Kent Borg writes: > On Wed, Nov 21, 2001 at 10:40:11AM -0500, [EMAIL PROTECTED] wrote: > > In the same vein, but a different application, does anyone know what > > the state of the art is for detecting such tampering? In particular, > > when sitting at a PC doing banking, is there any mechanism by which a > > user can know that the PC is not corrupted with such a key logger? > > The last time I checked, there was nothing other than the various > > anti-virus software. > > I can imagine an arms race between the Feds and anti-virus-types, that > is until the anti-virus programs are strong-armed one way or the other > into backing down. I am certain that will happen, either behind the > scenes or by public law. > > I think you are toast if you are sitting at a PC and the Feds ~really~ > want to catch your keystrokes. That is, if the Feds are acting > competently. They might be coy with their good keyloggers to keep > samizdat word of their details from getting out. They might save the > good stuff for important targets.
My concern isn't with the Feds snooping. It is with some criminal who wants banking-type information so as to rob the account, though it would appear that solving the one implies solving the other. > Alternatively, to move to a physical analogy, instead of leaving a > telltale thread on your door and trying to spot intruders that way, > you might instead invest in good locks in the first place. That is, > to use a reasonably secure operating system. At risk of starting an > OS war, a well managed Linux box is going to be pretty secure. > > Or, for a practical example, I am typing this on a Linux notebook that > mostly is obscured behind firewalls. If I keep damn Javascript OFF > and don't launch viruses that might be sent to me, and don't reuse > passwords between here and an unsecure computer, I think they are > going to have a very hard time cracking in without my knowing. But this doesn't really address the question. Certainly you take various precautions. The question is: how can I know if the system is compromised? Paul --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
