Danny Sauer wrote:

>> Key loggers cannot run before the log in because the OS is protected,
>> and very few services are actually started until the user types in his
>> password.
> 
> It's just the choice of one registry key v/s another as to whether or
> not a daemon starts before login or after login (on Windows).  Anyone
> competent enough to develop a keylogger will certainly know the
> difference. :)

I'm not a security expert (and I don't know exactly what keys you're
talking about), but I think the difference between the two keys is that the
user has write rights for his own, and needs admin privileges for the
other. Which a non-admin user shouldn't have (but often has).

> BTW, this is one more plug for the iButtons - no keyboard to sniff. ;) 

So how do they input the password? Doesn't it go through a HID interface --
just like a USB keyboard or so? Or do they need a custom service at the
computer that reads the iButton?

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist