Keyloggers, Keyloggers

Looking for Keystroke Logging?

The technique and name came from before the era of the graphical user interface; loggers nowadays would expect to capture mouse operations too. Keylogging can be useful to determine sources of errors in computer systems, to study how users interact and access with systems, and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for both law enforcement and law-breaking—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. Keyloggers are widely available on the Internet.

In the future, it is believed that software with secure I/O will be protected from keyloggers. Until then, however, the best strategy is to use common sense and a combination of several methods. It is possible to use software to monitor the connectivity of the keyboard and log the absence as a countermeasure against physical keyloggers. For a PS/2 keyboard, the timeout bit (BIT6 at port 100) has to be monitored.

Once the user's account and credit card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard, thereby reducing the possibility that private data is being recorded. (Someone with access to browser internals and/or memory can often still get to this information; if SSL is not used, network sniffers and proxy tools can easily be used to obtain private information too.) It is important to generate passwords in a fashion that is invisible to keyloggers and screenshot utilities. Using a browser integrated form filler and password generator that does not just pop up a password on the screen is therefore key. Programs that do this can generate and fill passwords without ever using the keyboard or clipboard.

Some of this type of software use "signatures" from a list of all known keyloggers. The PC's legitimate users can then periodically run a scan from this list, and the software looks for the items from the list on the hard-drive. One drawback of this approach is that it only protects from keyloggers on the signature-based list, with the PC remaining vulnerable to other keyloggers.

Some heuristics-based anti-keyloggers have the option to unblock known good software, but this can cause difficulties for inexperienced users.

Source: Wikipedia > Keystroke Logging