How to make sure your machine isn't software key logged ?

[doobadoo]

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

[1713876966]

1713876966

[1713876966]

1713876966

[1713876966]

1713876966

[1713876966]

1713876966

[Kazu]

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Don't troll. AVs are a joke and if you've got a lot of money in bitcoin wallets its not worth risking it on your own ability to identify keyloggers. Could be a rootkit for all you know in which case you're really screwed.

[bitsalame]

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.

[Kazu]

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.

Dude, windows XP is super legit. You can get full source now. XP > Lunix.

[bitsalame]

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

I thought we had to take off and nuke the whole site from orbit.  Its the only way to be sure.

Considering how valuable are these digital goods, there would be no problem in investing time and money in developing some very nasty 0 ring rootkits.
Even if you scan with an AV a harddrive as slave or from a bootable disk, it still doesn't ensure the cleanness of a drive if it wasn't on a sterile environment... ESPECIALLY if it is running Windows.

Considering the AmiBIOS source leak, accessing ring 0 would be trivial, and a BIOS Rootkit would be impossible to be cleaned up by an AV.
I would normally not worry that much, but with bitcoins a certain level of paranoia is expected.

There is no need of worrying as long as you follow very simple rules:
Ideal:
1) Nuke everything and start from zero.
2) Make a new partition and install Linux
3) Never use root
4) Use that partition only for Bitcoins and never use it for leisure browse anything.

If you are using Windows 7 (if you are still using previous version, you better kill yourself):
1) Nuke everything and start from zero.
2) Create a user with user privileges.
3) Use sandboxie for browsing, even with Chrome. Thinking of it... better sandbox everything. Sandboxie is your internet condom. Cherish it, learn to love it.
4) Use Kaspersky Antivirus. Better something than nothing.

Dude, windows XP is super legit. You can get full source now. XP > Lunix.

Either that is a joke or you are a joke.

[Kaiji]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

[w00t]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

[Kaiji]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?

[bitsalame]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?

No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.

[w00t]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?

No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.

Yes if you have any of those above enabled. I though more of vulnerability in the browser itself.

[CRkfx1]

How do I ensure that my machine does not have a software key logger ? I.e. that a software key logger isn't already on my machine ?

Like others have stated, you can never be absolutely sure you're not infected, unless you're using cold storage and the container has a physical lock and is under constant trusted surveillance, even then it's not truly secure.

In the meantime, I'd recommend using an offline password manager such as http://keepass.info/.

[bitsalame]

Can your computer become infected with a keylogger just by clicking on a compromised website link?

Theoretically yes.

So does that mean it could be done but hackers don't usually use that method?

No. It isn't just theoretically, but very practically exploited that way.
It is heavily exploited in pass-by exploits.
Either with Adobe PDF vulnerabilities, Flash, and especially Java.

Yes if you have any of those above enabled. I though more of vulnerability in the browser itself.

Which are also exploited with 0day exploits, even for Chrome.
There is nothing theoretical about that.
If you want to browse securely use Sandboxie, that's your internet condom.

[jdbtracker]

What about using it in a virtual environment? It is a secure sterile environment with controllable variables, I've read up on it since I have a lot of dangerous programs on my computer, to test them they have to be run in a Virtual Environment for security and monitoring purposes, it could work for the Bitcoin wallet as well.

Does anyone know any drawbacks to this method? because if they are using a hardware Keylogger or maybe it's one of those keyloggers that uses the tilt sensor to decipher keys pressed on a smart phone, it is not going to be very effective.

[bitsalame]

What about using it in a virtual environment? It is a secure sterile environment with controllable variables, I've read up on it since I have a lot of dangerous programs on my computer, to test them they have to be run in a Virtual Environment for security and monitoring purposes, it could work for the Bitcoin wallet as well.

Does anyone know any drawbacks to this method? because if they are using a hardware Keylogger or maybe it's one of those keyloggers that uses the tilt sensor to decipher keys pressed on a smart phone, it is not going to be very effective.

I would propose the inverse, use the virtual environment for browsing and anything network related.
In the real operating system use the client with USER privileges, either you use Windows or Linux.