Reliable software keylogger detection?

security

I may be dreaming here,

But is there a reliable method for keylogger software detection? I'm primarily a developer but I run a couple servers and the thing that worries me most is a software keylogger on my personal system that does a good job of keeping quiet.

Is there any way to be sure there isn't a software keylogger on my personal system snagging all my RDP passwords?


If you aren't careful about how you trust and authenticate your RDP connections - your passwords and anything else you type is easily snaggable in near real-time over the network any way... so why worry about local keyloggers? ;)

As some have already said, no - there is no reliable way. A rootkit can easily make itself completely undetectable for all eternity without even having to disguise as another processes. Nothing is secure. Stuff is just insecure to varying degrees ^^

One trick could be to wipe the system and install it without being connected to a network. Set up Bitlocker using TPM and have it verify that all system files are unmodified on each boot - and let it deny you booting/decrypting if not (then you'll have to do a controlled wipe again). Still, there are certainly still flaws where a keylogger could be installed without being detected.

All in all, using only passwords aren't nearly good enough for anything requiring a moderate level of security. Two-factor authentication with one-time-use passwords would help, as would smartcard-based authentication or other independent device certificate-based authentication.


Ideally, your servers will be pretty tight - are these corporate servers or personal servers which also are used for web surfing?

In general, I don't believe there is any "one" way to reliably detect any arbitrary keylogger, but these general things may help.

  • Check the Task Manager. If there is any task running that you do not recognise look it up using Google.
  • Use msconfig to determine what is running at start up
  • Ensure your anti-virus software is up-to-date
  • Run a program like Malwarebyte's Anti-Malware, or Spybot Search&Destroy
  • Perform a search for the most recent files stored and check anything which is continually being updated

Related

Is there a etckeeper equivalent for Windows? AKA Windows config revision-control
Monitor all newly spawned processes on a Linux machine
How to monitor glusterfs volumes
Interpreting munin graph and committed memory
Whats "Birth" field in stat command output
Puppet: how to create and manage unix users and groups
Encrypt git repository on server (safe against theft of physical hardware)
Apache AB (ApacheBench) : -no-check-certificate option available?
How can I get Jenkins to execute a script that it pulled from Git?
How to split out Prometheus config files?
Sysadmin in the Developing World: What are the differences between various kinds of power protection?
Is there a MySQL performance benchmark to measure the impact of utf8_unicode_ci versus utf8_general_ci?