Regarding Internet security and safety.

I started a site a few years ago to offer up free information on internet security and safety for home and business but due to lack of interest in people seeming to give a damn about it, I let it slide. Haven't made any updates in over a year now and it's offline. Still have the domain name and i'm looking to bring it back with an overhaul...

What i'm looking for from members is the questions that you would have about internet security and safety - the "if I do this, what can happen" type of questions - and it can be on any subject - i'm looking for content and answering questions is the easiest way to get it.

If you're willing, hit me.


If you want my qualifications, just ask.

I would like to know about keyloggers and how exactly they work. Is it an executable that installs itself? Can you get logged just by clicking a wrong link? I was always terrified of them back when I played WoW (eventually got an authenticator for it and stopped worrying) but I could never get a satisfactory answer on how they worked. I also remember issues where people would get hacked because of Flash scripts or something? How does that one work?

I would like to know about keyloggers and how exactly they work. Is it an executable that installs itself? Can you get logged just by clicking a wrong link? I was always terrified of them back when I played WoW (eventually got an authenticator for it and stopped worrying) but I could never get a satisfactory answer on how they worked. I also remember issues where people would get hacked because of Flash scripts or something? How does that one work?

http://en.wikipedia.org/wiki/Keylogger

do read

http://en.wikipedia.org/wiki/Keylogger

do read

OK, maybe he can write an article on it for the less computer literate O.o most of that makes little sense to me.

ok, i will help explain what i know of it

keyloggers are softwares that track how a person type on his/her keyboard. it's useful in determining passwords and other sensitive informations. usually, it's hidden deep inside the computer program and automatically records what you type on your keyboard. usually, they are noticable thorough different ways ranging from a peculiar black device attached at the back of your computer to a peculiar icon on the computer screen or a odd looking website to a distinct flickering of a computer screen

rhynes will provide more details

I would like to know about keyloggers and how exactly they work. Is it an executable that installs itself? Can you get logged just by clicking a wrong link?

At a very basic level a keylogger simply records the keys that you press. I use one as a fail safe when I am working on important projects, in case of power loss, and it has saved my ass a couple of times.

There are varying levels of functionality available. Some of them are 'dumb' in that they simply record your keystrokes and dump them into a text file. Others are smarter, and record time stamps, what applications you are opening and closing, what website you are visiting, etc.

A keylogger in itself is not really a threat. However, many other malicious software packages include keylogging functions. Malware that gives an attacker access to your computer AND has a keylogger is probably what you would be concerned about.

There are a variety of ways they could be introduced to your system.

To add to what was said above - and here is the danger part of it. I'll use an example. Keyloggers can carry the extensions of exe, dll, bat etc.

We all know that Virii/trojans/malware etc are a part of the windows world - the danger lies in the fact that people are complacent over infections - many carry the attitude that it's not really a big deal. That the only dangerous viruses are the ones they talk about on the news. The fact is, any infection can destroy you financially.

Here's one of a hundred examples I can give you. A friend called me one night, her computer was infected and that she would get it to me in the next few days, again no big deal to her. Her kids and her husband surfed on it and yes, it had many infections. Forensics on the hard drive revealed the log from the data miner/keylogger - and all of her bank card numbers AND passwords were listed.

Now I called her at 3 in the morning to tell to her about it - after she got through ragging my ass for the early phone call I started calling off her bank card numbers and passwords to her, and told her simply to get on the phone with the bank now, change the passwords and tell them what happened. She called back an hour later - yes someone had already tapped into her bank accounts - her corporate accounts for her business.

Infections that carry keyloggers and data miners need a way to get the information off your computer - so the installation of a very small smtp mail server (gives the capability to send email) generally goes hand in hand. Any information, not just banking, can be mined and emailed to the person that created/modified said trojan.


This is just the keylogger - Other infections go alot further than that.

keyloggers ONLY record everything you type and the more advanced ones also have screen captures which can be set up at regular intervals. There is no actual threat in this anymore than your "briefcase" .
They are free to download and use and even tells you how they work.

The only real threat is where and how it got onto your computer and what additional software it came with. But honestly.. if someone is smart enough to use their pc for secure personal work like financial transactions and even more,- corporate finances, they should be smart enough to have a virus scanner running. (no offence to your friend, i know a couple of people like that too)

...But honestly.. if someone is smart enough to use their pc for secure personal work like financial transactions and even more,- corporate finances, they should be smart enough to have a virus scanner running. (no offence to your friend, i know a couple of people like that too)

Or they should be firewalled up to the neck and running all thier browser instances in a VMware session with the corporate transactions via a secure VPN...

Of course, a 'secure network' is basically an oxymoron anyway. :rolleyes:

keyloggers ONLY record everything you type and the more advanced ones also have screen captures which can be set up at regular intervals. There is no actual threat in this anymore than your "briefcase" .
They are free to download and use and even tells you how they work.

The only real threat is where and how it got onto your computer and what additional software it came with. But honestly.. if someone is smart enough to use their pc for secure personal work like financial transactions and even more,- corporate finances, they should be smart enough to have a virus scanner running. (no offence to your friend, i know a couple of people like that too)

Point taken and understood - you're being a little brash with your post LawrieFX so you're going to get it in return... If you rely solely on your antivirus - you are a fool. There are NONE out there that are perfect - no matter what the claims are.

I've got clients that have been infection free for almost 4 years because they know the do's and donts - but yet they are getting hit by these rogue antivirus programs and latest round of malware.

Of course, a 'secure network' is basically an oxymoron anyway. :rolleyes:

You got that right...

