How To Kill Computer Keyloggers

Computer infections go by many names: viruses, Trojan horses, malware. But there is a particular class of infections that is not only malicious but nearly invisible in nature.

Keyloggers are virus-like programs that capture everything you type on your computer. Because they sit between your applications and the software than drives your keyboard, they are difficult to detect and harder to remove. They are often invited by viruses that have already infected your computer. There are even hardware keyloggers that can be secretly installed between the keyboard cable and your computer.

Keyloggers are seen in conjunction with rootkits, software designed to capture control of your computer. Anti-rootkit tools can help keep keyloggers at bay. Although these tools are not yet part of standard security suites, in the future I anticipate we’ll see more commercial protections against keyloggers and rootkits.

In the meantime, how do you protect yourself? The usual recommendations apply: run a strong security program, avoid clicking on links, and make sure all of your software is up to date. It’s far easier to avoid keyloggers and rootkits than it is to remove them.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Comments

  1. Albatross says:

    However, what to do if you HAVE a keylogger? Or even if you’re not sure. Anytime you use a public kiosk computer, there’s a strong likelihood that a keylogger is on the system. Using such a system would expose your usernames and passwords, without regard for HTTPS secure connections, because the information is being gathered directly from your keyboard.

    In such a case, consider using an on-screen keyboard utility. These tools display a keyboard on your screen, which you can manipulate with mouse clicks, bypassing the keyboard.

    These introduce their own risks, making shoulder-surfing a lot more likely, so you will have to weigh the risks against your environment.

    Another tactic? Cut and paste letters displayed in onscreen text into the username and password fields. This is cumbersome, but just as effective as an on-screen keyboard utility.

    The best tactic of course is to never use an untrusted computer or kiosk. But if that’s not possible for some reason, then it is possible to bypass the keyboard.

  2. Thanks for your remarks. I recommend to my clients that they avoid using public computers if at all possible. You never know what may be on them, including keyloggers. Onscreen keyboard utilities and the copy-and-paste trick work but most people, as you mentioned, find it too cumbersome. Honestly I think passwords in general may eventually go the way of the dinosaurs in favor of one-time password schemes. Certainly it would be safer for the end user. Password authentication as it exists now is too easy to circumvent.

Speak Your Mind

*