Last day, a very close friend called me for a query. Being a tech savvy amongst my family-friends, I often receive these sorts of calls. He said his Facebook was down and saying that it went under maintenance. Well, I was quite certain about this and asked him to wait and confirmed that his Facebook will be up big time. But instead of waiting, he alleged me of stealing his password. I felt like Lol. This was very obvious as one fine day, when he paid a visit to my place, he browsed the web through my PC unintentionally I had a Keylogger installed that really stole (or in a clear sense – logged) his password. I didn’t used that for any negative means, instead, I did informed him the same that moment and he did changed his password. But, the human mind is as always, full of doubts and hence he did suspect me this time round, though in a very jolly manner – coz he certainly knew I wasn’t the culprit! Well, forget me and my friend, but, if this happened to him on a public PC, one, no one would have had bothered to tell him, and, second, his password could have been used for unfair means. And hence, Trouble!

Keylogger is software installed which can be installed on any system and can be used for both positive as well as negative purposes. Though, the negative purposes are way too many than positive ones.  

If software part isn’t enough, Keyloggers can also be hardware based. One such is the one that resides as a firmware inside your BIOS (Basic Input/output system) and then can affect the PC no matter what OS you are using.

Another type is the the one which is connected to the keyboard itself as a circuit board or somewhere on the cable that connects the keyboard to the CPU. These have an advantage that if the hardware presence is not detected, there is no software interference and hence can severely affect anybody.

Keyloggers, both software and hardware, often are equipped with the following functions:

 ·         Residing in a system: Keyloggers can reside in the system with being untouched and un-noticed. Being on a public PC increases the risk as the administrator could be the culprit himself, but being on personals is also not 100% safe – Many Trojans, malwares and infected objects may contain keyloggers and install on the system hence giving the intruder a good time.

·          Programmatically capturing the text, Screen logging, Clipboard logging: The ‘Microsoft Windows’ system allows programs to request the text 'value' in some controls. This means that passwords may also be captured, even if they are hidden as the user types. Moreover, Screen logging can automatically take screenshots and hence provide the intruder/hacker graphical information of the system. And clipboard logging includes data fetching of whatever has been copied on the clipboard

·          Uploading Data: Several keyloggers work remotely, wherein, local software keyloggers are programmed with an added feature to transmit recorded data from the target computer to a monitor at a remote location through either FTP or to an email address or on the internet server.

Keylogger was first coded in 1983, November 17 by an American computer scientist Perry Kivolowitz. Since then many countermeasures have been accepted in order to prevent attacks.

On Personal Fronts:

Firewall/Anti-spyware: Given the fact that you are using a personal system, an update firewall and anti-spyware will keep guard of the system and not let any malware/virus to automatically reside in the system.

Live CD: If system is somehow infected and keylogger is detected, using a Live CD i.e. a bootable disk that resides an OS will definitely help. But, Live CD cannot work with hardware keyloggers.

No more protection is required on the personal front as there is no other mean of the software being installed.

On Public Fronts:

Look out for notification area: As keylogging is significantly detected on Windows’ PCs, users must look out for the notification area. Cyber cafes/other public systems don’t really possess a lot of software. The notification will mostly contain icons only for Antivirus/Anti-spyware/Firewall; Sounds/Volumes; Windows’ Alerts and stuff; Graphics and video; some dictionaries and last like some internet client downloading stuff. If, you find some unknown stuff, just hover the mouse over it, look for its name and try exiting that program, if not able to, then press Ctrl-Alt-Del to enter into Windows Task Manager. Here in the ‘processes’ tab, try finding a process whose name is alike to the program and end that. If the above steps are taken care of most keyloggers won’t affect you.

On-Screen and web based keyboards: Most OSs have an un-built on-screen keyboard. So, if you rarely work on public systems and the work is very confidential, take some pains and work with these. On-screen keyboards provide program-to-program interface leaving you with no tensions! Same goes for web-based – the only thing required is to know a service and googling this will help always!

Traditional methods: If you are not willing to use any of the above. Follow the basic rule. When on public PCs and while typing something confidential – Move your cursor using the mouse while typing and hence keylogger with log the data but in random order!! Some keyloggers can also be fooled by alternating between typing the login credentials and typing characters somewhere else in the focus window!

Another very similar technique utilizes the fact that any selected text portion is replaced by the next key typed. E.g. if the password is "fiction", one could type "f", then some dummy keys "asdfgghj". Then these dummies could be selected with mouse, and next character from the password "i" is typed, which replaces the dummies "asdfgghj ".

Using one-time passwords: If you always keep on changing your passwords, you have to have no worries. Kudos!

Be Aware for hardware: If you are certain about software after the above tips, be sure about the hardware part. Look below around the keyboard for some extra piece of socket, circuit or anything abnormal. Don’t forget to look for the keyboard jacks on the CPU which can possess a device which eventually can be a keylogger!