General discussion

How do you prevent and defeat keyloggers?

I have a few questions around defeating and preventing keyloggers. First, how can one tell if there is a keylogger in my system (not hardware)? Will antivirus detect them? If a keylogger were active in my system, can virtual/on-screen keyboards prevent keystrokes from being stored? How about copying and pasting passwords from a password program into logins defeat spyware and key logging? My final question is, how do you prevent keyloggers from being installed in the first place? Thank you for your time and advice.

-Submitted by Bob J.

Discussion is locked

Reply to: How do you prevent and defeat keyloggers?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How do you prevent and defeat keyloggers?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -

I use Zemana AntiLogger Premium. It offers warning popups when a program attempts to log keystrokes, and they can be blocked or allowed on a per instance, or permanent basis by ticking the "create rule" box. It maintains a log of blocked and allowed sites, which can be edited. It also warns if an attempt is made to inject code into your system.

Post was last edited on May 12, 2017 11:03 AM PDT

- Collapse -

Thanks for the suggestion. Just curious: has Zemana recorded many instances of key logging attempts in, say, the last year? I haven't noticed any myself, but I might just be lucky.

- Collapse -
Anti-Keylogger Tester (AKLT)

You may have to exclude this test tool in you anti-virus/malware, but it is an industry standard for checking on whether keylogging is possible from various blocking programs. So far, the only anti-keylogger that has past the test with flying colors, is Rapport by IBM. I've tested it on my target computer in my lab, and it passes all test that AKLT can throw at it. There are other anti-keyloggers out there that can pass all but the screen capture, and video shots. For some, that may be good enough.

- Collapse -

I use Rapport and am well satisfied. It was provided by my bank and then works with many other sites.

- Collapse -
How to get Rapport?

Nice txlevi. Who is your bank?
I don't think Rapport is for sale to individuals.

- Collapse -
I see IBM has it for many banks at link.
- Collapse -
Don't necessarily need a bank..

Many institutions support Rapport like Ebay:

You just need a presently supported browser - right now Firefox is under development so Chrome will work for now:

Rapport for Chrome<br>

Hope this helps.

- Collapse -
Keyloggers Can Be Tough

As you pointed out, there are two types: hardware and software. Hardware installation requires someone to have physical access to your computer. Not too much of a big deal at home unless you have strangers running around but at work, well, you're not there 100% of the time. Still, many of these will require some software to transfer the data somewhere. Checking your PC for strange objects in ports is useful so, at work, hiding your box is not always good. Old ones hooked between the PS2 port and the keyboard cable. Now??
Software is more difficult to detect because, at work, your boss can be installing one (legally if it says you don't have privacy in your AUI - mine did). Sometimes, you can tell if the system gets sluggish associated with typing or if the keylogger crashes. If you look at drivers in the device manager, you might find one. Also, they can be detected by system security software. Some enterprise software has detection. (I don't remember if Symantec did).
For some of your other questions, while a screen keyboard (usually a pain in the you-know-what at work) can help, I wouldn't doubt that with the proliferation of tablets (various OS systems) that people have created software to capture those. Sorry, I haven't looked at the dark web lately. For using a password manager, that will usually help but I'd have to research that for each password manager. Generally, even copying/pasting from a text file should work. Of course, not useful if you are logging into your PC at work (active directory) since you need to login to get to a password manager or the file.
To prevent it from being installed: well, if the keylogger is from your boss, they will probably know that it didn't succeed. Usually, good security software can detect this (not something like Norton).
If you are talking about privacy at work, there is usually little you can do because you don't own the PC and, as long as you are there, they make you sign papers when you are hired that tell you there is no expectation of privacy. However, if you are dealing with government protected data, this would be a good topic of discussion with the boss. Ferretkeeper has some good advice. Also, I'd check on your add/remove software list to see if there's anything strange there.

- Collapse -

While I "implied" that some software (like Norton) may not detect keyloggers, I just did some checking. I didn't see anything in Norton, itself, BUT, Norton Power Eraser (NPE) DOES detect keyloggers.
I saw these same questions in a Microsoft forum question but it was interesting that the question implied the poster was using a WORK computer. As I said, I worked in a government office and the Acceptable Use documents that users had to frequently sign (when hired plus at annual review) did have specific mention about keyloggers and no right to privacy as the user does NOT have ownership of the computer and could even be locked out from installing their own software (or using social networking at work). Note: I'm not a lawyer but if you ARE one, you can argue the point. We've been asked to snoop for user wrong-doing periodically, especially when an employee was stealing checks. Oddly, there was one time I came to the defense of a group of employees when a manager wanted his large staff to supply him with all of their passwords. That was against the policy of the government agency.

- Collapse -
Re: Correction

Did a little digging around on Norton and found this!
Norton calls most keylogger programs "SpyWare"! I started down the list to count the different loggers but quit after the first dozen!!

Programs that have the ability to scan systems or monitor activity and relay information to another computer or locations in cyber-space. I'm sure you already knew this!

