Keep yourself top secret! How to defeat spyware (Part 2)
David Coursey,
Executive Editor, AnchorDesk
Friday, January 4, 2002
There's no way of knowing how many people are using them, but it must be a bunch. Companies use them, the government uses them, and suspicious spouses use them.
I'm talking about keystroke loggers--both software and hardware. Either way, they compile a record of everything you type and then make it available, sometimes over e-mail or a Web site, to that special someone who is snooping on you. There are hundreds of these spyware products available. Some, I think, are free. Those that aren't free are cheap, relatively speaking.
Companies use keystroke loggers quite legally to keep an eye on their employees' behavior. Parents use them to monitor their children's activities online. Suspicious spouses are--well, just accept my word that there have been a few divorces.
EVEN THE FBI is in on the act--big time. The feds have used keystroke logging to nab at least one bad guy. Just a few weeks ago, the agency 'fessed up to designing a program, called Magic Lantern, that can be used as a Trojan horse to gather criminals' keystrokes. On Dec. 26, a federal judge ruled that the FBI's use of a keystroke logger against an alleged gambler earlier in 2001 was legal.
One reason keystroke loggers are coming into increasingly frequent use is because they capture information literally as it is being typed--before any encryption can take place. Plus, they're very stealthy.
In Thursday's column, I introduced you to KeyKatcher, a hardware-based keystroke logger. I have since discovered another hardware product, called KeyGhost, that appears more capable and is also more expensive. Ranging in price from $139 to $419, KeyGhost can capture up to 2 million keystrokes and support several foreign languages. An optional download adapter speeds retrieval of stored keystrokes from the device.
KeyGhost also sells a line of keyboards with the recording device built-in. This is an attractive option for snoopers, since it doesn't leave the tell-tale adapter hanging out the back of the PC, but it would be difficult to install surreptitiously, unless you had a reason to replace someone's keyboard.
ALONG WITH SUCH HARDWARE devices, there's a lot of key logging software out there, too, including one program designed to stop the software-based loggers in their tracks.
One of the best known is Amecisco Invisible KeyLogger Stealth, a $99 (or less) program that records keystrokes and, with a free add-on, will periodically e-mail the snooper files that it generates.
KeyLogger is joined by other similar applications, including Spector, KeyKey Monitor, 007 STARR, Boss Everywhere, and I-See-Ua, to name just a few.
Based on the response to my Thursday column, I know that many of you are very concerned about key loggers. Several TalkBack posts, including one from Scott DeSalvo, lamented this technology as yet another way privacy rights are suffering a steady erosion. A vast majority of those who voted in an accompanying QuickPoll declared they would never consider using a key logger themselves.
BUT TAKE HEART. You are not defenseless in the fight against keystroke loggers. A program called SpyCop is designed specifically to head off corporate spying programs, unlike antivirus and desktop security programs that can capture only some spy programs. For $49.95, it offers very inexpensive protection, and says it can detect and defeat 181 different keystroke loggers. Its makers also offer a version of SpyCop that includes Evidence Terminator, a program that removes files from your PC that provide clues as to your online habits and movements.
SpyCop was recommended to me by a friend. SpyCop Corp. President Greg McKenzie joined me on my radio show Thursday. One thing that should have been mentioned but wasn't made clear is that SpyCop works against "known" spyware, just as antivirus software works against known viruses.
Another guest who joined me on the show was Howard Goldman, whose SpyCompany.com sells a variety of goodies/baddies (depending on your perspective on these things), including his own pcSpy software ($149 or $199 for the remote version), which he says SpyCop doesn't catch.
GOLDMAN SAID there is one variety of spyware he could have developed but chose not to, because its legality was questionable and he felt--remember, this is a guy who runs a spy store--it was too intrusive on people's privacy.
It would have been an application that can be sent to someone like a virus or Trojan horse and then infect their machine, perhaps just by attracting them to a Web site. But even without Goldman's help, some malicious programs already do this, and the FBI seems to be working on one of its own with the controversial Magic Lantern program.
On Monday, I will wrap up what has become my spyware trilogy with a discussion of the legal and moral issues, as well as some tips on fighting evil advertisers and Web sites that leave their "bugs" on your PC.
zdnet.com |
