Print This Issue

One Step Ahead
November 21, 2006, Volume 53, No. 13
One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

About Keystroke Loggers

Security experts often warn against “shoulder surfers” who peek at your screen and watch your fingers as you type in order to steal passwords and other sensitive information, but those prying eyes aren’t necessarily right behind you—they can be almost literally “inside” your computer. Keystroke loggers can record everything you type, as well as your mouse movements and clicks, and transmit them secretly to one or more spies anywhere on the Internet.

These are sometimes physical devices installed on your computer while you’re away from it, sometimes they are software programs, and in some cases a combination of both. Physical keystroke loggers often are devices inserted inline between your keyboard connector and computer, while software-based loggers are often installed by viruses, “spyware,” “adware,” and various “free” software packages like toolbars, “accelerators,”etc.

What to do? The use of personal firewalls, anti-virus software (available via site license to most Penn users at www.upenn.edu/computing/product/) and spyware removal tools helps detect and protect against unwanted loggers, and of course, don’t open unknown and/or unsolicited e-mail attachments. Be very careful about the software you download and install and the source it comes from, especially in the case of “free” programs. Also, take some time to familiarize yourself with the devices connected to your computer, what functions they perform, and be alert to any unexplained changes or additions.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.


Almanac - November 21, 2006, Volume 53, No. 13