[Blikkentrekker]

“keylogging” is such a moral panic.

If applications can edit arbitrary files on the system it's already game over. I have no idea why people focus so much on “keylogging” as the supposed super important and dangerous thing.

If one run any malware with the full file edit permissions of one's user account at that point in theory the only solution is erase not only the hard drive, but also every other drive on any other system one's user account has access to or at least in sofar those do not have some logging for connexions in some way to see who connected that cannot be edited by the permissions one has on that system. Of course if one has root on one's own system nothing on that system can be trusted any more from that point. The malware could in theory have edited the firmware at that point to hide any checks one could do with a recovery system on a portable drive, but that's all quite theoretical of course, but it's possible in theory.

Keylogging is such a strange thing to focus on in the face of being able to edit arbitrary files owned by the user.

[sys_64738]

Oh I dunno, maybe because there's so few third party needs to log keystrokes from the user. When that need arises then you have to ask why...

[Blikkentrekker]

It doesn't matter and it's still a theatre. Those malicious applications can do what they want regardless by editing arbitrary files and obtain the same end.

The supposed threads of malicious applications keylogging and stealing your website passwords to worry about is rather strange when such an application can edit the files on your system such that you're starting a modified version of a web browser they injected with whatever code they want to do the same. In fact, this is probably easier to do than try to write some kind of a.i. that filters what it thinks are “password keypresses” opposed to altering the code of the web browser such that it simply sends whatever is being put into a field marked as “password” on a website.

It's a moral panic boogeyman that has no actual implications for actual real life security. Like quite a bit of “security” talk these days. Much of it comes down to the “door in your room” analogy where “security experts” talk about putting a big door in the middle of one's living room with an impenetrable lock on the idea of kindly asking criminals to only go through that door to steal things. In reality they'll just walk around it, and now one has an inconvenient door in the middle of one's living room.