An important answer you need to understand.
How do you know your computer is free of keyloggers? You don’t.
That’s not the answer most people want to hear, but it’s the true bottom line.
There are a few reasons for it. I’ll talk about those, and what you and I need to do in the face of this rather grim reality.
Become a Patron of Ask Leo! and go ad-free!
Knowing you don't have malware
It’s impossible to prove you don’t have malware on your PC — you can’t prove a negative. No anti-malware tool is guaranteed to catch all malware. Stack the deck instead:
- Make it difficult for malware to arrive, by following security best practices.
- Make it likely that malware will be caught quickly, by running security software.
- Make it possible to recover, by having a backup strategy in place.
May the odds be ever in your favor.
A quick note about keyloggers
Be it keyloggers or the ever-popular ransomware, some terms seem to get people’s attention more than others.
We need to be clear about something: there’s nothing special about keyloggers, and there’s nothing special about ransomware. The names describe what they do, not what they are. What they are is very simple: they’re just forms of malware.
What they do once they arrive might be interesting or severe, but it’s the fact that they are malware that warrants our attention. Like any form of malware, the most important thing to do is to prevent them from getting on our machines in the first place. The second most important? Detection and removal.
This applies to all malware.
Proving a negative
There’s no way to absolutely know your machine doesn’t have malware. Logically, you can’t prove a negative.1
Looking for malware and not finding it isn’t enough. There’s no guarantee your anti-malware tools know all the malware to look for or all the ways malware can hide.
No anti-malware tool is guaranteed to catch every possible malware. None. By definition, the creation of malware is always ahead of its detection. Even the very best anti-malware tools are always playing catch-up.
If you run a zillion different anti-malware tools and they all come up empty-handed, it doesn’t prove anything. All it says is that it’s highly unlikely you’re infected.
Making sure it’s highly unlikely you have malware is, pragmatically, the best we can hope for.
Staying safe without proof
The best you and I can do is to stack the deck in our favor.
- Make it difficult for malware to arrive.
- Don’t install untrusted software.
- Don’t open random attachments.
- Don’t fall for phishing attempts.
- Run good security software.
- Make it likely that any malware that does make it onto your machine will be caught.
- Run up-to-date security software and confirm it’s scanning appropriately.
- Make it possible to recover quickly with minimal impact if something goes wrong.
- That means backing up.
It all boils down to the set of rules and admonitions folks in my position have been preaching for years — rules and admonitions I’ve laid out in what I consider to be my most important article: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.
Even getting out of bed is risky
I wish I could offer you a 100% guarantee — a way you can be completely certain your machine is free of malware and all is well.
I can’t.
We can’t guarantee that we won’t get hit by a bus or fall down the stairs, either. All we can really do is stack the deck in favor of our safety. Look both ways before crossing, hold the handrail, and stay safe online.
There are no guarantees. While you should never reduce your vigilance, you can absolutely reduce your concern and carry on using your technology in all the wonderful ways it was intended.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: I’ve had some people point me at long, complex, detailed philosophical discussions/arguments claiming to prove there are scenarios where it’s possible. Fine. Whatever. When it comes to malware, you just can’t.
Funny coincidence. I was riding home from work in a bus (example used in article) on a windy mountain road in the Black Forest and I was thing about how I sit on the right side of the bus in case there’s an accident with an oncoming vehicle. I was thinking about how many risks we take every day and how when it comes to computers, people expect a no risk experience. Actually, when it comes to computers, having multiple backups is the closest we can come to a risk-free experience. I’ve been hit with malware a couple of times, had total system crashes, accidentally deleted files I needed, and had an encryption disaster. In all of these, I was able to recover without losing a single necessary file. Back up daily and you can be as close to risk-free as humanly possible.
Admittedly I’m an old retired IBM mainframe dinosaur but it has always struck me that the whole issue of Windows security could be addressed by the SAF/RACF concepts employed by mainframe operating systems where all system resources are deemed protected and inaccessible to users unless explicitly granted access to by an administrator.
The cynic in me says it’ll never be fixed because whole industries have grown up around a fundamental flaw in the architecture!
