HOWTO: Detect and Defeat Keyloggers
It's a fact that many malware infections result in a vulnerability to keystroke logging, which can compromise your privacy and lead to identity theft. A recent news story tells how over TWO MILLION passwords were stolen by keyloggers. Learn more about keyloggers, how they work, and how to defend yourself from this growing threat...
Keyloggers: What they Are and How to Defend Yourself
A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, "key logger." The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.
A recent report by Trustwave security researchers revealed that malware known as "Pony" was responsible for the theft of over two million usernames and passwords, many of them for popular sites such as Facebook, Gmail, LinkedIn, Twitter and Yahoo.
Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission. See my related article Should I Install a Keylogger? if you're thinking about using one to spy on someone, as there are some serious ethical and legal concerns.
Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you've been told to type your password into Notepad, then copy & paste it to a web form, that's bad advice.
Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use "hooks" into the operating system's keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.
Detect, Defeat and Defend Against Keyloggers
A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.
A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard's connection to the computer, or replacing the keyboard will solve the problem.
Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user's need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers. (See Is Your Password Strong Enough? for links to password manager software, and tips on creating secure passwords.)
Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.
An antikeylogger program attempts to detect and/or disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers, and look for low-level software "hooks" that indicate the presence of a keystroke grabber. Antikeyloggers and keylogger detectors are more effective against keyloggers than general antivirus programs because the latter often don't identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above.
Anti-Keylogging Software Options
KeyScrambler is an anti-keylogger for Windows that works a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes. Three versions are available, Premium ($45), Pro ($30) and Personal (Free). The free version only protects web browsers. The Pro and Premium versions add protection for other popular software programs.
Zemana AntiLogger Free is an anti-keylogger that claims to protect every application on your computer, not just your web browser. Like KeyScrambler, it uses keystroke-encryption to scramble every keystroke, and protect everything that you type. Zemana works on Windows XP, Vista, 7 and 8. A Premium version ($29) adds protection from keystroke-stealing malware that attempts to work by grabbing screenshots of what you're typing.
KL-Detector is one free program that will detect keyloggers, but it doesn't remove them. Although the KL-Detector web page says it's for Windows 2000 and Windows XP, I've seen reports that it also works on Vista and Windows 7.
Just be aware that your anti-virus program may flag these programs as malware, but you can safely ignore any such "false positive" alarm.
Some antispyware programs detect keyloggers by signature or by behavior; for example, programs which hook into keyboard APIs may be flagged as potential keyloggers. Ad-Aware, Malwarebytes Antimalware, SUPERAntiSpyware, Spybot-Search & Destroy and Windows Defender are examples of general purpose anti-malware apps that also have keylogger detection ability.
A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to "phone home" with its log file. I have mixed feelings about the usefulness of outbound firewalls. See Do I Need an OUTbound Firewall?. If you decide it's for you, check out my list of Free Firewall Protection software.
Have you been bitten by a key logger? Do you have something to say about dealing with keyloggers? Post your comment or question.
Posted by Bob Rankin on 19 Dec 2013
For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!
Word Processing on Smartphone or Tablet
The Top Twenty
Get Free TV With Hulu?
Link to this article from your site or blog. Just copy and paste from this box:
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- HOWTO: Detect and Defeat Keyloggers (Posted: 19 Dec 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved