In Valid Logic

Endlessly expanding technology

A hard lesson learned

The other day, I mentioned that I'd decided to do a fresh install of Vista RC2 to give it a try.  Part of the reason for deciding to try Vista was because last week I had a bit of an encounter that prompted me to need a complete reinstall.

About two months ago, one of my friends got "keyloggered", where he found that a keylogger had made its way onto his system, unbeknownst to him, and had been logging all his keypresses for nearly a month.

On Thursday of last week, I managed get keylogged as well.  Though as a small bit of luck, I had recently installed Windows Defender to give it a try and it caught it right away.  The keylogger I got was the Ardamax Keylogger.  Defender caught it right away and removed it, but everytime I rebooted, it would redetect it.  I did a full scan with Defender, but it didn't find anything.  I had downloaded some spyware tools, but none of them found everything.  I went over everything in HijackThis, but couldn't find it.  Most likely, it had embedded itself in something.  And, lucky me, my most recent backup of my system was over a month old.

So the only logical solution was to reformat and reinstall... completely fresh.  I'd decided to give Vista RC2 (and Office 2003 B2TR) a honest try this time.  I took out my problematic Creative sound card and I'm just using the onboard sound support (more on that later).

The good thing though, was that I detected it quickly and got rid of it promptly.  If it even managed to send them any of its logs, I know I only typed in two passwords while it was on, both of which have been changed and were only used on non-trivial things (ie, email, IM).

As a result of all this, I've learned some important lessons:

  • Everyone is susceptible.  When Jayson got a keylogger, I was surprised.  He is a developer.  Developers should be competent enough to avoid them.  Wrong.  Developers and other tech savvy people have a false sense of security.  It can cost you big.
  • Previously, I used to run without ongoing spyware and antivirus protection.  I'd scan suspicious files before I ran anything, but didn't have continuous checking before I didn't want any performance drain.  Forget it.  I'd rather have a small performance hit than face identity theft.
  • And as a result of the lessons, taking some actions:

    • Running spyware/antivirus protection with continuous checking.  Since using Vista right now, somewhat limited in options.  For now, using Windows Defender and OneCare.
    • More aggressive maintenance.  This includes nightly defrags (currently using PerfectDisk) and nightly incremental backups (using Acronis TrueImage).  I will likely do a full backup once a week, and keep the backups for 2 weeks to 30 days, so I have good range to fall back on.  Also, will likely FTP the images to another box which has a RAID1 array on it, to protect against anything that might get on the system and corrupt the images.
    • Also, since I've found whenever these things come up, someone always says "just use Apple, just use Linux".  That is not a solution, that is simply someone else with their own false sense of security.  Spyware attacks Windows because the majority of people use Windows.  Using any operating system without spyware and antivirus protection, and going around saying "I'm safe... I'm safe" is simply an open invitation.  A false sense of security is probably one of the things scammers like most.

Tuesday, October 17, 2006

blog comments powered by Disqus