How to Protect Your Mac From Keyloggers

Definition of Mac Keyloggers

The term 'keylogger' refers to a program used by criminals to steal your information. Keyloggers are normally installed as a Trojan horse, working by quietly recording everything you type, including your online accounts, account numbers, banking information, passwords, PIN's, and credit card information.

The keylogger then sends all of this information to the criminal who sent it to you. This criminal can then use YOUR information to drain your bank accounts, commit fraud using your account, and even steal your identity. Your stolen identity is then used to open new credit cards, mortgage houses and even sell YOUR assets! This criminal has not only left you with piles of bills that you are now responsible for (or responsible for fighting!), but has also ruined your credit rating.

Keyloggers are well known in the Windows world. However, the keylogger industry is not limited to the Windows world. Many Macintosh experts say that there is no need to worry, but a quick Google search for "Mac Keylogger" should have you worried:

This website emphasizes Keyloggers and their dangers, while showing you how to create a multilevel defense plan to protect you, your identity and your Mac.

Keylogger Defenses

There are several mechanisms available to you to fight off keyloggers. Each of these defenses is explained, and expanded on, in the following sections.

  1. PREVENT installation.
  2. DETECT infection.
  3. AVOID typing sensitive information.
  4. PREVENT 'phoning home'.

There is no single magic bullet - criminals are always using more that one technique and so should you!

Prevent Keylogger Installation

The first line of defense should always be prevention. Most keyloggers are spread through viruses and worms, so it is important that you take precautions to make sure you don't get infected.

Of course the Macintosh platform is remarkably resilient against viruses and it is tempting to let yourself become more relaxed. However, the Mac's popularity has increased significantly lately and criminals have been taking notice.

You need to constantly keep your Mac software up-to-date, as Keylogger viruses usually exploit known vulnerabilities in the operating system (OS X). Also, you should be sure to enable your firewall.

Other keyloggers can be installed locally using a USB key. The thief installs the USB key and then removes it along with the recorded data. You must therefore always be aware of who has access to your machine and what is plugged into it, whether it is your personal machine, or your work machine.

Detect Keylogger Installation

Detecting that a keylogger has leached itself to your Mac is critical if you ever expect to remove it. Keyloggers and similar Trojans usually attach themselves by modifying your system settings. TripWire allows you to determine when any potential malware has installed itself by telling you when key OS X configuration files are updated. Sadly, setting up TripWire is not like your typical Mac application, and using it is not for the faint of heart.

You should frequently review all the programs that are running on your machine. If you see anything unfamiliar, simply perform a Google search for that program. More often than not it will be something that you want to keep running, but there is the possibility it might be a keylogger or other trojan.

Spyware detection tools like antivirus software have been marketed as the solution to all malware, including keyloggers. While they can be effective at detecting known threats, they are not 100% effective. With their high cost, constant need for updating and the fact that it is constantly running sucking up precious CPU, the benefits for this type of program are minimal if you have a proper defense plan in place.

Hide Sensitive Information From Keyloggers

The entire point of a keylogger is to record you entering the information you don't share - PIN's, credit cards, passwords, account numbers and so on. An incredibly effective way of thwarting a keylogger attack is to use an automatic form filler (which also save you time - bonus!).

Automatic Form Fillers work by using their program to log you into your websites and filling in your sensitive information. The good autofill programs never use the keyboard nor the clipboard, so a keylogger never has the chance to steal your information.

Mac OS X users can use 1Password to enter your valuable information, including credit card information. As 1Password is also a password manager, you can keep all your passwords and web forms stored within it, saving you valuable time by logging you into websites, etc, with a single click. All while thwarting keyloggers!

For added keylogger protection, 1Password contains a really cool password generator that keeps generated passwords invisible from keyloggers. Since it is integrated inside the browser, 1Password can generate and fill password fields without you ever having to use the keyboard (or clipboard), keeping your passwords safe from keyloggers.

Prevent Keyloggers From "Phoning Home"

"Phoning Home" isn't just something ET does! In order to get your stolen information to the people who want it, the keylogger program has to connect to the internet. You can use a network monitor (also known as a reverse firewall) to detect when this request is made and then prevent it.

The best, and most widely recognized network monitor is Little Snitch, affectionately known as "the snitch". The snitch alerts you whenever an application on your Mac attempts to make a network connection.

For instance, let's say you just installed OmniWeb (you should, by the way - it is a great browser, but that is another topic), and then when you used OmniWeb to browse to Google, it would need to create a network connection to fulfill your request. The snitch alerts you to this potential phone home request like so:

Since you expected this, you can allow this connection. In fact, you likely trust OmniWeb and can allow it to connect to any server forever.

Of course, if the OmniWeb contained a keylogger (which it doesn't, remember this is just an example), then your trust of the application could inadvertently allow your online accounts to be hijacked. That is why it is so important to apply ALL of these defenses, and not rely on just one.

Are All Keyloggers Used For Evil?

In theory, keyloggers can be used for perfectly legitimate purposes.

One example is if your company requires the manual entry of form data. In this case, a keylogger could be used to help measure how effective each individual employee is.

Another common use of keyloggers is for parents to keep a close eye on their children and their online activities.

Sadly, while there are good uses for keyloggers, their potential is often exploited by criminals and pranksters, who exploit their victims. You need to be responsible with your information and protect yourself by using the techniques described here.

About the Author

Historically a longtime Windows user and consultant at several large enterprises, Dave Teare converted to Mac OS X and co-founded Agile Web Solutions that focuses on making using Macs even more enjoyable.

Dave can be found blogging at the Agile Blog.