Am I truly safe from keyloggers?

Have you been on a PC by any chance?

I doubt you have a keylogger. If you want to be safe, download iAntiVirus and run a full scan.

http://www.apple.com/downloads/macosx/networking_security/iantivirus.html

 

Did you use your paypal account on your PC? Did you visit any naughty websites?

 

HTTPS websites are now being compromised at an increasing rate. Therefore a malware payload (including keyloggers) can be downloaded to the PC inside the SSL encryption, which bypasses the anti-virus scanning in most companies. Gradually IT departments are becoming aware of this and enabling the SSL proxy components on their web gateways, but unless your IT can confirm they have done this you cannot trust the work computer.

 

The short answer is, no, you will never be truly safe from keyloggers on any computer.

The long answer is that you're more safe in OS X on your MacBook Pro than on Windows. You should also keep in mind that a keylogger is not the most likely reason your account was hacked. The hackers could have gotten hold of your password via phishing, fooling you into logging in using your password on their own site pretending to be paypal's site. You could've had a weak password that was broken by brute force, although paypal has some defences against that sort of attack, or if you use the same password other places, they could've gotten it from those. If the password ever went over a wireless connection using a weak encryption scheme to a site not using https (paypal itself does) it could have been snooped that way.

 

here we go...typical "blame the pc" response.


the emphasis of his question relies on whether the macbook pro is prone to keylogging.

so can someone answer that, please?

 

Not unless the OP has been installing software from untrusted sources, no.

 

OS X is less prone to keyloggers than Windows, and that's not because it's impossible to make and install keyloggers on OS X. It's simply just done a lot less for reasons that computer people can spend ages arguing about. (smaller user base vs better OS security)

That's good, but e-mails are not the only way you can be fooled to enter your password on an attacker's site. One other way is for a phony seller site to pretend to link to paypal when really it only goes to a phising site, or another more malicious way is to hack a wireless network and poison the dns lookup so that https://www.paypal.com actually goes to the attacker's site. That last one is quite hard to defend against, but I don't think there are known exploits against modern wireless encryption, so you'd be relatively safe if you use that.

 

thanks. i have been interested in this.

without getting too personal, my father installed a keylogger on my moms pclaptop (cybersitter). the only way i found out is that he forgot to close/hide the porgram.

Ive since been super paranoid in regards to my mac, thinking that i will be next.

none of those antivirus programs seem to detect keyloggers anyhow.


so it makes me wonder how secure a mac is.

 

Mac OS X is just as prone as Windows is. The only difference is that Mac OS X requires you type your password in before it will install most malware. Windows does not.

Therefore in order to avoid the problem don't type your password in to every random thing that asks for it. Make sure you know exactly why you are being asked to supply it and what the program is going to be authorised to do.

 

I think this is the more likely thing happening. I highly doubt any key logger has been on your machine. Weak passwords have been an issue for many web sites security. The people using brute force techniques against sites have a way of getting around the issue of too many incorrect attempts at a time. Most sites won't lock the account though (but one of mine does and it locked me out because it was being stupid).

So just make sure to change your password (which you likely already did) and make sure it's strong. You may want to take a look at 1Password, which is a password manager and keeps you from having to type passwords very often and so even if there was a key logger, it wouldn't be able to catch your password after you initially enter it into the software. It also has a feature to check the strength of your password.

Good luck on getting your money back. I've had pretty good luck with PayPal being helpful in this area.

 

Sorry for verging off topic, but I had to post this.

This was the Google ad at the bottom of this page.

 

I suggest getting paypal's 2-factor authentication token (which you can tie into your eBay account as well). That will stop account hi-jacking COLD.