That’s pretty much the concept behind User Account Control, UAC. The problem is the user is, in most cases, the owner of the machine and needs to override the block to install programs. I do sometimes wonder why UAC doesn’t do a better job.
Thanks Mark, I’ll take a closer look at that, presumably nobody other than me would be able to update my machine unless I gave them access to do so?
The schools and libraries, and other places that provide public access use some system that restores everything after each user. I private computers we do not want to restore evrything – los our files -just system. I could us such system,
BTW, the cynic in you has a good point.
Libraries don’t restore after each user. That would mean a long delay between users. What many schools and libraries do is restore the system at the beginning or end of each working day. A backup would perform the same function. You could do this yourself if you kept your data on a separate drive but you’d lose any program tweaks and any data stored in non-user-data-folders.
The “fundamental flaw in the architecture” is actually the Registry – essentially a wide open, hackable database. The UAC is a fairly recent (~2008) hack to try to fix Windows security holes. I call it a hack because as most things in Windows it’s yet another patch layered onto years of buried functionality (“I do sometimes wonder why UAC doesn’t do a better job”). Recently, Mark expressed a similar sentiment in the article Networking Sucks, saying “I don’t understand why it’s so difficult for the OS makers to get it right”). Again, the reason is decades of layered OS code, which new developers don’t know or care to understand. They just tweak code until they get what seems to be the desired effect. For Windows to close common security holes it needs to get rid of the Registry and embed the need functionality into the OS code and encrypted files accessible only by the OS. Sure, that won’t be very versatile, but that would keep most hackers away. Incidentally, the Windows Registry was introduced around 1995!
The registry is not the problem. It’s “just” a database — perhaps too complicated, but not the cause of all evil. Any alternative (.ini files in other OS’s for example) can also be exploited in similar ways by malware.
Ultimately, you are right in that any system can be exploited. But why make it so easy and continue the endless and futile security patching cycle? I said use “encrypted files accessible only by the OS”. None of the OS data need to be in any type of database that’s directly editable. Encrypted and proprietary encoded databases should go a long way to stop any tom, dick and harry or every application or script from mucking with the OS. I once had a stock portfolio application save its data (my stock data) in the Registry. That’s absurd. With the Registry, MS has provided the means, tools and documentation for anyone to change the way the OS behaves. You can remotely query the Registry to find out the system’s configuration, you an run an application, script, service or DLL in DOZENS of ways, you can change user permissions, and even store a script within the Registry. MS certainly has the resources to take a fresh look at the OS back-end design, but it seems that it’s happy spending money on daily patches, and patches to patches, and patches ….
One of the reasons Microsoft uses the registry at all is to restrict access. It uses the exact same security model as user accounts, so they can (and do) control access to a significantly granular level. It’s not “so easy” … the exploits that cause the most problems are ones that have achieved administrative access already, so they too would be able to access encrypted files (supposedly) accessible only by the OS.
Leo, it was a pleasure to read your article and watch the video, but you did not mention one thing: what to do if you caught a ransomware and your computer have been encrypted. Many people are not doing backups, so what to do next? I am not sure if the links are allowed in your website, but i would like to share this article: https://reviewedbypro.com/ransomware-attack-what-can-you-do/. I think there are some good information on how to behave in that case of PC enrciption by ransomware. Thank you and good luck.
In most cases if you’re hit by ransomware and you didn’t prepare with a backup beforehand, you’re out of luck. Paying the ransom is not an option. Starting over and learning your lesson is.
As you and Leo said: Back up. If you have a good set of system backups, you can restore your OS, programs and all of your data in a couple of hours. Daily incrementals are the way I go. Never more than a day’s data remains unbacked up. And for everything else there the cloud. Dropbox, OneDrive and GoogleDrive for instantaneous data backup.
How Can I Back Up My Data More or Less Continuously?
