How could I know if there's a keylogger in my system, or at least if one is active right now?
How could I know if there's a keylogger in my system, or at least if one is active right now?
First, we'll assume you're using a stock Ubuntu system that X installed and that has always been under X's control -- where X is yourself or someone you absolutely trust.
Since this is a stock system and all software has been installed from the official repositories, you can be certain that there is no hidden keylogger in there, e.g. someone modifies the kernel specially to spy on you such that it is very hard to detect.
Then, if a keylogger is running, its process(es) will be visible. All you need to do is use ps -aux
, or htop
to look at the list of all running processes and figure out if anything is suspicious.
lkl, uberkey, THC-vlogger, PyKeylogger, logkeys
. logkeys is the only one available in the Ubuntu repositories.su
) required.So what if you're in an internet/cybercafe, at the library, at work, etc.? Or even a home computer used by many family members?
Well, all bets are off in that case. It's fairly easy to spy on your keystrokes if someone has enough skill/money/determination:
So, the best you can do with an untrusted system is to take your own Live-CD/Live-USB and use that, take your own wireless keyboard and plug it into a usb port other than the one the system's own keyboard is on (eliminating hardware loggers both hidden in the keyboard, and ones on that port hidden in the computer, in hopes they didn't use a hardware logger for each port on the entire system), learn to spot cameras (including likely spots for hidden ones), and if you're in a police state, finish what you're doing and be somewhere else in less time than the response time of the local police.