Is this spyware scenario possible?

[Marvin Cohen]

I'm running a Windows 2000 computer. Usually when I leave my desk for
a long period, I sign off. Suppose I forget some day, and someone
installs spyware on the computer. Does that mean he can find out what
password I use to log on to Windows 2000?
Also, if subsequently I change my password, would he be able to detect
that as well?
Thanks,
Marvin

[Chuck]

On 7 Oct 2003 13:01:30 -0700, cohenmarvin@hotmail.com (Marvin Cohen)
wrote:

>I'm running a Windows 2000 computer. Usually when I leave my desk for
>a long period, I sign off. Suppose I forget some day, and someone
>installs spyware on the computer. Does that mean he can find out what
>password I use to log on to Windows 2000?
>Also, if subsequently I change my password, would he be able to detect
>that as well?
>Thanks,
>Marvin

If the spyware in question (keylogger in this case) can be installed
under your userid, yes.

If the keylogger in question requires a reboot after install, this
won't be a problem. Except you come back to your desk and find your
computer rebooted. Dohh.

Get to know AdAware, HijackThis, and Spybot S&D. Most keyloggers are
detected by one or all of these.

If you can't trust your coworkers, logoff or lock religiously before
leaving.


Chuck
cacrollthespam@yahoo.com
Spam sucks - PLEASE get rid of the spam before emailing me!

[Runamuk.]

"Marvin Cohen" <cohenmarvin@hotmail.com> wrote in message news:a9b23639.0310071201.7f2e885@posting.google.co m
| I'm running a Windows 2000 computer. Usually when I leave my desk for
| a long period, I sign off. Suppose I forget some day, and someone
| installs spyware on the computer. Does that mean he can find out what
| password I use to log on to Windows 2000?
| Also, if subsequently I change my password, would he be able to detect
| that as well?
| Thanks,
| Marvin

If you set the screensaver to require a password on resume there should not be a problem.

[Vanguard]

You can configure your screen saver to enable password protect. But
obviously your computer is unprotected until the timeout configured for
the screen saver. If you set it for 5 minutes then you get repeatedly
nuisanced with the screen saver and having to reenter your password. If
you set it for 30 minutes then for that long after you leave someone
else can pretend to be you. One solution is to create a shortcut in the
QuickLaunch toolbar in the Windows taskbar or on your Windows desktop to
the .scr file for your screen saver. You double-click the icon and the
screen saver engages immediately. However, note that the password
protect itself might not engage for up to a minute after the screen
saver appears.

If you want to immediately lockup your computer when you leave it but
still want it left powered up and logged under your username (because
you have scheduled tasks to run that only run under your username and
you don't want to use RunAs under an administrator account) or you're
just too lazy to logoff, use the following shortcut:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

You can add it to the QuickLaunch toolbar in the taskbar, as an icon on
the Windows desktop, or as one of the keys for a programmable keyboard.
When ran, it immediately locks up your computer. So just double-click
the icon or hit the programmable key when you leave for lunch, a
meeting, or when you leave work. The trick of using this means to
immediately lockup your computer comes from Microsoft's own KB article #
313884.

Some keyboards have a User or other labeled key which slams the computer
immediately into Standby mode. Mine does (Logitech Navigator) and when
I hit it then my computer cycles down into Standby mode. You can
password protect Standby mode: Start -> Settings -> Power options ->
Advanced tab -> enable "Prompt for password when computer goes off
standby". Then when someone tries to yank your computer out of standby
mode, they have to enter your password at the login prompt.

--

__________________________________________________
Post replies to newsgroup. E-mail not accepted.
__________________________________________________

"Marvin Cohen" <cohenmarvin@hotmail.com> wrote in message
news:a9b23639.0310071201.7f2e885@posting.google.co m...
> I'm running a Windows 2000 computer. Usually when I leave my desk for
> a long period, I sign off. Suppose I forget some day, and someone
> installs spyware on the computer. Does that mean he can find out what
> password I use to log on to Windows 2000?
> Also, if subsequently I change my password, would he be able to detect
> that as well?
> Thanks,
> Marvin

[Jay T. Blocksom]

On 7 Oct 2003 13:01:30 -0700, in <alt.privacy.spyware>,
cohenmarvin@hotmail.com (Marvin Cohen) wrote:
>
> I'm running a Windows 2000 computer. Usually when I leave my desk for
> a long period, I sign off. Suppose I forget some day, and someone
> installs spyware on the computer. Does that mean he can find out what
> password I use to log on to Windows 2000?
[snip]

Yes. If an attacker manages, by *whatever* means, to plant a trojan on your
system, there is no limit to what that trojan *could* do.

> Also, if subsequently I change my password, would he be able to detect
> that as well?
[snip]

One more time:

If an attacker manages, by *whatever* means, to plant a trojan on your
system, there is no limit to what that trojan *could* do.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On 7 Oct 2003 17:55:10 -0500, in <alt.privacy.spyware>, Chuck
<cacrollthespam@yahoo.com> wrote:
>
[snip]
>
> If the spyware in question (keylogger in this case) can be installed
> under your userid, yes.
>
> If the keylogger in question requires a reboot after install, this
> won't be a problem.
[snip]

What makes you think so?

Who says the attacker is not the patient sort?

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On Wed, 08 Oct 2003 02:38:30 GMT, in <alt.privacy.spyware>, "Runamuk."
<not@home.com.au> wrote:
>
[snip]
>
> If you set the screensaver to require a password on resume there should
> not be a problem.
>

Famous last words.

Cracks for the Windows Logon and screensaver passwords have been around for
at least a dog's age. It's not even up to Script Kiddie standards of
"challenging".

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -