How To Defeat a Keylogger
It's a fact that many malware infections result in a vulnerability to keystroke logging, which can compromise your privacy and lead to identity theft. Learn more about keyloggers, how they work, and how to defend yourself from this growing threat... |
Keyloggers: What they Are and How to Defend Yourself
A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, "key logger." The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.
Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission.
Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you've been told to type your password into Notepad, then copy & paste it to a web form, that's bad advice.
Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use "hooks" into the operating system's keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.
Detect, Defeat and Defend Against Keyloggers
A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.
A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard's connection to the computer, or replacing the keyboard will solve the problem.
Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user's need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers.
Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.
An antikeylogger program attempts to detect and disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers. Antikeyloggers are more effective against keyloggers than general antivirus programs because the latter often don't identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above. But antikeyloggers block all keyloggers they find. KL-Detector is an example of this breed.
KeyScrambler is an anti-keylogger that workds a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes.
Some antispyware programs detect keyloggers by signature or by behavior; for example, programs which hook into keyboard APIs may be flagged as potential keyloggers. Ad-Aware, Malwarebytes Antimalware, SUPERAntiSpyware, Spybot-Search & Destroy and Windows Defender are examples of general purpose anti-malware apps that also have keylogger detection ability.
A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to "phone home" with its log file.
Do you have something to say about dealing with keyloggers? Post your comment or question below...
|
|
Share this article with friends! |
|
Posted by Bob Rankin on 2 Sep 2011
| Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
 |
Prev Article: Mobile Malware: Are You Exposed? |
The Top Twenty |
Next Article: AVG Internet Security 2012 - Review |
 |
|
Link to this article from your site or blog. Just copy and paste from this box: |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter |
||
|
Copyright © 2005
- Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google. |
||
Article information: AskBobRankin -- How To Defeat a Keylogger (Posted: 2 Sep 2011)
Source: http://askbobrankin.com/how_to_defeat_a_keylogger.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Free
Most recent comments on "How To Defeat a Keylogger"
Posted by:
Faye
02 Sep 2011
Interesting that one of your ads with this article is a Keylogger at webwatchernow.com free trial.
Posted by:
Matthew
02 Sep 2011
To me it's simple to use the mouse with the on-screen keyboard to access my bank, paying bills online, etc. You don't even have to touch the keyboard.
Posted by:
TheRube
02 Sep 2011
Hello Everyone!
I Highly Recommend KeyScrambler and the COMODO Stand-Alone Firewall (which is Terrific in Detecting and Monitoring Outbound traffic from your computer!)
These Products are FREE to use:
www.keyscrambler.com
www.comodo.com
Have a Safe Weekend!
TheRube
Posted by:
TC
03 Sep 2011
Readers with computers still running Windows XP might also be interested in the free software solution, Snoopfree Privacy Shield, available at http://snoopfree.com.
Snoopfree alerts you any time a program on your computer has the ability to log keystrokes or take screenshots. Once alerted, the user is given the ability to allow or block this functionality by the program in question.
Snoopfree also creates rules, "remembering" your selections and enforcing them whenever the suspect program is run in the future. You can edit or delete rules at any time. So, if in doubt, you can block a program, and later unblock it if you find it does not work properly without "keylogging functionality".
I've been using Snoopfree for years, and recommend it to anyone concerned about this risk seeking a free solution.
Posted by:
Doug
03 Sep 2011
I read the users' feedback on the Keyscrambler Personal v2.8.1 on the developer's site. The responses show a very mixed bag from ecstasy to great dissatisfaction, to the point that I won't download it. Bob, I believe you should warn your readers to read such feedback for any software you suggest. you provide a great service.
Posted by:
Ric
03 Sep 2011
If typing a password type a few letters in the password box then click in google search and type a few there then go back to typing more of your password in the password box
Posted by:
Christine Camann
03 Sep 2011
I was the victim of keylogging a few years ago. Someone used a keylogger to break into my bank account via PayPal, and exhausted the account buying on-line gambling chips. I was out of town at the time, so I was only checking my e-mail once a day. Boy was I astonished to see multiple e-mail messages from PayPal confirming multiple transfers of funds that I had not authorized. It took about 6 weeks to get this mess straightened out, and of course I had to close all my bank and credit card accounts and open new ones. I now use a security device whenever I log onto PayPal, but having just read your article I am wondering how much that helps? The device generates a number that I need to enter when I login to my PayPal account, and that number is different each time I login. I use many more and varied passwords for accessing other sites than I used to, but I'm still wondering if I need to increase the security of my on-line activity with some of the software mentioned in your article.
Posted by:
Darcetha
03 Sep 2011
I used Keyscrambler on my Windows Vista computer without any trouble. Have not tried it on a computer with Windows 7, so can not say if there would be any problems.
Keyscrambler is easy to use and it really does encrypt your personal information. I like to shop online and Keyscrambler did the trick. I say, just give it a try and see if it works for you.
Posted by:
david
04 Sep 2011
I was led to believe that using RoboForm, appending a few characters to the generated password and choosing "fill form" nor "fill form & submit" which then allows you to backspace the appended number of characters before submitting would further confuse loggers. Is this correct?
Posted by:
Kenny
07 Sep 2011
I've been using Keyscrambler for several years, over a year on my Win 7 64 bit and have had no problems. Also I use lastpass for my passwords folder, don't usually have to type the pw in.
Posted by:
PeterG
08 Sep 2011
Dear Matthew (comment 2 Sep)
Respected colleague Loe Notemboom says that what you are doing is NOT safe.
Word to the wise.
Posted by:
Cathy Carey
21 Feb 2012
It would be helpful, when recommending specific programs, to indicated if there are any for Macs.