Using OneDrive for Nearly Continuous Backup
Using Dropbox for Nearly Continuous Document Backup
Personally I am of the mindset that I would not trust entering sensitive info into a browser on a computer in general unless I am pretty confident that machine is not compromised which basically means if I did not personally wipe the drive and install the OS from scratch from bootable media (i.e. what’s commonly called ‘clean install’), I tend to assume the computer can’t be trusted. then assuming all of that is good, I would try to keep installing additional software at a minimum to minimize the risk of getting infected.
hell, one possibility for some people… someone who’s got a spare/older computer/laptop, install Linux (say Linux Mint which is average person friendly enough) and then setup a password manager etc and just use that computer for signing in with more sensitive websites like ones email or banking and the like (this way if your general use computer becomes compromised the damage will be limited). only problem with this, and while most people probably won’t do it, is it’s lack of convenience. plus, a bonus with Linux (desktop)… it’s very unlikely to get a keylogger (or the like) on it right off the start simply because those hacker types simply don’t bother to attack it etc and by default, even the more careless types, probably ain’t going to accidentally install some shady software on their computer. basically the attack surface is more limited on Linux(desktop) vs Windows. although one could potentially get compromised if they install a bunch of browser extensions or fall for Phishing schemes. still, at the end of the day… the common person who does not know much about computers is safer browsing the internet on a Linux machine than they are on Windows due to the ways they could be compromised is more limited.
with that said… I realize that technically even what I said above is not 100% foolproof, but it’s close enough to where your almost certainly safe at that point and is as close as your going to get to 100% of ensuring your computer does not have malware etc.
I have a friend who runs Linux from a USB flash drive whenever he does sensitive work like online banking. I find that to be overkill but it’s the safest way to work with sensitive information.
“ …personally wipe the drive and install the OS from scratch from bootable media …” Sadly those days are gone. Where did you get your bootable OS media? If you downloaded the OS on the internet then it could be compromised. And wiping the disk doesn’t get rid of malware hiding in UEIF. As Leo said, there are no guarantees, but there is no reason to be paranoid about it any more than the dangers we face when we walk out of the front door.
I just wanted to let you know, that in my personal experience, the free Eset online scanner finds malware that other antimalware programs don’t, including Malwarebytes. I generally run Eset, Windows Defender, and Trend Micro’s Housecall every week. Anyway, that’s my two cents.
There’s a very good chance you’re NOT running Windows Defender. It generally steps aside when another scanner is installed.
‘Morning, Leo from a (partially) sunny UK.
I have five lines of defence:
When I leave the internet, before final close, I run ‘History’ from the hamburger and delete all that transpires.
I then run Ccleaner and check the Registry for issues
I then run SUPERAntiSpyware and delete any trackers found.
I also run Avast permanently and operate behind a VPN
Once a week I run Malwarebytes and always back up to an external hard-drive.
So far, I’ve not experienced problems and I take note of the danger in opening any links in ‘Spam’ if I even open the e-mail.
I have been using a personal computer since IBM’s first available devices. I have gone through the evolution of DOS, Windows, and then the rest. I am using Windows Defender and Malwarebytes on all of my computers. I do daily backup. I am very active on the Internet, using email mostly for communication, and visit many web sites for secure access and trivia. I guess that I live a charmed life. I have never had to resort to restoring my computer’s image because of a virus and such. In spite of all the negative comments and the real burden of Windows 10 on a computer I think that it works just fine.
https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
I received this this morning from Firetrust – the Kiwi folks who market MailWasher that suggests installing a Russian keyboard is another defense against ransomware coming from Russia and it’s various states, because Russian-initiated ransomware is hardwired to avoid Russian citizens. Do with is what you will.
Regards, Frank
I read that article, and while possibly true, it probably won’t avoid much malware. I commented on the article that I don’t think the hackers aren’t avoiding targeting Russians to be nice to Russians. It’s more likely they are doing it to protect themselves against the Russian police who would be more interested in them if they also targeted Russian computers. The Russian police are more likely to go after cybercrimes which affect their country.
I heard about this too (and mentioned it on last week’s TEH podcast). I suspect that the more it gets used, the more the malware authors will abandon it, or find alternative ways to avoid hitting their countrymen.