We’ll tackle the news first – CyberSpy (don’t worry the link is dead) was ordered by the Federal Trade Commission so cease and desist the selling of its product, RemoteSpy. What’s RemoteSpy? RemoteSpy is a keylogger, which isn’t completely nasty (more on this argument after the jump) in and of itself, however; RemoteSpy could be disguised as something else and installed without the ‘targets’ real consent – thusly allowing someone to remotely monitor everything done on that machine (from credit card transactions, to banking info, to chat logs, to emails, to… well, everything) without you noticing a thing.
I, for one, am happy to see the FTC step up and take a stand against the malicious use of software like this. Why? Simple. It will save millions, if not billions, in fraud and identity theft.
Keyloggers now-a-days are very sophisticated. They run without showing up in current processes or add/remove programs and they can physically change their location on your hard drive so as to make them virtually untraceable. In short, they can be pretty gosh-darn evil in the wrong hands.
There are, however, schools of thought that support the use of keyloggers. I mean, heck, if you needed to know what that junior admin actually did to your database server, a keylogger would show you step by step how they came to the conclusion that running rm -rf /root/* was a good idea.
Without getting all Orwellian I, personally, only see very, very few instances where keylogging could be beneficial for any ‘good’ reason.