Keyloggers: The Most Dangerous Security Risk?
Came across this interesting article Keyloggers: The Most Dangerous Security Risk in Your Enterprise, which basically summarizes the threat keyloggers represent to computer users. Considering that mos...
Forum Discussion
I'm curious how well those anti-keylogger utilities work. I've personally encountered keyloggers that were using a third party browser extension that would disappear when you went to another website, but if you left that website with the ad in the box, it would be slurping what you are doing.
In my experience, most malware comes from some site hacking through the Web browser or extensions. So, instead of trying to use a bunch of utilities, I use a virtual machine for the Web browsing. If I'm worried about an infection, I suspend the VM, mount the disk image and scan it with a utility. If the VM is infected, or I suspect it, I just roll it back to an image from a while back.
I've had a couple times where the VM gets compromised. Just by rolling it back to a previous snapshot takes only a few seconds. Had I been browsing the Web inside my "real" OS, it would have taken a lot longer to completely restore the machine.
On the main OS, I limit the utilities to Malwarebytes (since it can block by IP and MSE. In the VM, I use MSE, but I also use sandboxie to further lock down the Web browser. That way, a browser compromise will be limited in scope, and it will take very sophisticated coding to break out of the sandbox, break into the admin context, then break outside the VM in order to accomplish something useful. Not impossible, but very difficult.
In my experience, most malware comes from some site hacking through the Web browser or extensions. So, instead of trying to use a bunch of utilities, I use a virtual machine for the Web browsing. If I'm worried about an infection, I suspend the VM, mount the disk image and scan it with a utility. If the VM is infected, or I suspect it, I just roll it back to an image from a while back.
I've had a couple times where the VM gets compromised. Just by rolling it back to a previous snapshot takes only a few seconds. Had I been browsing the Web inside my "real" OS, it would have taken a lot longer to completely restore the machine.
On the main OS, I limit the utilities to Malwarebytes (since it can block by IP and MSE. In the VM, I use MSE, but I also use sandboxie to further lock down the Web browser. That way, a browser compromise will be limited in scope, and it will take very sophisticated coding to break out of the sandbox, break into the admin context, then break outside the VM in order to accomplish something useful. Not impossible, but very difficult.
