11

If the admin is a super user, nothing can prevent them from installing anything on my host, including keystroke logger. Are there any security mechanisms that can protect my account against that?

Tsundoku
  • 127
  • 1
  • 5
Draif Kroneg
  • 263
  • 2
  • 5
  • 12
    It's not clear when you say `on my host`. If it's **your host**, why aren't you the "admin"? Or are you asking about an employer-owned 'host' that you use in an employer's network? – user2338816 Dec 27 '16 at 01:35
  • 2
    This question needs clarifying. What exactly is the context? There are numerous ways around keyloggers (eg. using the mouse for entering passwords) but it depends on what kind of device and host you're referring to. – Simon East Dec 27 '16 at 05:27
  • 1
    You could type cat then use mouse to goto the beginning and type dog, therefore making it dogcat, but the keylogger would see catdog – Kamic Dec 27 '16 at 15:20

3 Answers3

32

No, you can't protect yourself against a privileged user. Any piece of software you can install to protect you could be uninstalled or deactivated by the privileged user

That's why is told that when a computer is compromised and the attacker gets root access (Or is possible that he did) you just don't control that computer anymore

If you don't trust the computer administrator or whoever has access to an administrator account then you shouldn't store any data that you don't want them to access

Mr. E
  • 1,954
  • 9
  • 18
  • To allow some users to manage some software and not some others, you can look at [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). With it, event root can be limited. But it's usually not necessary. – AnthonyB Dec 27 '16 at 07:14
  • At risk of stating the obvious: Entering a password data can also be made into 'storing data', so don't re-use passwords on unsafe environments. – Dennis Jaheruddin Dec 27 '16 at 12:47
  • 2
    @AnthonyB I didn't mentioned it cause AFAIK only root can install/configure SELinux. And even if unprivileged user can change part of its configuration root user could undo it – Mr. E Dec 27 '16 at 12:51
  • @Mr.E Indeed you're right I didn't think about it. – AnthonyB Dec 27 '16 at 13:07
7

By definition the admin is allowed any administrative tasks. That includes (non limitative list):

  • install any software
  • read or write any file (necessary for backups)
  • intercept any network stream or packet (firewalling and logging)
  • execute any program on behalf of any local user (at least on some OS)
  • set and reset passwords

That clearly means that you cannot protect anything on a computer against its admin. So if you cannot trust the admin, you should not use the computer.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
0

1- You can encrypt your files using WinRAR, type a password with the screen keyboard.

2- You can install DeepFreeze to restore the files if the Administrator deleted it.

3- Also, you can install a Virtual Machine with another S.O, setting the password with the screen keyboard to prevent the keylogger also.

He will not have time to find where the password are stored in your computer (I think is your boss).

Juanche
  • 1
  • 1
  • 2
    There are keyloggers that can read a screen keyboard. More commonly, there are keyloggers that record a screen capture whenever they think there might be a password prompt up. – Mark Dec 27 '16 at 21:14
  • 1
    Some keyloggers hook to the proccess that receives keystrokes in the buffer, regardless of being entered through an on-screen keyboard or real keyboard. – Rápli András Dec 28 '16 at 12:54