Forgot your password?
typodupeerror
Privacy Security

Anti-Keylogging Recommendations? 179

Posted by timothy
from the start-thinking-lawyer dept.
BeeazleBub writes "A friend asked me about the best programs to detect and remove spyware/logging/monitoring software that might have been placed on her computer by a spouse. Since there are a plethora of good and bad programs out there, I thought I would ask the slashdot crew for their recommendations. What is simple, reliable and most effective? I'm sure some of you have had the same question or circumstance. (No, booting from a Linux CD is not an option for this user)."
This discussion has been archived. No new comments can be posted.

Anti-Keylogging Recommendations?

Comments Filter:
  • by inTheLoo (1255256) * on Sunday May 18, 2008 @01:51PM (#23454342) Journal

    It's a domestic dispute that no one wants to get into. The obvious solution, to own your computer with free software, is not an option. All that's left is to delve into the cesspool of Winblows "solutions" and other inappropriate technical answers to an environment of broken trust.

  • by astrashe (7452) on Sunday May 18, 2008 @01:52PM (#23454352) Journal
    I'll bet there's a really interesting story behind this.

    Here's the answer. She's trying to solve a human problem with a technical solution. It won't work. If she has to use a suspect windows computer, there's no software that will guarantee it's clean. It can't be done.

    And if you can't trust the person you're married to, your main problems in life aren't computer problems.

  • by Anonymous Coward on Sunday May 18, 2008 @01:53PM (#23454380)
    The only true way to avoid keyloggers is never touch any keys... not very useful! On any computer, now how much control you might exert over it.. as soon as it is out of your sight, or you are asleep, it could in theory be compromised.
  • by Simon (S2) (600188) on Sunday May 18, 2008 @01:54PM (#23454386) Homepage
    I agree. There is no solution. There are hardware keyloggers, software keyloggers, the spouse could log all traffic to/from the machine or take a screenshot every now and then. There is no solution to this. Trust your spouse or grap your computer and lock it somewhere only you have the key to.
  • by MBCook (132727) <foobarsoft@foobarsoft.com> on Sunday May 18, 2008 @02:01PM (#23454446) Homepage

    I agree. My first thought was "don't get involved."

    Even if you think the husband is a spouse-abusing homicidal maniac, don't do this. If there is evidence, turn him into the police. Otherwise stay out.

    She can google it. She can take it somewhere (like Best Buy, Circuit City, etc). I know their terrible, but hey. If they work things out, you are the guy who tried to help her get out of the marriage. That won't ender you to him. If things go farther, how do you think you'll be treated if there was a key-logger and your solution didn't work? If there is no key-logger and she is just reaching and scared and overwhelmed, then playing into that could make things worse (in the harder for them to get together and fix their marriage if possible sense).

    She can use another computer, reinstall Windows, whatever. Don't get in the middle of someone else's fight (unless it is to save their life or some such, in which case, again, call the police). I seriously doubt doing this will make your life easier in any way.

    Tell her to go to a private eye. Talk to a (better) divorce attorney. But tell her you don't want to get involved in this.

  • Divorce. (Score:5, Insightful)

    by The Warlock (701535) on Sunday May 18, 2008 @02:02PM (#23454454)
    Only solution. Either the wife is spying on the guy, in which case she doesn't trust him, or the guy is baselessly convinced that his wife is spying on him, in which case he doesn't trust her. Either way, this relationship is doomed.
  • Divorce (Score:3, Insightful)

    by jps25 (1286898) on Sunday May 18, 2008 @02:05PM (#23454490)
    If trust in a relationship is gone and you have to play hide and seek, there's only one option left. Divorce.
  • No luck (Score:3, Insightful)

    by Peter H.S. (38077) on Sunday May 18, 2008 @02:07PM (#23454506) Homepage
    If booting of a Linux CD isn't an option because it is perceived as "too technical" no other tool can help (even booting from a clean media wouldn't help against physical keyloggers or sniffers).
    A small Asus EEE PC with a encrypted SSD, grub/bios password and hidden away may allow the person to communicate in secret with some measurement of security against non-technical opponents with limited resources, if the person is able to use some kind of SSL proxy so that the data can't be sniffed easily. Tempest attacks or even simple hidden cameras may spoil even that.

    So, get a divorce instead.

    --
    Regards
  • by Idaho (12907) on Sunday May 18, 2008 @02:20PM (#23454592)

    Here's the answer. She's trying to solve a human problem with a technical solution. It won't work. If she has to use a suspect windows computer, there's no software that will guarantee it's clean. It can't be done.


