Big brother snooping software - how to detect?

[urhuckleberry]

OK, if you have a suspicious SO who you think might be doing some undercover on your computer... recording keystrokes or something similar...is there software to detect that software... "spy vs. spy" crap?

H

[rakuguy]

How to detect a Keylogger

• Check the task list by press ctrl+alt+del in windows. Examine all the tasks running, if you unsure of a task look it up on a search engine.
• Use the system configuration utility to determine which task are loaded at start-up (type "msconfig" in the run box to start).
• Run your antivirus checker, it's possible this will pick up the Keylogger on your system.
• Scan your hard disk for the most recent files stored. Look at the contents of any files continually updating (these might be logs).
• Download a specific keylogger detector program, and see if it detects anything. Do a search for keylogger detection, anti keylogger, anti spyware programs.
• Run Spybot S&D, this program checks for some known keyloggers

[urhuckleberry]

THANKS, Rakuguy!

H

[CyberProf]

Take note: there are lots of keyloggers and other programs that will not be detected - so, that being said, if you are truly paranoid - use deep freeze on your machine after you have verified a clean install. And only surf in a VM environment after an external media boot (i.e. usb that you keep on you). Basically, never use software on the machine, and never leave anything behind.

Yes, a lot of work to set up, but in the end it may pay off - only you can judge your risk and your tolerance for it.

[JohnnyFarangly]

There are also hardware keyloggers that are installed in the keyboard cable.
http://www.amazon.com/KeyLlama-4MB-Value-Hardware-Keylogger/dp/B001DB938A
http://www.keyghost.com/

Some software keyloggers run as 'svchost.exe' or similar common name, and are thus not detectable in the Task Manager

[GneissGuy]

You can put knoppix on a DVD and only do your "bad" stuff from knoppix. It's a "live" linux distribution. You can't save any data, but it's pretty secure. It's not that hard to use linux. You get a web browser and you can use it just like your normal web browser under windows.

There are ways to put a hardware keylogger on your PC that doesn't even use software on your computer at all.

The spyware programs are designed to be hard to detect and eliminate. Because Intel and windows PC's are such horrible insecure pieces of crap, they can usually get away from it. In particular, the new TPM (Trusted Platform Module) that is beginning to be installed on some PC's makes it possible for someone to put something on your computer that is theoretically impossible to detect.

Get your own computer, don't let the SO use it at all. Get paranoid about her "screwing it up." Better to have a laptop with a startup password such that she can't even stick in a CD or thumb drive and boot the PC up with her own software.

By the way, even if she can't boot up your PC, she can remove the hard drive, put it into another computer, and install new software on your hard drive there. You can encrypt the data on the hard drive with software, but unless the hard drive has encryption hardware, she could put a cracked version of the encryption software on it.

And to top it off, if you're running Windows, or even Mac or linux, your OS is insecure and can be hacked over the network.

You can make it difficult, but it's really hard to make it impossible to be cracked. Any security measures you add simply reduces your chances of being cracked.

[Krunkman]

Use all of the above suggestions. Someone who goes and does a little bit of reseach and talking to the right spy guys will be able to defeat most system scanners. Hardware keyboard loggers that attach to the keyboard cable are easy to detect if you look for them. You'll see an extra 'adapter' plugged into the PC where the keyboard cable goes.

If you aren't sure, then get your own laptop and put encryption software on it, like PGP or any of the other packages, so that it requires a password to even boot up. Then even if your SO takes the computer to a specialist they first have to crack the encryption software before then can access it.

The bonus of it is that encyrption software is easily justifiable, since you don't want any "thieves" stealing your stuff.

But if you have to share a computer, I'd go with the self-booting linux idea and check for the hardware keyboard loggers. That would be the safest alternative to getting a separate system.

You could also just get a netbook pc for like $200, and go to any public free wi-fi site and surf for free. Netbooks are pretty small and easy to conceal.

[simplegent]

My general rule of thumb - NEVER EVER use the Hobby Tools at a site your SO might have access to. Just my own personal thought from past experiences. LOL

[Sir Lancelot]

Nothing is absolutely perfect, but ...

