Keyloggers

[Skyzoomer]

Is a new fresh install of Windows the only way to insure that a software keylogger has not been installed in a PC?

Then the next question is, if a new dedicated PC is used to ONLY to do financial online stuff like pay credit cards and online banking, then would it be 100% safe from a software keylogger being installed? IOW, no email, Googling or web browsing done on that dedicated PC.

 

[Chiefcrowe]

I wouldn't say that it is the only way but it is one of the best ways if you are really trying to be secure.

You are never 100% safe but if you limit the programs and browser access on your other computer for financials, then that would be much better. One option would be to use a VM for it and then use a firewall to only whitelist certain websites....

Others may have some better ideas but that's what I came up with off the top of my head.

 

[Skyzoomer]

I wouldn't say that it is the only way but it is one of the best ways if you are really trying to be secure.

You are never 100% safe but if you limit the programs and browser access on your other computer for financials, then that would be much better. One option would be to use a VM for it and then use a firewall to only whitelist certain websites....

Others may have some better ideas but that's what I came up with off the top of my head.

Thanks. I have a spare PC that I setup years ago that I'm confident does not have a keylogger installed in it. It's just been sitting in it's box and not used so I'll use it for financial online transactions.

But for future info purposes, if a PC is infected with a keylogger that cannot be detected with anti-virus scans, would setting up a VM on that PC be in danger of getting infected with the keylogger during the VM setup process?

 

[solidsnake1298]

Thanks. I have a spare PC that I setup years ago that I'm confident does not have a keylogger installed in it. It's just been sitting in it's box and not used so I'll use it for financial online transactions.

But for future info purposes, if a PC is infected with a keylogger that cannot be detected with anti-virus scans, would setting up a VM on that PC be in danger of getting infected with the keylogger during the VM setup process?

First, even if the VM doesn't get infected the host PC is infected and anything you type will be logged since the keyboard is connected to the host PC. But, to answer your question, it depends on a couple things. What virtualization/memory isolation features your CPU has. And how sophisticated the keylogger is and/or the exploit used to infect the computer initially, assuming it wasn't installed by someone with physical access to the computer. As long as you keep all the computers and smartphones you use up-to-date, non-interactive vectors are unlikely.

If you are looking for a dedicated and secure machine just for browser based online finance, have you considered a Chrome OS based machine? A cheap Chromebook? Chrome OS has a very tightly controlled secure boot process and OS integrity checking, strong application and per-browser tab sand boxing, auto-updates.

 

[Skyzoomer]

First, even if the VM doesn't get infected the host PC is infected and anything you type will be logged since the keyboard is connected to the host PC. But, to answer your question, it depends on a couple things. What virtualization/memory isolation features your CPU has. And how sophisticated the keylogger is and/or the exploit used to infect the computer initially, assuming it wasn't installed by someone with physical access to the computer. As long as you keep all the computers and smartphones you use up-to-date, non-interactive vectors are unlikely.

If you are looking for a dedicated and secure machine just for browser based online finance, have you considered a Chrome OS based machine? A cheap Chromebook? Chrome OS has a very tightly controlled secure boot process and OS integrity checking, strong application and per-browser tab sand boxing, auto-updates.

Thanks for your reply. I think I need to stick with a windows PC because of time constraints. I need to get a secure computer up and running quickly and I'm familiar with the windows OS.

The spare PC I was going to use will not boot. Guess it went bad sitting and not being used for years. So I'm thinking about buying a $150 or less mini PC. Just to use to connect with financial institutions like online banking, etc.

If anyone has a $150 or less mini PC, I would appreciate suggestions for a decent one on Amazon. Thanks.

 

[WilliamM2]

Why not just set up 2 factor ID login for all your bank and credit cards? No one can login to any of my accounts unless I get a call and approve it.

A seperate PC seems a bit paranoid, and could still be hacked. How do you do "online finacial stuff" without browsing?

 

[solidsnake1298]

Beelink makes mini PCs that are sometimes on sale for under $150.

https://www.amazon.com/dp/B09ZLF6HP6

But you know what else is usually under $150? The majority of small Chromebooks.

If you've never used Chrome OS before, out of the box it is literally just a Chrome browser and nothing else (requires Google account to login). If all you need is a browser, a bare bones, tightly controlled OS like Chrome OS is perfect. You don't need to worry about BIOS updates (automatic) or OS updates (automatic) or browser updates (automatic). What's more secure that an automatically always up-to-date machine with a minimal attack surface?

https://www.amazon.com/Acer-Chromebook-Dual-Core-A4-9120C-Bluetooth/dp/B098JCH27M

 

[Skyzoomer]

Why not just set up 2 factor ID login for all your bank and credit cards? No one can login to any of my accounts unless I get a call and approve it.

