I am not how much that even that would help since it very much depends on the threat model, adversary capabilities, adversary activities and counter security measures employed. Under some threat models it doesn’t help to have a super secure endpoint if all Tor relays and most servers and others on the internet are only “normal secure” and compromised.
Yes. Hardware beats software.
Keylogging is a trivial task if an attacker reached remote code execution on a target system.
Quote The Invisible Things Lab's blog: Playing with Qubes Networking for Fun and Profit
One application can sniff or inject keystrokes to another one, can take snapshots of the screen occupied by windows belonging to another one, etc.
If you don’t believe me, I suggest you do a simple experiment. Open a terminal window, as normal user, and run xinput list, which is a standard diagnostic program for Xorg (on Fedora you will likely need to install it first: yum install xorg-x11-apps):
$ xinput list
It will show you all the pointer and keyboard devices that your Xorg knows about. Note the ID of the device listed as “AT keyboard” and then run (as normal user!):
$ xinput test id
It should now start displaying the scancodes for all the keys you press on the keyboard. If it doesn’t, it means you used a wrong device ID.
Now, for the best, start another terminal window, and switch to root (e.g. using su, or sudo). Notice how the xinput running as user is able to sniff all your keystrokes, including root password (for su), and then all the keystrokes you enter in your root session. Start some GUI app as root, or as different user, again notice how your xinput can sniff all the keystrokes you enter to this other app!
Quote File tried to open on its own (within Workstation) - #6 by Patrick
Malicious: unlikely. […] malicious activity cannot be noticed in trivial ways. See:
Malware, Computer Viruses, Firmware Trojans and Antivirus ScannersIf you don’t believe that, look videos about Trojan horses etc. Malware is also “just another” commercial product or even open source. Therefore their usage, capabilities etc. are described like in advertising material for other products.
At no point the victim of a torjan horse will trivially notice it. There is zero reason for already memory resident malware to mess with fonts or to open links. Malware which allows to remotely control a victim machine is similar to an SSH / VNC session - just that the victim cannot easily know that an SSH / VNC session is running. Similar as for SSH there is no reason to mess with fonts, there is no reason to mess with fonts by malware.
Except. The attacker wants the victim to notice something. Zersetzung