    You are absolutely right, which pretty much ends this discussion right there.

    Normally I'd suggest to do a complete Windows reinstall (assuming you have to run Windows), or install Linux, but you can't trust a Linux machine either, if others have physical access to them (and they know what they're doing).

    In any case this is a completely moot point for the exact reasons you mentioned.

    Assuming the real (non-tech) problem at hand here cannot easily be addressed, I'd suggest maybe buying an Asus EEE PC (since they're not too expensive and relatively easy to carry with you all the time). In addition, buy an USB stick or SD-card, and only store your data on those. They will easily fit in your wallet. But yeah, buying new hardware to work around this problem does not sound like a real solution, to be frank.
  • Impossible (Score:3, Insightful)

    by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Sunday May 18, 2008 @02:31PM (#23454686) Homepage Journal

    There's no way to be 100% certain that nothing's being logged. Possible data gathering points:

    • Software logger in the OS
    • Rootkit
    • Keyboard plugged into a hardware logger
    • Keyboard contains a hardware logger
    • Computer case contains a hardware logger
    • Linksys router is actually running Linux, using tcpdump to log outbound packets or forward them to another computer

    No, there is no software you can run that will tell you if you're being monitored, by virtue of the fact that such software is impossible.

    Have her get a cheap laptop - maybe an Eee PC - and configure OpenVPN to a friendly router. You're a geek, right? If you're serious about her privacy, make it happen.

  • by rwa2 (4391) * on Sunday May 18, 2008 @02:36PM (#23454718) Homepage Journal
    C'mon, this is Slashdot.

    Obviously you just modify your space bar and numlock LED drivers to perform all I/O in morse code.

    Then you type in and display bunch of misleading information to entrap the eavesdropper into doing something silly / stupid / illegal and nab 'em on it.

    As far as still being able to check your email and bank accounts and stuff without compromising your passwords, just set up some kind of password vault that uses biometric authentication or something so you never have to type in your actual login / password on the untrusted machine. You'd have to do the setup for the private key and all on a trusted system of course.
  • A friend.... (Score:4, Insightful)

    by wbren (682133) on Sunday May 18, 2008 @02:53PM (#23454858) Homepage

    A friend asked me about...
    A friend... riiiiiight....
  • by Basje (26968) <bas@bloemsaat.org> on Sunday May 18, 2008 @03:07PM (#23454980) Homepage
    Or maybe he is. For all we know BeeazleBub, the poster, is having an affair with her. A friend indeed.
  • by florescent_beige (608235) on Sunday May 18, 2008 @03:24PM (#23455074) Journal
    Comes to /. for technical advice: good!

    Gets from /. relationship advice: o noes!!!!
  • by NewbieProgrammerMan (558327) on Sunday May 18, 2008 @04:20PM (#23455452)
    Oh, there's a solution: the friend needs to uninstall their spouse.

    Honestly, if you're at the point in a relationship where you're spying on each other, it's time to just throw in the towel and find a partner you can trust.
  • Re:Divorce (Score:3, Insightful)

    by Planesdragon (210349) <slashdot@[ ]tles ... s ['cas' in gap]> on Sunday May 18, 2008 @04:38PM (#23455592) Homepage Journal
    Let me guess: you're single?

    "Trust" means "I trust that I know my partner, and know what they are capable of and what they can be relied upon."

    It does NOT mean "I trust my partner to do X."

    For example, my wife can't trust me to take out the trash, and I can't trust her to change the oil in our car. Does that mean we should get a divorce?

  • by pbhj (607776) on Sunday May 18, 2008 @04:45PM (#23455636) Homepage Journal
    If the problem is being spied on by their spouse then using a computer outside the home sounds the best option.

    I did a website for a women's aid group ("WA"), they wanted information about how to keep it hidden from an abusive partner that the women were in touch with WA. I did a review of what the national centers gave as advice, including details of removing history files and such. In the end I settled for the only method being to use a public computer (eg at a library).

    Someone else can spy on you for sure, but unless your partner works at the City IT center or for the library (or wherever) then it's not going to be your partner spying on you.

