Can I tell if a keylogger has been installed on the machine I share?

Also, consider contacting any on-line associations you know have been made by/through your name/identity via phone or e-mail to ask for any strange activity, and if necessary restrict your account(s), monitor or investigate(they're doing it anyway^^) or lock out your account or change your credentials and/or account numbers/names.

If your using Windows XP,try Kaspersky Internet Security,it has proactive defense,which detects running programs at startup,if you dont know the program,put it in blacklist,or dont allow this program...or you can also use the virtual keyboard from that Kaspersky software.

Why don't you to use Windows On-screen keyboard to enter your username and password? Keyloggers do not recognize these virtual keyboard signals as it do with physical keyboard's.

Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard

Some programs not only record keystrokes but also screen captures. For that matter, there could be a wireless video camera watching you right now that looks like a book or something else. [creepy music interlude :) ]

Encryption is useful only in transportation/storage of data.

I thought to address the relationship/trust issue, but that's much more complicated than spyware. You must know what is most important to you and guard who has access to it: Thoughts, Feelings, People, Resources.

Your past was in your control; your present is; your future can be.

can a key logger obtain paypal password?
can it then be used to empty my bank account?
and if so does this not make paypal unsafe?

First, to Leo Notenboom himself, who wrote:

          "...Will it find what your friend has installed? Hard to say.
              What you probably can be sure of is that your friend will
              then notice..."            --Emphasis added.

I have a question, Leo: Why do you insist upon calling this Piece of Scum, his "friend"??? With a (quote) "friend" (endquote), so-called, like that, I sure the h*ll wouldn't need any enemies! This person is clearly a criminal; your querant needs to go to the police, ASAP!

                            -=-=-=-=-=-=-=-

Next, to Ian Rennie, who wrote:

             "Can a keylogger obtain [my] PayPal password?
              Can it then be used to empty my bank account?
              And if so does this not make PayPal unsafe?"

ANSWER: Well, "Yes", "Yes", and "Yes" -- but, just to be clear, keyloggers make ANYTHING done on a computer "unsafe", period -- it really doesn't much matter what. It has little or nothing to do with "bank accounts" or "PayPal"; if the security of your computer is compromised, then YOU AIN'T GOT NO SECURITY!, period!       :(

I agree with Paul. Get a new roommate. Trust has to be earned (or won back with a lot of "watching" the other person to see if he continues to act trustworthy). Leo has said time and time again, if your machine is not physically secure, it is NOT secure. On another tack, we were just informed by our insurance company that they now sell identity theft insurance. If a reputable insurance company is offering that kind of service, you can bet there is money to be made. The last statistic I read is that one in five people will suffer from ID theft.

There is a key logger that does not require any software to be installed on the computer so it is 100% undetectable. During the course of an investigation I was involved with I have used one. It was in a corporate setting where security software inventoried everything installed on the computer when it booted up and matched it against a database that showed what should be on the PC. Any deviation brought the IT guys and the unauthorized software was removed. The logger was never detected over the 8 months it was used. The detection program could NOT find it because there was nothing to find. There are models for both standard keyboard connectors and USB types. The logger plugs into the keyboard connector on the PC and the keyboard plugs into it. The logger's plug duplicates the real keyboard plug exactly and it has an 8 inch lead on it so it can be concealed behind or under a desk or table. They are small, about the size of an AA battery. The device is passworded so if discovered can't be opened without the password. Any word processor program, even Wordpad or notepad, can open the contents for viewing. Another common type of monitor/trap connects into the Ethernet cable in the same way. It plugs into the Ethernet port and the cable plugs into it. Both types come in various storage capacities. Although the latter will trap Ethernet traffic, it won't get keyboard info. Both types are readily available and fairly inexpensive. For software based monitoring, one I recommend to parents, there is a program called Web Watcher which records EVERYTHING! The beauty of this is that the collected data is stored online so there is nothing the computer savvy person can find on the monitored PC. The results can be checked from any Internet capable PC which can be useful to check Little Timmy's activity at home from the office. (I'm not affiliated with the manufacturer or distributor and mention it only because after looking a dozens of this type of program I think it's the best.) If you feel turnabout is fair play and want to catch your spy, this is the tool to use. It can also take random screenshots if so configured. A warning though: spying can become an all consuming, mind numbing addiction! I have seen people, in the absence of any discovered wrong doing on the part of the person being spied on, become totally obsessed that the suspect is just being more clever and devious. This always leads to the belief that increasingly extreme measures are needed to prove the perceived wrongs. Please take that very seriously! Remember: this cuts both ways: whether it's the person spying on you or you turning the tables on them. The best advice may well be to get away from that person and change every password you have used, redo email accounts, and everything you can think of. If you pay bill or bank online, that information may be compromised as well. Godspeed in you endeavor to free yourself!

I used software like that to spy on my EX-wife and was confronted by a law suit that states, if you monitor another persons computer, you must notify them...Take time to read the small print in the legal disclaimers of these programs...it cost me close to $70k to settle [edited]...just a word of warning

@Rob. Sorry about that costly experience. I think in this case it was a shared computer. If you OWN the machine being used I can't see why you can't monitor your own machine. Why would it be any different from say, pointing a video camera on your driveway if your car keeps getting broken into? If you installed such software on a computer owned by someone else I could see a potential problem. I also would guess the judgement amount you cited was the divorce settlement and not solely a punitive fine for installing the monitoring software. The problem with using this kind of information is the overwhelming temptation to use it as a cudgel when emotion over-rides the intellect. As I said, I recommend this program to parents if they have a reason to be concerned what their kids are doing online. I'm certainly not a lawyer, but I think that's well withing the boundaries of parenting and I doubt 14 year old Johnny or 16 year old Susie is going to sue their parents over monitoring Internet usage. I don't think there is a single case of a company successfully being sued for punishing an employee for using a company computer for unauthorized activity, said activity found through monitoring. See below.

To respond to the comments about "professionally written software" I checked out a PC for a guy that he thought was being monitored. I opened up things with Windows Explorer and browsed through a few folders with odd names. When I opened one labeled "Junk" I saw three programs in it that turned out to be a keyboard logger, a web traffic trap, and another program that took random screen shots. This was at a corporation that also used monitoring software to insure nothing unapproved was loaded onto machines. Obviously, they had approved it. I had him get his union representative and showed him what I had found. The software was removed but not before he was given a 30 day suspension for inappropriate use of a company computer. Installing the software was allowed only under the narrowest of conditions, and this didn't quite fit the guidelines. While technically he did misuse the PC, he wasn't doing anything everybody with computer access was doing, and far less than some. He was an abrasive character who got in a position to create problems for people so there was an on-going effort to fire him. The monitoring software was just part of the ploy. The point is, I know at least some of this software leaves a folder somewhere. It could be hard to find with a full hard drive, but with a few simple tricks, view hidden folders enabled, an some poke and peek, it often can be found. The company later set things up so over a certain amount of time connected to the Internet had been exceeded, that employee's account was monitored. That put an end to sharing user IDs and passwords since many people stayed online and just minimized the screen on the workstation they were using. It's hard to explain to the systems administrator why your user ID was logged onto the internet for 60 hours in a 40 hour week! (2 shifts)