I was speaking of keyloggers installed by malware. Without the users consent.
Here is part of an article written about 18 months ago. Security Fix - Avoid Windows Malware: Bank on a Live CD
.......I'm not the only one recommending commercial online banking customers consider accessing their accounts solely from non-Windows systems. The Financial Services Information Sharing and Analysis Center
(FS-ISAC) - a industry group supported by some of the world's largest banks -- recently issued guidelines
urging businesses to carry out all online banking activities form "a stand-alone, hardened and completely locked down computer system from where regular e-mail and Web browsing is not possible."
In direct response to this series reported and published by Security Fix, the SANS Technology Institute
, a security research and education organization, challenged its students with creating a white paper to determine the most effective methods for small and mid-sized businesses to mitigate the threat from these types of attacks. Their conclusion? While there are multiple layers that of protection that businesses and banks could put in place, the cheapest and most foolproof solution is to use a read-only, bootable operating system, such as Knoppix
, or Ubuntu
. See the SANS report here
Also known as "Live CDs," these are generally free, Linux-based operating systems that one can download and burn to a CD-Rom. The beauty of Live CD distributions is that they can be used to turn a Windows-based PC temporarily into a Linux computer, as Live CDs allow the user to boot into a Linux operating system without installing anything to the hard drive. Programs on a LiveCD are loaded into system memory, and any changes - such as browsing history or other activity -- are compeltely wiped away after the machine is shut down. To return to Windows, simply remove the Live CD from the drive and reboot.
More importantly, malware that is built to steal data from Windows-based systems won't load or work when the user is booting from LiveCD. Put simply: even if the Windows installation on the underlying hard drive is completely corrupted with a keystroke-logging virus or Trojan, that malware can't capture the victim's banking credentials if that user only transmits his or her credentials after booting up into one of these Live CDs.................