An important answer you need to understand.
How do you know your computer is free of keyloggers? You don’t.
That’s not the answer most people want to hear, but it’s the true bottom line.
There are a few reasons for it. I’ll talk about those, and what you and I need to do in the face of this rather grim reality.
Become a Patron of Ask Leo! and go ad-free!
Knowing you don't have malware
It’s impossible to prove you don’t have malware on your PC — you can’t prove a negative. No anti-malware tool is guaranteed to catch all malware. Stack the deck instead:
- Make it difficult for malware to arrive, by following security best practices.
- Make it likely that malware will be caught quickly, by running security software.
- Make it possible to recover, by having a backup strategy in place.
May the odds be ever in your favor.
A quick note about keyloggers
Be it keyloggers or the ever-popular ransomware, some terms seem to get people’s attention more than others.
We need to be clear about something: there’s nothing special about keyloggers, and there’s nothing special about ransomware. The names describe what they do, not what they are. What they are is very simple: they’re just forms of malware.
What they do once they arrive might be interesting or severe, but it’s the fact that they are malware that warrants our attention. Like any form of malware, the most important thing to do is to prevent them from getting on our machines in the first place. The second most important? Detection and removal.
This applies to all malware.
Proving a negative
There’s no way to absolutely know your machine doesn’t have malware. Logically, you can’t prove a negative.1
Looking for malware and not finding it isn’t enough — there’s no guarantee your anti-malware tools know all the malware to look for or all the ways malware can hide.
No anti-malware tool is guaranteed to catch every possible malware. None. By definition, the creation of malware is always ahead of its detection. Even the very best anti-malware tools are always playing catch-up.
If you run a zillion different anti-malware tools and they all come up empty-handed, it doesn’t prove anything. All it says is that it’s highly unlikely you’re infected.
Making sure it’s highly unlikely you have malware is, pragmatically, the best we can hope for.
Staying safe without proof
The best you and I can do is to stack the deck in our favor.
- Make it difficult for malware to arrive. Don’t install untrusted software. Don’t open random attachments. Don’t fall for phishing attempts. Run good security software.
- Make it likely that any malware that does make it onto your machine will be caught. Run up-to-date security software and confirm it’s scanning appropriately.
- Make it possible to recover quickly with minimal impact if something goes wrong. That means backing up.
It all boils down to the set of rules and admonitions folks in my position have been preaching for years — rules and admonitions I’ve laid out in what I consider to be my most important article: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.
Even getting out of bed is risky
I wish I could offer you a 100% guarantee — a way you can be completely certain your machine is free of malware and all is well.
We can’t guarantee that we won’t get hit by a bus or fall down the stairs, either. All we can really do is stack the deck in favor of our safety. Look both ways before crossing, hold the handrail, and stay safe online.
There are no guarantees. While you should never reduce your vigilance, you can absolutely reduce your concern and carry on using your technology in all the wonderful ways it was intended.
Footnotes & References
1: I’ve had some people point me at long, complex, detailed philosophical discussions/arguments claiming to prove there are scenarios where it’s possible. Fine. Whatever. When it comes to malware, you just can’t.