What is a Keylogger?

A keylogger builds a log of everything typed into a keyboard to be reviewed by a third party. Keyloggers can be used for legitimate purposes to troubleshoot networks, analyze employee productivity, or to assist law enforcement, for example; or they can be used for illegitimate purposes to surreptitiously spy on people for personal gain. A keylogger can be a hardware device or a software program.

The most common hardware keylogger plugs into the computer’s keyboard port, connecting to the keyboard cable. It can look like an extension tail or in other cases a small cylindrical device. This makes it easy to spot, if looked for, but it won’t be detectable by software. Models are priced around the number of keystrokes they can hold, with higher capacities being more expensive. One entry model costs $49 US Dollars (USD) with a capacity of 128,000 keystrokes.



Once installed, the log is retrievable through opening a word processor and entering a password to reveal a hidden keylogger menu. Like all hardware keyloggers, it has the limitation of requiring physical access to the system, but might be used by network administrators or by parents to monitor the family computer.

Another type of hardware keylogger is preinstalled inside the keyboard itself on the circuit board. This device is undetectable barring disassembly of the keyboard, but does require replacing the existing keyboard. A similar keylogging product can be soldered on to the circuit board of any keyboard, but this requires some skill.
Software keyloggers are often installed through malware like Trojans, viruses, spyware or rootkits. These keyloggers can collect keystrokes through a number of methods, depending on design. Some keyloggers work at the kernel level; others use a hook to hijack system processes that manipulate the keylogger; and still others use entirely different means. A keylogger that is installed remotely through malicious means secretly sends its logs to the person who planted the device via an Internet connection.

The danger of a malicious keylogger is that it traps information before it can be encrypted. For example, banking websites provide a secure connection between your computer and the website so that all data is encrypted in transit. However, as you type a username and password, the keylogger is recording those keystrokes, bypassing any and all security measures. Keyloggers not only have the ability to trap usernames and passwords, but credit card numbers, bank account numbers, private passphrases for encrypted files, financial records, email and so on.

Keyloggers are widely available online but are also easy to write, making them a real threat to personal security and an easy tool for the growing problem of identity theft. At this time there is no sure-fire way to protect yourself against all forms of keyloggers, but there are steps you can take to minimize risk.

Install top-notch anti-virus and anti-spyware on your system, preferably programs that help to prevent keyloggers and watch for keylogging activities. This doesn’t guarantee you won’t get a keylogger, but it helps by recognizing and removing known keylogger signatures.

Regularly check the processes running on your system looking for anything that doesn’t belong. In Windows® systems you can use Task Manager to view running processes. Third party applications are also available that will not only show you which processes are running, but will provide a direct link to information online regarding the nature of the process. If you are unfamiliar with running processes, this is a good place to start to familiarize yourself with what you should expect to see in your system, and what you shouldn’t.

A firewall commonly does not provide keylogger protection but can alert you if a program is trying to send information out to the Internet. By stopping this action you can prevent a thief from retrieving a log, and be alerted to the possible presence of a keylogger.

Other methods to ‘confuse’ a keylogger include typing extra letters or numbers when entering secure information, then highlighting the characters that don’t belong and entering a legitimate character to replace them. You can also use a browser with a form-filler function that will keep usernames and passwords securely on your system, and fill them in automatically when you enter a site, without forcing you to use the mouse or keyboard. Additionally, there are programs that scan for keyloggers, but they can detect legitimate processes as well, making it difficult for the average person to make real use of these tools.