tool is to counter malware,why separate,ms got sued for bundling so now they leave it to user.if say an entity still had potential unknown ?emet (also from ms)is there .but user should read and understand ms how to about emet.
 
There's no hard and fast way to protect your corporate networks from keyloggers and such.

There shall be multi-fauceted ways to deal with the situation (or protect your office network from harm), and it will cost a bit of money.

To start: if your environment is in a Windows AD situation, make sure most users including your management level, shouldn't have too much rights beyond what's needed. Lock the user accounts down whenever possible.

2nd: make sure you have a valid AV solution on all PCs.

3rd: restrict user's internet access to only their job-related sites. Using filters like websense and rigidly enforce it. Don't give anyone access beyond what's needed (work-related) on the network.

4th: set all your PCs, servers, etc. to aggressively obtain and force them to update on a regular basis: e.g. every 2nd Tuesday (or sometimes even the 4th tuesday of the month).

5th: when possible, have email filtering appliances on the gateway level to filter off unwanted spams, luring emails (with http redirection to spammy site or malicious site).

6th: for those who needs internet access, have malwarebytes installed to protect the browser from BHO hijacking, malicious java scripts, malformed XSS or html, etc.

7th: consider the use of a power DNS host such as OpenDNS, etc. to protect online activities from being mis-directed to questionable/malicious sites, including those potential activities triggered by keyloggers, etc.

8th: always start with a clean PC image with AV installed and configured. Never try to salvage an infected PC and put it back into the network/in-service.

9th: use an effective firewall on the network border side.

10th: set computer usage/internet policy within corporate environment and have all the staffs acknowledged and signed them. This will help in properly enforcing safe/proper internet usage and protect from abuse.

Good luck.

Q.
 
Most operating systems including Windows come with an On-Screen Keyboard which can be used by a mouse with a touch screen to enter information rather than using a keyboard.

Bitdefender total security anti-virus also offers extra security for on-line banking, etc.
 
Originally Posted By: SrDriver
Most operating systems including Windows come with an On-Screen Keyboard which can be used by a mouse with a touch screen to enter information rather than using a keyboard.

Bitdefender total security anti-virus also offers extra security for on-line banking, etc.


On screen keyboard will not protect against keyloggers... Unfortunately but good call
 
Well, it would protect against a hardware keystroke logger, as in one attached to the keyboard.
wink.gif
 
On screen keyboards typically are no better than regular keyboards for defending against key loggers, although they can prevent keystrokes from being detected by a hardware key logger.

Some antivirus programs like Kaspersky Internet Security have on screen keyboards that are supposed to defend against key loggers. There are also on screen keyboards like Neo's Safekeys and GData is supposed to have protection against key loggers.
 
Of course, if there's no physical security to the computer in the first place, using an onscreen keyboard to protect against such a hardware keylogger would be rather pointless, too.
wink.gif
 
If somebody has enough physical access to the computer to install a hardware key logger, they can potentially do whatever else they want to do. If the computer is running and the person who owns it or is using it is logged in but not present, software could be installed also. But hardware key loggers are dangerous. There has to be security and not just anyone allowed to go into the server room. Just because somebody says they are a technician and they have some sort of ID does not mean they are automatically allowed in. Social engineering is one way for a criminal to get into the server room. A hardware key logger can even be installed in a keyboard. Where I worked we questioned everybody. Just because somebody shows up with what looks like an ID means nothing. And people logged out of their computers if they were going to take a break or be gone for a short time.

But typically people are going to be attacked from the internet. So that means software key loggers and screen capture software. There are various ways to combat all of this ranging from simple ways to special software. Some antivirus software have protection and there are password managers (most not worth a darn) and other software. Just typing in extra characters and backspacing can make a difference. And using good quality passwords.

I like Neo's Safekeys. And a security expert (Bruce-I can't remember his last name) recommends Password Safe. F-Secure, Panda, Kaspersky, Bitdefender, and GData are some of the antivirus programs I am aware of that have some protection at least for online banking.
 
Originally Posted By: Mystic
If somebody has enough physical access to the computer to install a hardware key logger, they can potentially do whatever else they want to do.

Quite true, but the physical security is often overlooked. I'd like to think that in big, server environments, that physical security is pretty decent, but I'm sure there could be some cringeworthy moments induced with social engineering.
 
Status
Not open for further replies.
Back
Top