While we're at it, a lot of people are VERY upset about the amount and type of info Win 10 collects! They'd need to change their underwear several times a day if they #1 knew about it and #2 the AMOUNT of info garnered by ANYTHING Google. I, personally, do not and will not have ANYTHING Google on my computer, that includes Chrome!!!
If a full system scan with Norton does not detect any malware on your computer, you can also run a second-opinion full system Custom scan with with the free version of Malwarebytes Anti-Malware (link is external) as instructed to look for any lower-risk malware that might have been missed by Norton.
I don't care if it's freeware or costs hundreds of dollars per program per computer. "NO ONE PROGRAM IS 100% GUARANTEED TO FIND ANY AND "ALL" BAD NASTIES"!! Even as I type this some "Bad Nasty" creator is diligently at work creating the next bad nasty!!
I am NOT a paid shill for Norton before anyone goes there!! I am a Comcast customer whereby I get Norton Security Suite for free!! Price is right! LOL! May not be the absolute best on the market but definitely not the absolute worst!! I, personally, run the free version of Malwarebytes Anti-Malware weekly which is the same as the paid version except one must manually update it and manually run it.
My wife and daughter love to play games on POGO and a couple of other sites and daughter "LOVES" to listen to music on several sites! Last time I ran Malwarebytes Anti-Malware on the daughters machine (which I don't do religiously) she had 452 PUP's and one malware. Shocked Confused Sad
For those that don't know PUP's are "Potentially" Unwanted Programs that are usually attached in some way to downloads. I am NOT saying that my way is the best all around solution but this is my way of dealing with the problem!! One should have a plan "A" antivirus\ firewall, plus at least one other "B" program and or plan "C"! Like I said before; "NO ONE PROGRAM IS 100% GUARANTEED TO FIND ANY AND "ALL" BAD NASTIES"!!

- Collapse -
That's All Very True

For work, I was doing some of the departments "data security" work and an idea came up that we (government criminal justice systems) should use Google Docs to store data for a new system. I did the research on Google and Google Docs and found that the most helpful documents were their Terms of Service (Terms), their Privacy Policy, their FAQs and their Help. This was just at the time when they moved all of their policies for all of their products under one set of documents. I also found (and you can search on LAPD and Google) that, one of our customers for the system was L.A.P.D. and that at the time they were suing Google because Google didn't reveal they were not compatible with federal government standards for privacy/security in that Google employees do NOT have background checks, required for Criminal Justice Information System (CJIS) rules that require email systems (GMAIL) where everyone has had background checks. I also started looking into HIPAA (medical records) security requirements. More recently, Google has a document out that states you cannot put medical patient data on their systems without a special arrangement called a BAA-PHI (business agreement).
To be fair to Google, this is all laid out in their terms and Privacy Policies and other documents so it is not "hidden" away. Of course, people think these policies are 400+ pages (they are not) and written in legal-ese (not). Since my first foray into this, Google's policies have changed many times but the bottom line is that they do all this and collect data on everyone for use in their primary business: advertising. At one point, you can look this up in their archives), they even went as far to say that they "OWNED" your data and then I guess the copyright lawyers got involved and now they emphasize that they DON'T own your data, but you have to give them complete rights to read, modify, abstract, etc. your data.
I think the issue is also that, if you go to any "free" website, you will see advertising and this is what enables you to access the information on the site for free. But, the ads usually have connections to advertising companies that track your every move.
Try a product called "Ghostery" (although some claim this software is sort of a "tracker" in its own right) and you will see what tracking sites you've been through just to display a single page. You can't escape these and you can't escape Google (
In terms of keyloggers, that is something entirely different. That could be people stealing things like your userid and password. As someone else pointed out, net "nanny" software is technically a keylogger. It all comes down to who is using the information gained from the keylogger and why.

- Collapse -
KeyScrambler Personal

Secured keystroke data in 60+ browsers
Encrypts in real time what you're typing on all websites to protect your privacy/identity from keylogging malware, even on infected computers.
Free for personal use.

- Collapse -
Not long ago...

when I tested KeyScrambler with AKLT, it would pass all but the screen capture and video recording. For me, that is good enough, as MBAM will probably detect the malware doing it eventually. It makes sense, because most of the time, the user ID is the only factor that can be captured using that kind of spying.

- Collapse -
And don't get a recent HP laptop with the keylogger built in
- Collapse -
was a vendor thing

but hp should have looked a bit more closer at what they were installing. I wonder about other brands that is using the same vendor Happy I bet they all are taking a second look at their third party drivers Happy

- Collapse -
Don't buy a computer with pre-installed key logger software.
- Collapse -
For years...

I've been removing PUPs and spyware from OEM computers, They never learn! Uninstalling the cr@pware will fix most of it - running AdwCleaner will usually fix the rest.

- Collapse -
Attempt to answer your questions

Keyloggers are usually classified as "malware", but as already pointed out, companies may install keyloggers to help detect/prevent theft of intellectual property or to verify compliance with computer usage policies. There are also keyloggers installed as part of some "nanny" programs, where parents are allowed to view the online keystrokes of their children to help ensure they are not venturing into dangerous territory or providing restricted information (ID's, Addresses, Phone Numbers, Credit Cards, etc.) to unknown people online.

