Do you shop or make purchases online? Do you use online banking or Paypal? What are you doing to protect yourself from keyloggers? Keyloggers are abundant on the internet, so much so that many corporations watch specific IP addresses known to be collection servers for keyloggers.
In essence a key-logger monitors your keyboard events, logs them and sends that log to a server where they look for your user accounts and passwords to banks, games and to access your computer.
Keyloggers are very small applications and hackers go to great efforts to keep them from your awareness. While there are many places you can find best practices for reducing your risk to keyloggers (you can certainly start by reviewing Prevent Email Keyloggers), I want to point out a nice free-for-personal-use version called KeyScrambler by QFX Software.
It should be noted that the free edition only protects you while using Internet Explorer and Firefox.
How it Works
By using their own proprietary keyboard driver they are able to encrypt keystroke events before they get to the software application layers where keyloggers typically reside. The keystrokes are decrypted when they are passed to your browser.
1. Go to QFX Software and download Keyscrambler Personal Edition.
2. Open Keyscrambler from the location where you saved it and press Next to begin the installation. You will be asked if you wish to check for updates (Choose Yes).
3. When you are told “This is the installer for the latest version, please continue.” , click Ok to continue.
4. Click on “I Agree” if you agree to the terms of the license agreement.
5. Select the components to install. If you use Firefox and Internet Explorer, make sure they are both selected. There is also an option for Flock.
6. Choose the path to install, just click Next to use the default.
7. Choose the Start Menu folder if you wish, it is recommended to just click Install.
If you have Firefox, follow these steps. Otherwise continue to step 13.
8. Firefox should open with an add-on for keyscrambler.xpi, click on Install Now.
9. You can choose to restart Firefox.
10. If you restart Firefox before a reboot you will get a message telling you that you will receive errors until you reboot your computer. This is okay.
11. Close Firefox.
12. You should see a message verifying that the Firefox add-in was installed. Just click OK.
13. You should choose if you want to reboot now or later and click on Finish.
Checking If Keyscrambler is Working
Now that you have rebooted after installing KeyScrambler, you should verify that your keystrokes are being encrypted. Also, you should take note of the default behavior of this program in order to be able to identify if it has been tampered with.
Check Internet Explorer:
1) Open Internet Explorer and notice the message at the top of the screen.
2) Start typing inside of Internet Explorer and notice your keys. This is what a keylogger will see. The values in the Encrypted Keystrokes area should never be readable.
1) Open Firefox and notice the message at the top of the screen.
2) Start typing inside of Firefox and notice your keys. This is what a keylogger will see. The values in the Encrypted Keystrokes area should never be readable.
It is important to know the limits of your protection. Like most software applications, there are ways for hackers to get around this application using ring0 exploits. However, the great advantage to this application is that it shows you your encrypted characters as you type. If a hacker does disable this encryption it is obvious that you are no longer protected.
Why should I use it?
While anti-virus and anti-malware software companies do their best, it takes time to identify, counter and update your protection from keyloggers. There are many more keyloggers than there are anti-virus solutions. According to some estimates anti-virus solutions only detect 20-30% of new malware. Hackers spend a significant amount of time trying to steal your data, and by the time updates are applied to your protection software there is a high chance that your information has already been compromised. Why not spend five minutes to make their lives much more difficult to get your banking credentials and credit card numbers?
Now that you are all set enjoy a safer surfing experience.