Keyloggers -Clandestine Spying on Your Computer
Article by Rick Leinecker, April 17, 2006

I talked about SpyWare several months ago, and one of the collateral topics was keyloggers. These are programs that watch what you type and then use the information from within the infected system, or forward the information to another location to be analyzed and used.

It doesn't take much effort to realize how dangerous keyloggers are. They can collect your passwords, personal information, financial information, and conversations. You absolutely don't want to fall victim to this kind of system compromise.

Many of the anti-SpyWare programs such as Ad Aware and Spybot remove known keyloggers. But the challenge with relying on those programs to remove all keyloggers is that their publisher must add known keyloggers to the definition file. That means that a new keylogger won't be caught. And worst of all, custom-written keyloggers may only run on a limited number of computers, and therefore never be added to the definition files. If, for example, an employer asks its programming department to write a special program that logs all keyboard activity when employees are at the yahoo web site in order to enforce a company policy, then that software will only be installed within that single company. The custom keylogger won't have a chance to be added to the SpyWare definition files. This is just one example, but there are a wide variety of keyloggers that Ad Aware and Spybot will never catch.

Don't misunderstand, there are many legitimate times when programs need to monitor keyboard activity. One example is when the operating system itself monitors special keyboard combinations such as Ctrl-Alt-Delete and Alt-F4. Another example is when you've set a desktop icon to respond to a hotkey.

You can still manage your risk in spite of the fact that the SpyWare definitions may not contain all of the keyloggers. There is a way to list all programs that are listening to keyboard messages. A clever software developer can write a program that examines the processes that have hooked the keyboard and are watching keyboard events. You can then examine the list in order to determine if there is an unwanted program looking at keyboard events. Once you have determined which if any programs are watching your keyboard, you can uninstall the ones that concern you.

I teach both security classes and programming classes. As such, I created a program that lists any software that is watching keyboard activity. It's free and easy to use. You can get it by going to www.RickLeinecker.com, following the links, and downloading to your computer.

Running the program shows you the programs, but does not remove them. Most programs can be removed by going to Control Panel, selecting Add/Remove Programs, and clicking on the Remove button.

Those are the basics of Keyloggers.