What is a keylogger?
Keylogger is a special software or hardware appliance that is able to capture and record users` keystrokes, saving them to the log file (thus the name). In this article we’ll try to cover this topic in more detail, describing only software keyloggers, their types, working principles and areas of implementation.
The working principles of software keyloggers
Keylogger software can use various methods of capturing keystrokes made by the certain user.
Keyboard interception (so called hook)
In the Windows environment, ‘hook’ means interception of the system messages, using Win32Api programming element. The most keyloggers use WH_Keyboard hook as a basis, while WH_JOURNALRECORD hook is used less frequently. The difference consists in that WH_JOURNALRECORD doesn`t depend on Dynamic Link Libraries (DLLs).
Keyboard state polling
A quite simple method that doesn’t require implementing the program in a graphical interface of the system. However, its serious drawback is high resource consumption. This disadvantage leads to the activation of antivirus and antispyware software.
This principle involves implementation of keystroke capturing directly into the keyboard driver.
They penetrate into csrss.exe process and intercept all data during exchange between keystrokes and this very process. In most cases, even when Windows onscreen keyboard is used (which is highly recommended against data theft), the data are intercepted by this type of keylogger.
Use of keyloggers
Our next step is to find out whether use of the keystroke recorder is legal or illegal action in each particular case. Unauthorized installation of a keylogger or other software that includes keystroke logger as a module is any installation without the knowledge or consent of the PC owner (administrator). As a rule, such software products have ability to configure and obtain a “packed” installation executable file that is delivered to the victim`s computer with the help of various illegal schemes (phishing, personalized spam, social engineering). During installation it doesn`t display any messages or create any windows on the screen. That is, the keylogger installation process doesn`t require direct physical access to the user`s computer as well as administrative privilege. Such keyloggers are often constituents of malicious spyware and used to steal confidential information such as logins and passwords, bank card data, etc. Authorized use of a keylogger is use of such software with the knowledge and consent of the PC owner or security administrator. As a rule, authorized monitoring software products require physical access to computer and administrative privilege for configuration and installation that excludes (or at least minimizes) risks of unauthorized use of such programs.
One of the best surveillance programs we have tested, because of its rich functionality, flexibility and easy-to-understand interface. Can be used to monitor home PC, perform parental control and employee monitoring.
Legal software products for computer monitoring
The majority of the modern legal keyloggers are intended for:
- parents (parental control): monitoring online activity of their children and getting notifications in case they make attempts to visit adult sites or launch any of the prohibited programs;
- security team of the company (employee monitoring): monitoring improper PC use, use of workplace computer outside of working hours, control over keystrokes containing commercially sensitive words, disclosure of which could lead to losses;
- private individuals (PC monitoring software): PC usage analysis in case someone else except the owner has access to this device;
- jealous spouse (spouse monitoring): keeping an eye on online actions of the spouse, proving or rejecting any suspicions about “virtual” or real breach of faith;
- different security polices: analysis and investigation of various incidents connected with PC usage.
Other features of modern commercial keyloggers
It should be noted that modern keystroke recording software have much more capabilities than their “classic” counterparts. Nowadays a keylogger is actually a software package that in addition to capturing of keystrokes also enables to monitor almost all users’ activity (visited websites, communication via messengers, installation and launch of programs, creation, change and deletion of files, sending email and many other things). Besides, many keyloggers allow taking screenshots of the screen with a certain periodicity or with a binding to any events. Also, a modern keylogger can record information from the microphone and/or web camera. In addition to the function of information collection, keylogger can also have monitoring functions, namely, restrict access to certain sites and/or programs, respond to a specific keyword typed in the URL bar of the browser or in the messenger window. Thus, software for covert surveillance and access control is more appropriate name for such a complex software product.
Best keyloggers by Keylogger.org team
Our team of experts tested the best keyloggers currently present on the market in order to identify advantages and disadvantages of each one. You can read a short overview of their main features or view a detailed comparison table.Date publication:
Author: Keylogger.Org Team