LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-15-2010, 11:59 AM   #1
Linux Flyer
LQ Newbie
 
Registered: Jan 2010
Location: North West UK
Distribution: Ubuntu
Posts: 2

Rep: Reputation: 0
Linux & keyloggers


I do my banking on line, and am concerned about security. I have been using 'Ubuntu' for about a year, now, with no problems. But I worry about keyloggers! Should I bee concerned?
Thanks in anticipation.... LF.
 
Old 01-15-2010, 12:11 PM   #2
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Software keyloggers do exist for linux, like this one. You should be able to look through your processes (ps aux) and see if anything is running. And of course, hardware keyloggers work on any OS. There's been cases of people checking into a hotel and installing a hardware keylogger between the keyboard and computer (looks like a little usb to ps2 converter) in the business center. A few weeks later they check in again to collect it.

For the ultra paranoid, you can do things like type your password with extra characters like pa11s2s333w4or5555 and then go back and delete the extra characters. The keyloggers will pick up all the characters you typed, but won't know which characters you deleted.
 
1 members found this post helpful.
Old 01-15-2010, 12:13 PM   #3
Mr-Bisquit
Member
 
Registered: Feb 2009
Distribution: FreeBSD, OpenBSD, NetBSD, Debian, Fedora
Posts: 770
Blog Entries: 52

Rep: Reputation: 68
If the keylogger is a physical device, then worry.
If it is software be sure to have these ready:
Enforce your SELinux policy, close all ports except what you connect to the networks with.
Browse the web with all security warnings enabled, konqueror on ask for all, firefox with flashblock and noscript, block images unless needed.
Remove the users from sudo/root/wheel. This will allow a console only login for root.
Make all disks rw only by a single owner.
Disable remote logins.
 
Old 01-15-2010, 12:16 PM   #4
Dave_Devnull
Member
 
Registered: May 2009
Posts: 142

Rep: Reputation: 24
Quote:
Originally Posted by pljvaldez View Post
....
For the ultra paranoid, you can do things like type your password with extra characters like pa11s2s333w4or5555 and then go back and delete the extra characters. The keyloggers will pick up all the characters you typed, but won't know which characters you deleted.
The keyloggers I've seen have been able to offer either the raw keystrokes or reconstructed text, so don't place to my trust in that.
 
Old 01-15-2010, 01:52 PM   #5
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
lol ultra-paranoid can also use on-screen keyboard or use mouse with context menus to select and delete characters DDDD
/me imagines that
 
Old 01-15-2010, 02:17 PM   #6
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,245

Rep: Reputation: 121Reputation: 121
Linux isn't invulnerable to malware for the home user, but unless you deliberately do something stupid, Linux pretty much has you covered. It's when you start opening ports on the internet that you start becoming vulnerable. You are running a firewall, right? It can be either a hardware firewall (be sure you change the password!) or a software firewall.

If you're the typical home user (browser and email) then you shouldn't run into a problem. To gain some extra measure of assurance, install chkrootkit and rkhunter and run them periodically.
 
Old 01-15-2010, 02:32 PM   #7
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Quote:
Originally Posted by Web31337 View Post
lol ultra-paranoid can also use on-screen keyboard or use mouse with context menus to select and delete characters DDDD
/me imagines that
Some keyloggers save this info as well as take screenshots and do other things for keystroke capture.
 
Old 01-15-2010, 02:57 PM   #8
Dave_Devnull
Member
 
Registered: May 2009
Posts: 142

Rep: Reputation: 24
Quote:
Originally Posted by Quakeboy02 View Post
Linux isn't invulnerable to malware for the home user, but unless you deliberately do something stupid, Linux pretty much has you covered. It's when you start opening ports on the internet that you start becoming vulnerable.
By default Ubuntu ships with no IPtables rules in place, i.e. Fully Open on every port. Naturally most people have some form of hardware dsl/cable modem-come-router-come-firewall, but don't overlook this.

Sure, file system permissions and a lack of listening services is a big plus, but Ubuntu is not particularly secure as installed.
 
1 members found this post helpful.
Old 01-15-2010, 04:12 PM   #9
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Usually you can spot them if you know what to look for, but if there's a rootkit (which there could very well be), it's much much harder.

I recommend you regularly run rkhunter and chkrootkit, and if you want clamav too (optional).

May want to check this thread too:
http://www.linuxquestions.org/questi...ight=keylogger
 
Old 01-15-2010, 10:41 PM   #10
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,143

Rep: Reputation: 322Reputation: 322Reputation: 322Reputation: 322
Quote:
Originally Posted by Dave_Devnull View Post
By default Ubuntu ships with no IPtables rules in place, i.e. Fully Open on every port. Naturally most people have some form of hardware dsl/cable modem-come-router-come-firewall, but don't overlook this.

