Keyloggers: The Most Dangerous Security Risk?

BTW, I've been using a keyboard encryption app before I ran across the above mentioned article, or even the Malwarebytes(MB) utility. However, I'd suggest to run the MB scan before installing an encryption app. Otherwise, MB may falsely detect it as a possible rootkit, and you will need to make an exception(i.e. select "no"), or MB may uninstall the app inadvertently.

That's correct. You just need to click the "Update" button when prompted.

That just means to update Malwarebytes before you run a scan. That gives Malwarebytes the chance to have the latest information when it runs a scan.

1492 I do not know what this means " Make sure to update the signature files before doing a full scan." The fact that I have no idea what this means indicate that perhaps I should not be messing with a Beta program ? http://www.malwarebytes.org/products/mbar/

Thanks Bob

Thanks for link. I ran it with good results.
After first of year we are getting a small computer that its only job is doing our financial stuff. No other web sites, https sites only.

I'm not tech savy. At one time I had all of our pass words the same, to make it easy to remember, (not any more)

The issue is that not everyone is tech saavy or has the available hardware resources to setup and run VM. I'm certainly not going to run one on my Netbook.

Keystroke encryption apps don't detect or remove keylogger trojans. It's not necessary, as they render them useless. So provide an extra layer of protection, especially with zero day malware until AV software catches up to detect/remove them. A simple solution.

I'm curious how well those anti-keylogger utilities work. I've personally encountered keyloggers that were using a third party browser extension that would disappear when you went to another website, but if you left that website with the ad in the box, it would be slurping what you are doing.

In my experience, most malware comes from some site hacking through the Web browser or extensions. So, instead of trying to use a bunch of utilities, I use a virtual machine for the Web browsing. If I'm worried about an infection, I suspend the VM, mount the disk image and scan it with a utility. If the VM is infected, or I suspect it, I just roll it back to an image from a while back.

I've had a couple times where the VM gets compromised. Just by rolling it back to a previous snapshot takes only a few seconds. Had I been browsing the Web inside my "real" OS, it would have taken a lot longer to completely restore the machine.

On the main OS, I limit the utilities to Malwarebytes (since it can block by IP and MSE. In the VM, I use MSE, but I also use sandboxie to further lock down the Web browser. That way, a browser compromise will be limited in scope, and it will take very sophisticated coding to break out of the sandbox, break into the admin context, then break outside the VM in order to accomplish something useful. Not impossible, but very difficult.