I'm running XP over linux right now - I know, another oxymoron but it's for testing purposes for my clients :D They want to keep XP, and I don't blame them

Point taken and understood - you're being a little brash with your post LawrieFX so you're going to get it in return... If you rely solely on your antivirus - you are a fool. There are NONE out there that are perfect - no matter what the claims are.

I've got clients that have been infection free for almost 4 years because they know the do's and donts - but yet they are getting hit by these rogue antivirus programs and latest round of malware.

i was trying to state a point. not be brash. Anyone with any sort of .. whats the word.. umm.. common sence? .. would know whats out there. Its not like you can live in todays era thinking everything you do online is totally safe.

out of curiosity, since you were the IT guy on your friends pc clean and fix up, what did you do to safeguard?

p.s. if i was your friends boss, no offence since this is business related but i would have filed a suit against her for doing company related dealings on her personal home pc which resulted in the companies financial loss.
Offices are set up for this sort of thing.

keyloggers ONLY record everything you type and the more advanced ones also have screen captures which can be set up at regular intervals.

I think your ''ONLY'' is a little strong. Some of them do a fair bit more in the way of recording, and are still billed as "keyloggers".

It's semantics, really, but if it logs keystrokes + FOO then is it no longer a keylogger? It's more, certainly, but still a keylogger.

You got that right...

I'm running XP over linux right now - I know, another oxymoron but it's for testing purposes for my clients :D They want to keep XP, and I don't blame them

Me neither. The day that DoD pushed a mandatory Vista "upgrade" to all of my XP machines, part of me died inside.

p.s. if i was your friends boss, no offence since this is business related but i would have filed a suit against her for doing company related dealings on her personal home pc which resulted in the companies financial loss.
Offices are set up for this sort of thing.

It was an example - cool your jets... She IS the boss, she IS the owner of the company...

Me neither. The day that DoD pushed a mandatory Vista "upgrade" to all of my machines, part of me died inside.

Vista was bad enough - 7 turned my guts... Not bad for home use but when it's domain controlled? I'm after losing more hair in the last few weeks... UAC has got to go.

Vista was bad enough - 7 turned my guts... Not bad for home use but when it's domain controlled? I'm after losing more hair in the last few weeks... UAC has got to go.

At least Microsoft was spot on when they set up the UAC spam cycle..."designed to annoy users" indeed.

Of course if it actually offered significant protection, I'd be more inclined to forgive its general stupidity on other levels.

I think your ''ONLY'' is a little strong. Some of them do a fair bit more in the way of recording, and are still billed as "keyloggers".

It's semantics, really, but if it logs keystrokes + FOO then is it no longer a keylogger? It's more, certainly, but still a keylogger.

true.. but then is a virus scanner a virus scanner if it has a firewall built in? :)

sorry when i said "only" i was refering to the actual keylogger and what it does. The extras could just mean its an all-in-one program.. like an embedded jpeg

It was an example - cool your jets... She IS the boss, she IS the owner of the company...

lol what gives you the idea im ticked off or something?

you didnt reply to my q tho. What did you do to safeguard/clean her pc?

Truth? There is ABSOLUTELY NOTHING I can do to safeguard her or anyone if they don't want to listen. It's her computer, I told her not to let her family use it but she did anyhow - and lemme tell you, since that happened, the family hasn't been allowed on it. It's business only.

People not listening is the prime reason I won't do business with 99% of home users and the primary reason I stick to business only. With business, I can enforce policies - only if the bosses listen - and they generally do. I use linux, cisco and other enterprise level firewalls primarily for protection - not the cheap off the shelf dlinks.

I will always try to educate - but if people don't want to learn, then I can't do a damn thing about it. And i'm not going to be held accountable for their actions and mistakes.

You're trying to lecture me, trying to trip me up and I don't understand why... You want to talk credentials? Let's do it... This was supposed to be a simple Q and A discussion.

Rhynes and Lawrie,

From my reading of this thread so far, I think it's time to hit the reset switch on your interaction.

From my POV, it's escalating for no reason.

Just sayin'

Truth? There is ABSOLUTELY NOTHING I can do to safeguard her or anyone if they don't want to listen. It's her computer, I told her not to let her family use it but she did anyhow - and lemme tell you, since that happened, the family hasn't been allowed on it. It's business only.

People not listening is the prime reason I won't do business with 99% of home users and the primary reason I stick to business only. With business, I can enforce policies - only if the bosses listen - and they generally do. I use linux, cisco and other enterprise level firewalls primarily for protection - not the cheap off the shelf dlinks.

I will always try to educate - but if people don't want to learn, then I can't do a damn thing about it. And i'm not going to be held accountable for their actions and mistakes.

You're trying to lecture me, trying to trip me up and I don't understand why... You want to talk credentials? Let's do it... This was supposed to be a simple Q and A discussion.

lol ok now you need to go cool off somewhere.

and by the way.. this is a gaming forum. people of all ages and mentality come here. so if someone states an opinion, they have a right to it. this was in no way an attack on you which you take it out to be simply because i asked you what you did to help her.

LOL n who said i want to talk credentials? did i? wait... lemme go re read everything i typed.

I dont do IT.. the biggest certificate i have states that i "know" how to use ms office.. so why would i wanna compare sizes?

YOU start a topic on web security and then get all jumpy when someone drops a question. makes me wonder why your old site failed :)

so bye bye.. im done here. good luck with your endeavor and you might want to brush up on those people skills

Rhynes and Lawrie,
From my reading of this thread so far, I think it's time to hit the reset switch on your interaction.
From my POV, it's escalating for no reason.
Just sayin'

you're right...

you two need to get your emotions here straight