    If you _need_ to get out the house and contact someone and your being abused and can't - please call directory enquiries and contact your local Womens' Aid organisation. They can advise you, give you temporary accommodation in a safehouse, help you talk to the police, help you seek mediation; basically empower you to take back control of your situation.
  • by Anonymous Coward on Sunday May 18, 2008 @04:59PM (#23455752)
    Based on what? Misuse of "their" and "farther" instead of "they're" and "further?" Not only do these two mistakes not render the post as difficult to read, compare it with your own unnecessary use of the colon.

    Yeah, I think you're just being a dick, and on a weak basis, at that.
  • by plover (150551) * on Sunday May 18, 2008 @05:19PM (#23455876) Homepage Journal

    Marriage is "til death do you part", not "until we aren't happy anymore."

    Sorry, gotta call utter bullshit on this one.

    Seriously, if you are in an abusive relationship, LEAVE. Leave before it gets worse, leave before it injures or kills you.

    A psychologically abusive relationship is just as bad as a physically abusive one -- perhaps worse, because the victim is led to believe a pack of lies that keeps them from leaving.

    There is no reason to stay married in this situation. If you're worried about the whole "till death do us part" thing, consider that the abuser broke the vows first by failing to love and honor.

  • Re:Divorce (Score:4, Insightful)

    by PachmanP (881352) on Sunday May 18, 2008 @05:34PM (#23456004)
    Divorce is messy and you lose half your stuff. Further more some take the "til death" vows seriously. This leaves open the superior option, Murder.
  • Re:Divorce (Score:3, Insightful)

    by Khaed (544779) on Sunday May 18, 2008 @05:37PM (#23456018)
    There's a huge difference between "she doesn't change the oil" and "I need to monitor every keystroke she makes."

    If you need to monitor everything someone does then you don't trust them.
  • by NewbieProgrammerMan (558327) on Sunday May 18, 2008 @05:52PM (#23456116)

    If you're worried about the whole "till death do us part" thing, consider that the abuser broke the vows first by failing to love and honor.
    What an excellent point. That I haven't seen it stated so clearly until now probably says something unfortunate about the amount of slack given to abusers.
  • by NewbieProgrammerMan (558327) on Sunday May 18, 2008 @05:56PM (#23456142)

    For all we know, this elaborate game of deception and control is foreplay for this couple.
    <tone="snarky, eye-rolling asshole">Yeah, because every time I've seen couples in which one person spies on the other, it was clearly loving foreplay. I'm sure that's by far the top motivation for spyware sales and PI hires.</tone> Give me a break.
  • Re:Forget that... (Score:3, Insightful)

    by budword (680846) on Sunday May 18, 2008 @07:36PM (#23456782)
    Or she wants to IM or Email her lover without him finding out, and her "friend" wants our help to make sure she doesn't get caught. Why do you think the "spouse" would want to spy ? Oh I know, he's just fucking crazy. Hey, lets ask slashdot how we can get away with this. Good plan. Evidently said spouse doesn't read /.
  • by Anonymous Coward on Sunday May 18, 2008 @08:12PM (#23456978)
    Advice like this "leave her to fight it alone" is what keeps way too many of us isolated in bad and even dangerous relationships.

    Who can afford [or has the time, if employed] to talk to a divorce attorney, let alone a "better" one? Why would you even trust an attorney with computer or privacy questions??

    The only general reason to not get involved is if involvement means participating in something illegal. Teaching someone how to check for spyware is nowhere near illegal.

    Fact is, way too many people in society are infected with pathological misconceptions about what relationships should be. We all need help avoiding and escaping situations in which those people react destructively.
  • by Anonymous Coward on Sunday May 18, 2008 @09:38PM (#23457570)
    EPIC fail. bad advise regardless of the OS. if someone is targetting the machine and has access they can install hardware keyloggers or linux/bsd keyloggers and rootkits. This is not an OS issue the only way to fix this is get rid of the machine as unless you are hardware knowledgable you will have no way to tell if there isn't a hidden keylogger in the keyboard or inside the case, and more importantly get rid of the spouse.
  • by geminidomino (614729) * on Monday May 19, 2008 @09:13AM (#23461378) Journal

    Supposedly this program ignores the question of are keyloggers present : it just encodes signals from the keyboard and reconstructs them downstream.
    How would that work? If the keylogger is hooked into the kernel, QFX would have to be as well, probably using the same hooks(essentially, being a keylogger that encodes it's log, then decodes it and re-feeds it into the kernel.

    Might be a way to defeat keylogging if it was implemented in hardware, but in software, I'm dubious.

Whoever dies with the most toys wins.

Working...