[HOWTO] Detect and Remove Keyloggers
It's a fact that many malware infections result in a vulnerability to keystroke logging, which can compromise your privacy and lead to identity theft. A recent news story tells how over TWO MILLION passwords were stolen by keyloggers. Learn more about keyloggers, how they work, and how to defend yourself from this invisible threat...
Keyloggers: What they Are and How to Defend Yourself
A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, "key logger." The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.
A report by Trustwave security researchers revealed that malware known as "Pony" was responsible for the theft of over two million usernames and passwords, many of them for popular sites such as Facebook, Gmail, LinkedIn, Twitter and Yahoo.
Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission. See my related article Should I Install a Keylogger? if you're thinking about using one to spy on someone, as there are some serious ethical and legal concerns.
Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you've been told to type your password into Notepad, then copy & paste it to a web form, that's bad advice.
Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use "hooks" into the operating system's keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.
Detect, Defeat and Defend Against Keyloggers
A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.
A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard's connection to the computer, or replacing the keyboard will solve the problem.
Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user's need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers. (See Is Your Password Strong Enough? for links to password manager software, and tips on creating secure passwords.)
Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.
An antikeylogger program attempts to detect and/or disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers, and look for low-level software "hooks" that indicate the presence of a keystroke grabber. Antikeyloggers and keylogger detectors are more effective against keyloggers than general antivirus programs because the latter often don't identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above.
Anti-Keylogging Software Options
KeyScrambler is an anti-keylogger for Windows that works a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes. Three versions are available, Premium ($45), Pro ($30) and Personal (Free). The free version only protects web browsers. The Pro and Premium versions add protection for other popular software programs.
Zemana AntiLogger is an anti-keylogger that claims to protect every application on your computer, not just your web browser. Like KeyScrambler, it uses keystroke-encryption to scramble every keystroke, and protect everything that you type. It also adds protection from keystroke-stealing malware that attempts to work by grabbing screenshots of what you're typing. Zemana works on Windows XP and higher. A free trial version is available, and the paid version costs $24.46 for a 1-year license.
Keylogger Detector is another program that will detect and remove keyloggers. Instead of relying on signatures, Keylogger Detector uses behavioral analysis to detect the newest, modified or custom-built keyloggers, which are not yet detectable by antivirus software. A free 10-day trial version is available, or you can purchase the program fo $19.95. The paid version includes 2 years of technical support, and free upgrades to all future versions of the product.
Just be aware that your anti-virus program may flag these programs as malware, but you can safely ignore any such "false positive" alarm.
A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to "phone home" with its log file. I have mixed feelings about the usefulness of outbound firewalls. See Do I Need an OUTbound Firewall?. If you decide it's for you, check out my list of Free Firewall Protection software.
Have you been bitten by a keylogger? Do you have something to say about dealing with keyloggers? Post your comment or question.
This article was posted by Bob Rankin on 3 Jul 2017
|For Fun: Buy Bob a Snickers.
[Windows 10 Tip #4] - Cortana: Friend or Foe?
The Top Twenty
Geekly Update - 06 Jul 2017
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [HOWTO] Detect and Remove Keyloggers (Posted: 3 Jul 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved