How to detect keylogger etc
Hello,
In my job, I have to deal with a fairly psychopathic and untrustworthy person who is unfortunately the company's computer security expert, who is also an admitted hacker. I recently installed Slackware to prevent him from spying on my basic activities, deleting my windows and moving my mouse pointer, as he did when I had Windows on my PC. However I now need to make sure he isn't going to do the same with my Slackware installation. Other than reinstalling Slackware periodically, what can I do to detect spyware like a keylogger, or to detect that he has rootkitted commonly used parts of the distro to provide a backdoor etc? BTW I've never considered encrypted a hard drive but now that I'm dealing with this idiot I would be open to that. Thanks. |
If he is deleting your windows and moving your mouse pointer without your consent, he is harrassing you at work and you can report him to his superiors for that. I am slightly amazed that you have not yet done so.
A "company security expert"? Sounds more like a 15 year old. If you do not give him root access to your Slackware computer it will be hard for him to hack into it. If he has physical access to your computer (when you are out of the office) then it will be a lot easier for him to install rootkits and keyloggers. In that case, encrypt your hard drive. You may want to put the unencrypted /boot partition on an external USB stick or else he may find ways around the encryption by adding spyware to the initrd. Eric |
It is difficult if he has physical access to the machine, so yes encrypting the drive would be a very good idea to prevent a keylogger in the first place. I would also use a BIOS or boot password to prevent him from messing things up there, or booting other disks.
If you can't do that, you can use rkhunter, chkrootkit, and clamav to detect rootkits, viruses, malware, etc ... assuming he doesn't mess with them. Personally, I would catch him on video and report him to the authorities, because this is not legal. |
Also install a pad lock on your machine in addition to everything else.
|
Quote:
Quote:
|
I know what you mean, and I might even know what country it is ... but I won't say.
|
Quote:
|
Also, watch out for these things, just in case:
http://en.wikipedia.org/wiki/Hardware_keylogger |
Quote:
Eric |
After reading that wiki page, H_TeXMeX_H suggested, it might be better to take your keyboard and mouse with you.
Edit: Just to be clear, the reason why I say this is that it would be way too easy to disassemble those and install the keylogger on the inside. |
If he was a former hacker (or is one now) it very hard to cover all possibilities if he has physical access. It might be worth it to go over their heads like mentioned before.
If you can't here's a list of what I would do: Encrypt HDD. Put BIOS password, and boot ONLY from HDD. Use strong passwords for all your passwords. Check for hardware keylogger BEFORE booting (will steal all your passwords). Don't use anything wireless, especially keyboard (can be hacked). Have a case with a lock on it (I do). NEVER leave your computer running with you away from it, ALWAYS do a cold shutdown before leaving it out of your sight. Install and use a firewall, rkhunter, chkrootkit, clamav, etc. |
If the guy had remote access software on your Windows machine and kept interfering with your work, then he had created a hostile work environment and you should have started looking for another job. If your response was to switch operating systems and he didn't notice or care, then your company's security expert was an incompetent idiot and you should have started looking for another job.
|
Quote:
|
Quote:
|
Quote:
|
All times are GMT -5. The time now is 02:03 PM. |