Sure, file system permissions and a lack of listening services is a big plus, but Ubuntu is not particularly secure as installed.
Well, a port is only open if there's a service listening on it, and Ubuntu doesn't start up that many services by default (I don't think that SSH is even listening by default unless the "OpenSSH server" package group is selected in the installer). The point being that while Ubuntu may not be set up to be particularly secure, it's not set up in an insecure fashion either. The problems often come when users start installing lots of extra stuff that might have vulnerabilities.
 
Old 01-16-2010, 03:53 AM   #11
Dave_Devnull
Member
 
Registered: May 2009
Posts: 142

Rep: Reputation: 24
Quote:
Originally Posted by btmiller View Post
Well, a port is only open if there's a service listening on it, and Ubuntu doesn't start up that many services by default (I don't think that SSH is even listening by default unless the "OpenSSH server" package group is selected in the installer).
The port remains open, there is just no service listening on it. That does not really mean the port is closed. A newcomer to Ubuntu can quickly and blindly install many things, such as openssh, samba and a plethora of services that will happily allow the world in because of this default 'everything is allowed' firewall policy.

Quote:
Originally Posted by btmiller View Post
The point being that while Ubuntu may not be set up to be particularly secure, it's not set up in an insecure fashion either. The problems often come when users start installing lots of extra stuff that might have vulnerabilities.
I could not agree more! However, I still feel that it is far more secure out of the box than Windows, and has much better accounting going on.
 
Old 01-16-2010, 03:55 AM   #12
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
Ubuntu and Linux is as secure as the user intends it to be.

If you change up the rules, you will be more secure.

But Ubuntu purposefully left it up to the user to decide.

Personally, though, I love my Ubuntu.
 
1 members found this post helpful.
Old 01-16-2010, 04:05 AM   #13
Dave_Devnull
Member
 
Registered: May 2009
Posts: 142

Rep: Reputation: 24
Quote:
Originally Posted by leopard View Post
Ubuntu and Linux is as secure as the user intends it to be.
That's pretty much true of most operating systems. You can make Windows really secure in one easy step - don't connect it to a live network :-)
Quote:
Originally Posted by leopard View Post
Personally, though, I love my Ubuntu.
Me too. I applaud Canonical for what they have done with Ubuntu. It has made Linux very accessible and interesting to people who may have previously tried it and been put off. It pretty much rocks :-)
 
1 members found this post helpful.
Old 01-16-2010, 06:19 AM   #14
Linux Flyer
LQ Newbie
 
Registered: Jan 2010
Location: North West UK
Distribution: Ubuntu
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for all the suggestions & advice! rkhunter and chkrootkit are to be installed.

I'm enjoying a vertical learning curve, having spent 4 days over the holiday trying to recover my system. I received a 'out of disk space' warning, which prevented the GUI from working. I now know a lot more about BASH.... The problem was caused by 'simple back up' archiving everything on my internal hard drive, not the external one as requested. I still need to figure out why it is ignoring what I'm asking it to do.
LF.
 
Old 08-20-2013, 04:02 AM   #15
quickercarter
LQ Newbie
 
Registered: Aug 2013
Posts: 2

Rep: Reputation: Disabled
Quote:
Originally Posted by pljvaldez View Post
Software Myjad keyloggers do exist for linux, like this one. You should be able to look through your processes (ps aux) and see if anything is running. And of course, hardware keyloggers work on any OS. There's been cases of people checking into a hotel and installing a hardware keylogger between the keyboard and computer (looks like a little usb to ps2 converter) in the business center. A few weeks later they check in again to collect it.

For the ultra paranoid, you can do things like type your password with extra characters like pa11s2s333w4or5555 and then go back and delete the extra characters. The keyloggers will pick up all the characters you typed, but won't know which characters you deleted.
A keylogger, also known as keystroke logging, is a program installed on your computer unbeknownst to you that logs all key strokes typed into your computer which is then viewed.
Myjad Keyloggers are also capable of taking screen captures.

Last edited by quickercarter; 08-28-2013 at 05:58 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
su, sudo and keyloggers 10110111 Linux - Security 1 10-17-2008 02:35 AM
[SOLVED] Linux Keyloggers -- How to defend ? MBA Whore Linux - Security 29 11-21-2006 07:31 PM
Keyloggers installed on all new laptops! DaBlade General 11 10-06-2005 03:06 PM
spyware, keyloggers and wine mifan Linux - Software 6 08-19-2005 08:48 AM
Keyloggers and spywares crazy diamond General 4 10-07-2004 12:03 PM


All times are GMT -5. The time now is 06:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration