Anti-Keylogging Recommendations?

BeeazleBub writes "A friend asked me about the best programs to detect and remove spyware/logging/monitoring software that might have been placed on her computer by a spouse. Since there are a plethora of good and bad programs out there, I thought I would ask the slashdot crew for their recommendations. What is simple, reliable and most effective? I'm sure some of you have had the same question or circumstance. (No, booting from a Linux CD is not an option for this user)."

Forget that...

Tell her to buy her own computer and keep it secure, and to get a good divorce lawyer... a husband that doesn't trust her is probably projecting his own untrustworthiness onto her.

Format disk

[coldfarnorth]

Format, Reinstall. That wipes software. Splurge and buy a new keyboard if you don't trust it. Do a quick look for suspicious looking hardware. That should handle the worst. Ah, and change the locks to the house. No point going to all the trouble is the Ex-Spouse has access to the machine.

that's the least of her problems

[Stradivarius]

If I had any good recommendations for such tools, I'd give them, but I don't, so I'll try to help in another way. I'll pose some questions that hopefully your friend will be asking herself:

1) Isn't this missing the forest for the trees? If a marriage is so lacking in trust that she thinks her spouse is spying on her, there's a problem. If her spouse actually did install such a thing, there is similarly a problem. This is a much greater problem than the software itself. If she wants to save the marriage, this is the sort of situation where a counselor or similar trusted third party could be very helpful.

2) If the logger or other software is indeed there, what is she worried about him discovering? If she's just (rightfully) angry about the installation of this software, and trying to demonstrate a point by removing it, that's one thing. But if there actually is something she wants to hide, again this is a far bigger problem in the relationship than the software.

Good luck to your friend. This sounds like a tough spot to be in.

Re:Impossible

[caitriona81]

More possible data gathering points:

• Previously compromised accounts (email/chat/google web history)
• Email forwarding settings (yes this is overt, but how many users actually look at their forwarding rules)
• Recoverable "deleted" files on disk
• Browser plugins
• Saved passwords - even if they are "encrypted" any encryption that allows the application to read the password lets someone else do so as well.

Solutions to these additional threats:

• Every time a compromise is suspected, change all passwords from a secure computer immediately.
• Check forwarding rules, particularly to web-based email services.
• Always use SSL/TLS encryption whenever they are available. Learn not to give passwords over unencrypted channels - this won't help you against a keylogger, but it will help you against sniffing.
• Be aware that "deleting" files doesn't really delete them unless you use specialized tools

Further protection against keyloggers.

• Reformat.
• Make your computer as tamper-evident as possible. Buy a UPS so that if the computer reboots, there will be a reason for it. Keep the computer turned on. Secure all accounts on the computer with a password. If it's Windows, encrypt the SAM database with a password that you have to enter at bootup. Remove your own administrator rights, and have a separate administrator account that you only use to install software. Use a BIOS password. Disable booting from anything other than the hard drive. Install physical locks on the case to prevent it from being opened. Epoxy over the screws on the keyboard (after you've bought a new one).
• Use an alternative web browser.
• Be careful about opening links and attachments in email. Learn about phishing, particularly the type of targeted phishing that can be attempted by someone with intimate knowledge of their target. (Don't trust the return address on mails in particular - many of the keyloggers out there get on via a trojan horse that you have to be tricked into running)
• If any evidence of tampering is found, start over.
• Learn about computer security. http://www.cert.org/homeusers/ is one of the best starting places for non-technical users. Even if you don't understand it all, you have a starting place to ask questions.
• Remember, trust is the enemy of security. Look for it. Understand how it makes you vulnerable, and decide if the risks are acceptable or not. This mindset extends all the way from the bare metal up to the human being at the keyboard. You have to start to think that way to really be able to keep a computer secure.

detecting malware ..

[rs232]

Under Windows, there is no sure way of detecting malware once it's already installed, as it takes steps to hide itself.

The only sure way is a clean install or re-imaging from a hidden partition at boot. Something that would be a pain to set up and probably wouldn't even work with the current incarnation of Windows.

Your bet bet is to get your friend to install these Sysinternals ">utilitys and see if they can detect the keylogger by its activity. Monitoring activity at the firewall is also a good place to detect suspicious activity.

What is it about Windows that your friend absolutly needs to use. Are there alternatives out there.

If you absolutly can't survive without Microsoft applications then why not use a version of Linux that comes with CrossOver, this allows Windows applications to run natively on Linux, without the the same level of malware threat. Eg, by clicking on an URL or opening an email attachment.

Re:I'll bet there's a good back story

[Khaed]

I know it's an existing reason. I want to know why:

I'd like to know why "booting from a Linux CD" isn't an option, though.

There's a reason I directly quoted the summary; I recognize THAT it's not an option. Why it's not an option is the question.

Here are some good ones....

[Skylinux]

Since most of the posts are not answering your question at all, here are some programs which can help.

I have been fixing Windows computers for over 10 years and can suggest the following programs from personal experience. There is no guarantee that they will find all keyloggers but they will detect the progs you find by using google.

1) Spybot Search & Destroy (free) http://www.safer-networking.org/
    This is a spyware checker, cleaner. It will also find keyloggers and screen capturing software
2) Antivir (free for personal use) http://www.free-av.com/
    This is an Antivirus / malware program which I have found to kick the shit out of Norton Antivirus (Personal + Corporate) and McAfee.
3) Norton Antivirus 2008 (not free)
    This is another antivirus program, it is not as good as Antivir but it may contain different malware signatures then Antivir.
4) Adaware (free) http://www.lavasoftusa.com/
    Like Spybot but less strict, I don't use it anymore but you should run it anyway.
5) Windows Defender (free) http://www.microsoft.com/athome/security/spyware/software/default.mspx
    This one is made (purchased) by Microsoft and is actually quite good, I can highly recommend it to remove crap from a computer. This one is free and includes an "active shield"

If you run suggestions 1,2,4 and 5 above you can assume that your computer is clean. To be sure format and reload.

As for the rest, follow the advice above and end the relationship....

Re:Cheaters must be monitored.

[Khaed]

This doesn't really conflict with what I said.

"If you have to monitor someone, you don't trust them."

And staying stuck in that relationship isn't healthy. Even the Catholic church allows for divorce in the case of adultery.