New Targets

How to Avoid Unwanted Keyloggers

By Mary O. Foley

By now, you’re using your personal computer for everything from photo sharing to shopping to paying bills. The Internet makes it easy to buy an antique on eBay, or transmit a home-equity loan application through cyberspace.

But beware. Every keystroke you type on your computer now -- from credit card account numbers to your Social Security number -- can be tracked by cyber stalkers using keylogger programs.

Keyloggers are a type of spyware that can be used legitimately by parents to watch the activity of their children online. But these tools are being used more and more for illegitimate purposes. Keyloggers can be installed on your computer either manually by a stalker or automatically by a virus, worm or Trojan. They can be used to capture your account numbers and passwords as you type, giving perpetrators enough information to drain your bank accounts and set up credit cards in your name.

Just ask David Redekop, co-founder of Nerds on Site, a computer troubleshooting firm that services many home-based clients. “I have a client who had a Pay Pal account, and the bank account it was tied to, completely drained,” recalls Redekop of Ontario, Canada. He says she lost $4,000 U.S. because of a keylogger program.

Routing out keyloggers
Keyloggers can attach themselves to your computer in several ways. They can be installed manually, but they are more likely to arrive in the form of a virus, worm or Trojan. All of these types of malware -- malicious software -- can attack your computer via email or a file-sharing system, such as a music downloading site. Visiting an insecure website or downloading apparently legitimate software can also put your computer at risk.

Once a keylogger program is embedded in your computer, it’s hard to identify that it’s there. “Keyloggers are difficult to detect, since their very goal is to steal data without being discovered,” notes Marcus Jakobsson, associate professor at the Indiana University School of Informatics and associate director of IU’s Center for Cybersecurity Research. “How do you know if you have one? You cannot.”

Redekop notes that sometimes a computer infected by a keylogger "will start to act unstable, but, by the time that happens, it’s usually too late.” Fortunately, there are preventative measures you can take to search and destroy keyloggers or keep them at bay:

1. Install anti-spyware programs
The good news is that software makers have begun targeting keyloggers with new detection tools that uncover and destroy these and other forms of spyware from your computers. These products can range from $30-50 and up. Good anti-spyware will protect your computer against known viruses, worms, and Trojans of all types.

2. Change to limited-user mode
Assuming you have the Windows XP operating system on your computer and not the brand-new Vista, your computer’s default setting probably is set to “administrator” mode. This means that nearly anyone can install something on your computer by sending it surreptitiously.

Changing the setting to “limited user” mode for everyday tasks will significantly protect your computer from keyloggers. To do this, Redekop says to take the following steps:

1. From “Start,” choose “Control Panel”
2. Double-click on “User Accounts”
3. Select “Create a New Account”
4. Name the new account and choose “Next”
5. Choose “Limited” when asked the account type, then click on “Create Account”

Of course, your computer will still have an “administrator” account. Use it when you need to install something, but then be sure to switch back to “limited” at other times. “Make that your habit, and you are much safer,” agrees Indiana University’s Jakobsson.

3. Just say no to “freeware”  
Since keyloggers can easily attach themselves to free software offered over the Internet, including free screensavers or Internet accelerators, resist the temptation to install these on your computer. “Only install software from recognized vendors,” advises Jakobsson.

4. Consider changing web browsers  
Microsoft’s Internet Explorer is far and away the most widely used Web browser and that means most of the malware being developed today is meant to attack computers using it, Redekop says. One way to make your Internet surfing a safer experience is to switch browsers. There are an assortment of web browsers free for the download, including AOL's Netscape, Apple's Safari, and Opera Software's Opera browser. Mozilla’s Firefox, Redekop says, “was developed to be more security-conscious,” and much of the existing malware -- including keyloggers -- is not designed to use Firefox as a conduit.

By taking these steps, you can fight fire with fire and use technology to evade the very perpetrators who stalk you by installing keyloggers on your computer.