I am back with another silly question....... Keylogging?

That is not a silly question.

There are two types of keyloggers:

1. Those that are installed by malware.  We can remove those once we run some diagnostics so we can verify exactly what is going on.

2. Legitimate keyloggers that are installed by employers/husband/wives/ parents/ schools, etc..

Examples:  If an employer installed a legitimate keylogger to monitor if an employee is downloading porn or engaging in illegal file sharing while at work, and I were to help the employee remove it, there could be legal ramifications. Or if a parent installs one because he wants to monitor his teenager's online use as the parent/legal guardian of that child, he has a right to do that. If I were to help the child remove it without the parent's knowledge and something were to happen to the child because of online activity, there could be legal ramifications.

Jeff, you might want to read this:

http://www.securelist.com/en/analysis/204791931/Keyloggers_How_they_work_and_how_to_detect_them_Part_1

I'm not sure it will answer all your questions. Keyloggers have legitimate uses (company security/employee monitoring, parental controls, forensic investigations) but are also used to defraud, spy on spouses etc. I can understand why many malware removal experts are reluctant to get involved in their removal!

I never doubted the integrity of the folks here. I just wasn't clear on the specifics. Now I am. As usual: Thanks everyone!!!!

Jeff

Jeff,

As usual, I have a few more thoughts to add to the above discussion:

First, emphasizing two points from the article Joe linked-to above:  

1) Because keyloggers may or may not be legitimate, in order to avoid legal complications, "most antivirus products classify keyloggers as potentially malicious, or potentially undesirable programs [aka PUPs]" --- meaning that even an up-to-date anti-virus program may not detect a keylogger, unless it's set to scan for PUPs.

2) "there is an increased tendency to use rootkit technologies in keylogging software, to help the keylogger evade manual detection and detection by antivirus solutions".   Basically, ROOTKITs are "very deeply" HIDDEN programs, that try to [and often succeed in ] avoid[ing] detection by scanners.   Put another way, a person may have a keylogger [or other rootkit program] on their PC, and never know about it.

So what's a person to do, if they want to [try to] keep themselves protected from keyloggers... realizing they might already be a victim and not even know it?

I use a program called keyscambler, from QFX software:  http://www.qfxsoftware.com/

First, here's what keyscrambler does NOT do:   it does NOT detect keyloggers; it does NOT remove keyloggers.

So what DOES it do?   It purports to "scramble" (disguise) keystrokes, so that all the keylogger will be able to intercept is a bunch of meaningless gibberish!

Does it succeed in what it claims?   I've read articles/reports that say it does.   But I have not personally performed any definitive testing to verify this.   (Nonetheless, until proven wrong, i'm willing to accept that it does what it claims).

Critical Point:   The FREE version of KeyScrambler only protects the user while they're typing in Internet Explorer, and FireFox (and also another browser called "Flock", which I've never heard of).   So if you install the free version of keyscambler, it will NOT offer you protection while you're typing in other programs (such as Opera, Money/Quicken &etc.)   [There are paid versions of KeyScambler which extend its protection to many other programs --- if you're interested, you can check out their list.]   Since I'm most concerned about online credit-card (and bank) transactions, I believe the free version is sufficient for my purposes --- as long as I stay in IE and FF.

In posting this information... which is readily available on the Internet (at sites such as Gizmo Richard's recommended free programs), my intent is to help people protect themselves from the likes of online credit-card fraud.   Alas, I realize that unscrupulous people can try to use this to avoid legitimate (parental, employer) keylogging... but I believe the former (i.e., the fraudulent) usage is the greater concern.

I just wanted to second David's opinion about Keyscrambler from QFX. I also find it adequate for my purposes and where and how I browse, mainly concerned with my financial and credit union accounts. Seems to be working OK, and the character generation appears to be totally random.