Whether for "good" or "bad" purposes, keyloggers can be designed to report access on local machines only, or to send reports to remote locations. As with most "malware", unless your particular keylogger has been encountered in the wild and reported to researchers, there is a good chance it could lay dormant and undiscovered for a very long time. Once keyloggers are discovered and "fingerprinted", they can generally be ferreted out by anti-malware products. The best software keyloggers install themselves "silently" (i.e. they don't appear in a list of installed programs). Some, like the recently revealed Conexant Audio Driver in HP laptops, are harder to spot, because not too many people think to look at a computer vendor's pre-installed software as being "malware".

As already discussed by others, there are software programs designed to prevent keylogging. However, you need to understand how "keystrokes" are handled inside your computer to determine whether these solutions are effective. When you hit a key on your keyboard, the electronics in the keyboard generate a "scan code". That "scan code" is then converted by the keyboard driver in your computer to the "key" the software is expecting to see. From the time the "key" is generated by the device driver, to the point where the "key" is consumed by the receiving application, it is vulnerable to interception. The goal of a good anti-keylogging application is to intercept the "key" as soon as possible after translation by the driver, and to scramble (encrypt) it so it travels through the system in a form that would not make any sense to a keylogging application. At some point just prior to being "consumed", the anti-keylogger application needs to unscramble (decrypt) the key so it will make sense when it is delivered to the consuming application. The closer the intervention point (to the device driver on one end, and the consuming application on the other) the more effective the anti-keylogging application will be.

Virtually every operating system implements some sort of keyboard buffering which not only allows users to type as quickly as they can without "losing" keystrokes, but also allows for repetition of a command (e.g. use of the F3 key in MS-DOS to repeat the last command). A proper anti-keylogging application will ensure that this buffer is also maintained in an encrypted state.

You asked whether virtual keyboards and password managers can stop keylogging. The answer is "no". Both these methods are merely using alternate means of delivering a stream of "keys" to the keyboard buffer, so this stream needs to be processed as if the keys were coming from a keyboard.

On a final note, be aware that wireless keyboards provide another method for keys to be monitored. The keystrokes are literally broadcast over the air using bluetooth signals. While bluetooth includes encryption in its implementation, some brands of keyboard do a better job of protecting these wireless transmissions. Search for articles on the dangers of wireless keyboards to learn more.

In terms of the software suggested in this discussion, I have personal experience with the KeyScrambler Personal product. While it's "cool" to watch your keystrokes translated into gibberish, I found that, as a very fast typist, some of the characters I typed were missed. That's not to say it may not be effective - but I ended up uninstalling it because finding the mistakes became more frustrating than the potential benefits.

- Collapse -

I have been using a logger for some 25 years. At present, I use PerfectKeyboard. I use it to automate repetitive keystrokes by recording them and saving them in a Macro. It saves me a lot of time.

- Collapse -
Keyloggers in online banking software

Here in Brazil where I live the "security solution" used by virtually all bank's online banking apps for PC Win installs a "malware" that includes a keylogger, no questions asked, that can cripple a computer and render it almost useless.
And they are extremely hard to get rid of.
I use a highly customized AutoHotKey, autotype solution for automating some repetitive tasks and automatically inserting most of the Portuguese diacritics in my translation work, and for this to work it depends on first access to monitoring keyboard traffic.
It used to work alongside the banking apps until about two years ago, which was apparently when the banking apps included a keylogger, or at least demanded first access rights for their keylogger.
After identifying the underlying program file, to get rid of it I had to open windows in secure mode and first change the name of the file, to subsequently delete it to get rid of it and all related files in it's folder.
Today I only do online banking on Android mobile devices and apps.

- Collapse -

I have a chromebook so wonder if they're susceptible to keylogging since they don't use Windows DOS operating software?

- Collapse -
If I stretch a little, Chromebooks log stuff.

They have to in order to sync web favorites and more to the cloud.

So is Google nefarious with this detail? So far no.

- Collapse -
Popularity of linux..

Like Chromebooks and Android have revealed some malware out there that can do just about anything malware on Windows does - especially if you have found it necessary to use flash with a browser, or java with an application or other.

If your Chromebook works like a LIveCD, and cannot write to the operating system files, then you are almost impervious to 99.999% of the malware out there; but you might find them sleeping in the file file save area of the "hard drive". Also, until you log off or restart, the malware may be able to operate in the CPU, during that session only.

- Collapse -
Not Completely Safe

It isn't completely safe according to some of the articles I read. Google sends updates every 6 months (weeks?) so if they can do updates, so can malware. I read this one article that says that Chromebooks are subject to some things like ransomware.

So, if you can write to the OS files (via update at least), then there are malware attack vectors. Also, phishing affects all computers and devices. Very hard to get rid of that since the weakest link is the user.

- Collapse -

I keep forgetting that using Chromebooks OS is like having a browser for an operating system as well. I don't know how tied to Chrome it is, but anytime you have a browser tied to an operating system, it can probably be cracked. Microsoft and Internet Explorer make a good example.

CNET Forums

Forum Info