1. Buy her a computer of her own as a gift on her Birthday, Mother's Day, Christmas, etc. Gifts don't seem too suspicious.
2. Create a Master Admin account on yours.
3. Allow only the Admin to install new programs (it's an option).
4. Create a separate logon account on your machine for normal use.

Then if you're still feeling paranoid:

5. Put a key logger on your machine.
6. Each time you get on check the key logger to see if anything suspicious has happened since your last use.


SL

[fiero bandit]

Good things to know.Its scary if you really know how deep it can get.I used to be with my head in the sand til a friend had to hack into her brothers email.dam its so easy.thx for the information.Its very helpful.

[Guest110811-2]

https://www.ironkey.com/demo-personal

[Charlie Brown]

Scary..try typing these words or a similar phrase in your search engine:

blackberry eavesdropping

[SneakyCancer]

download a different browser. if she uses IE, then u use Mozilla or Safari or something. And make sure the browser dumps you history, cache, cookies, and passwords. and if you bookmark a site, always change the names to something stupid that wouldnt make them want to see what it is.

[ManOnAMission]

use a linux disto on a usb with password and encryption

[Smerc]

I use ESET SS which includes a firewall and a AV that updates around 6+ times a day. Any firewall will work as long as it has a interactive mode, which means you select what you want to run. The drawback is that some items may look fishy in some way, but their actual needed by your system.

If you're on windows then there are a few remote desktop services that are able to run in the background. I would say you would never need these depending on your situation. You can knock a few out in your control panel>network sharing center. You can configure things from there just allowing no sharing or any access to your network. This may not work if she has a router which needs to detect PCs on the network, since sometimes ISPs change IPs after some redials.

The other users pointed out a lot of good information on programs to protect/detect. One that really comes to mind is HiJackThis. It's a free application which you can download from a freeware site. This can detect a lot of apps and registration files. If you do get it and scan your PC, you can save the log (completed list) or click analyzeThis which tells information about a select item. I wouldn't use the analyzeThis option though.

Some programs may be detected, but may not have any information about them. For that case I would join a PC forum, any PC forum basically and make a post showing your log file. Most of the users can pinPoint any files that look fishy, etc.

I use Firefox and it's not secure without addons. You may have ran into one of those, this site is blocked type scenarios. Well that's the only useful function it has, which is default. I can't comment on any other browser.

Firefox has a save password option which can be obtained through it's appdata folder I think. It my be encrypted though, but it wont stop anyone who wants your shit. The passwords are also visible through Tools:Options:Security:Save Passwords. For this type of thing, there is an addon called noscript and a useful one called AdBlockPro. It's a start, but wont save anyone from getting into that file. Their just for blocking flagged sites or scripts that may run in the background of a website (IE: iframes). You can resort to completely not allowing anything to be saved through firefox.


I basically do all the above and stay pretty clean. The only problem I ever encountered was due to Firefox, which I detected a flagged javascript file.

You can surf on a Virtual Windows Machine, but I would just get it right the first time. Not sure if security is a daily thing or you just need it for certain occasions, but the VM remark that cyber pointed out is a way to go. There is always the proxy option, but their slow and SOME proxies are actually supplied by certain IT companies within the government. I wont go into detail on that, but a lot of people get canned.

Another thing, if you download something from somewhere/someone. Scan the file with virustotal(dot)com. It scans with around 20 or so programs and may flag a fishy item. There is no bulkUpload option so if you're curious about multiple items then place them in a folder and zip/rar it (winzip/winrar, both freeware). The file can't be over 20mb I think. If you scan it that way and it pulls up a alert, then scan them one by one until you find the culprit. Some alerts may be "falseflag", do a google to learn more on that, it doesn't mean their bad.


Yeah it's probably confusing, but thought I would get that out there incase anyone was also browsing and wanted to know.


EDIT: Another thing on USBs. You shouldn't worry about them unless you use it as a constant memory source. Not sure how you can protect that aside from basic computer security. Except allowing an outside source to access the data from it. If you carry it around, you can password lock files with certain apps or you can use a software which autoboots a program on it to password protect it. USB Secure does that, along with what some users above mentioned.