Q: My colleague says keylogging malware represents a significant security threat. Do you agree, and, if so, how can we minimize this type of threat?
A: I agree with your colleague. Keylogging spyware can be a serious security threat that is difficult to combat and often goes undetected by popular anti-virus programs. While it’s extremely difficult for hackers to penetrate an operating system’s security, an application’s password protection, or a network’s firewall, it’s much easier to capture a computer’s keystrokes. If hackers can gain physical access to your computer, or trick you into installing a keylogger application, they can simply watch what you type until you reveal usernames and passwords, or other sensitive information.
A keylogger is a type of spyware that generally comes in one of two forms—physical devices and software code. In essence, keyloggers are hacking tools that reside on your computer and record your keystrokes at the keyboard level. Once captured, your keystrokes are either saved to a file on your computer, sent to the recipient via email, or published to an obscure website. Hackers then can use this information to identify your passwords, breach your applications and accounts, and perhaps hijack your identity.
Keyloggers are widely available and are sometimes advertised as tools for monitoring your employees’ or children’s computer activities. For example, WebWatcher (webwatchernow.com) offers a keylogging program for $97. In some cases, divorce attorneys provide their clients with keylogging software and instructions, enabling their clients to spy on their spouses.
Some of the first keyloggers were small, cylinder-shaped devices that fit between your computer and keyboard cable. These devices record the users’ keystrokes on the devices’ built-in memory chip. To use this type of device, a hacker needs physical access to your computer (for only a few seconds) to plug in the device. The hacker then can wait a few days and retrieve the device containing the captured keystrokes. Even upon close inspection, physical device keyloggers evade the notice of many computer users. As a result, it’s easy for users to be unaware that their keystrokes are being monitored, recorded, or stolen. Examples of serial and USB-style keylogger devices are pictured below.
Keyloggers can come in other forms as well. For example, you might receive a free USB drive that seems to work perfectly, but you may be unaware that an onboard keylogger program is secretly spying on your keystrokes. Reportedly, some hackers leave perfectly good USB drives containing stealth keylogging software lying around in the hopes that the finder will use the drive and unknowingly reveal his or her login information.
Knowledge of keylogging devices might make you more diligent in examining your computer cables, but this type of prevention might not be good enough. With today’s software-based keyloggers, you unknowingly can install one on your computer by opening a malicious email, browsing an infected webpage or updating a driver from a questionable source. Because keyloggers operate quietly and typically do not harm your computer directly, most users are unaware they are being spied on in this manner. If you are concerned about the threat of keyloggers, here are a few measures for combating this type of threat.
1. Security/virus protection software. This measure should be obvious, but running a current security and anti-virus program is crucial. Further, because many of the free versions of antivirus programs don’t check for keyloggers, it may be prudent to pay for the higher-end version of your security/anti-virus program to ensure maximum protection.
2. Patches and updates. Make sure to install the latest patches and updates to your operating system and applications within the first few days of each month. (The timing is important because research suggests that hackers sometimes exploit vulnerabilities revealed by updates as quickly as within 14 days.)
3. Check for unknown devices. Inspect your computer periodically to make sure that all attached devices are valid. Make sure to check your USB port, SD card slot, and other ports for suspicious devices.
4. Lock your USB ports. Install port protection, such as the free USB Port Locked, to prevent unauthorized access to your computer’s external ports. After installing this type of solution, you will need to enter the correct password (one time only) to authorize each new USB drive you use.
5. Use a virtual keyboard to enter passwords. Some users install and use a virtual keyboard to enter their login and password information. With this type of software, a graphical keyboard is displayed on-screen, and you use your mouse to enter your more sensitive information. These types of mouse-based keystrokes are not typically captured by keyloggers. Many free virtual keyboards are available, such as Virtual Keyboard, pictured below.
6. Install anti-keylogging software. Numerous keylogging prevention programs on the market use a variety of approaches to detect or prevent keylogging. For example, Anti-Keylogger (anti-keyloggers.com) (about $28) and SpyShelter’s Stop-Logger (spyshelter.com) (about $31) both test for keylogging activity and prevent keystroke capture. Other such programs generate random keystrokes between actual keystrokes in an attempt to disguise information that might be captured by keyloggers.