A seperate PC seems a bit paranoid, and could still be hacked. How do you do "online finacial stuff" without browsing?

I have setup 2 factor ID for all of my accounts on my normal use desktop PC. But it's keyloggers that anti-virus does not catch that I'm afraid of. An anti-virus scan did find a keylogger in my laptop.

BTW, 2 factor ID is not foolproof. ID thieves have learned how to put call forwarding on phones so a code sent to one's phone can be forwarded to them instead. They learn a website's password via keylogger, then the 2FA is sent to them and they are in. I'm trying to eliminate them getting my passwords via keyloggers.

Financial stuff would be like logging into my bank or credit cards and doing transactions. No browsing. Just a direct link to the website.

I want a PC that is guaranteed not to have a hidden keylogger installed. Hence one only used to log in to financial institutions like banks and credit cards.

 

[Skyzoomer]

Beelink makes mini PCs that are sometimes on sale for under $150.

https://www.amazon.com/dp/B09ZLF6HP6

But you know what else is usually under $150? The majority of small Chromebooks.

If you've never used Chrome OS before, out of the box it is literally just a Chrome browser and nothing else (requires Google account to login). If all you need is a browser, a bare bones, tightly controlled OS like Chrome OS is perfect. You don't need to worry about BIOS updates (automatic) or OS updates (automatic) or browser updates (automatic). What's more secure that an automatically always up-to-date machine with a minimal attack surface?

https://www.amazon.com/Acer-Chromebook-Dual-Core-A4-9120C-Bluetooth/dp/B098JCH27M

Solidsnake,
To follow up on this. I ordered the Beelink mini PC that you linked to. I want to use my 27" monitor and cordless mouse that I use for my tower PC and the Beelink mini PC will work fine for that. Also ordered a USB switch that's made to switch 4 USB ports between 2 computers, for my keyboard, mouse and 10 keypad.

I'm going to be very careful not to visit any website except for my bank and credit card web sites, to not get a keylogger or other virus on that Beelink PC.

Thanks for your helpful links.

 

[compcons]

...BTW, 2 factor ID is not foolproof...

This is 100% accurate.

Also, session tokens from browser and phone apps usually live FOREVER which means password changes don't mean shit.

Your life of convenience means it's convenient for attackers too.

 

[Tech Junky]

@Skyzoomer

Having had an incident with something capturing logins in the past it's easy to catch as alarm bells start going off with the banks and they restrict logins when they see something different. In my case Chase threw up a red flag quickly and forced a username / password change to stop the intrusion. IIRC maybe 1 other FI restricted access as well.

Being overly paranoid though with what you're talking about is a bit overboard though and inconvenient for most. Windows generally sucks for security and the biggest issue is usually the person using the system. If you're vigilant about what you click on you can safely be online w/o any AV installed. Since most AV software does a marginal job anyway it's kind of pointless to even bother with it in the first place as it's a waste of resources and money. I've been running w/o any AV at this point for years and only have that one incident above and it was most likely related to an installer I downloaded for some program to test out.

Your best bet though for keeping things secure at a host level is to use Linux and then stack a VM of Windows inside of it using Virtual Box. Most attacks are aimed at Windows because of it's gaping holes that are easily attacked. There's a reason Windows gets 100 patches a month while Linux gets a couple of kernel updates per month in comparison. With Linux being open source there's much more resources being applied to keeping it secure than a single company. All of the larger companies lend resources to keep it secure because they're using it on critical systems that support things like banking. Linux is used in all of the networking devices as well on the internet if you pull back the OS skins that OEMs apply to their design. Cars use Linux as well to run all of the vital systems.

Linux these days has more of an ease like Windows than it did in the past and shouldn't be a huge learning curve like it once was. Sure, there are some quirks between the two when you start out but, it's a smoother experience in the long term than Windows will ever be. I use it on my server that has multiple functions like being my router / AP / NAS / firewall and some other functions and since implementing it haven't had any attacks that were successful which has been in production now for years directly attached to the internet as the WAN device. Also, being opensource it has the ability to be connected to a VPN for whole network coverage compared to an over priced router off the shelf. Using a Wire Guard based VPN allows for line speed traffic since it dynamically scales with the bandwidth needs by threading the connection on demand.