Defeating Keystroke Logging Programs ?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello everyone,

I came across someone's idea (printed below) on how to defeat keystroke
logging programs, it seems like a good idea. What do you all think ? Is
there another perhaps better way ? Other than keeping your antivirus and
antispyware up to date, of course.

Also, what about on screen keyboards ? (Ie. type osk.exe in the "run" menu)
Are they effective ? Here, you don't even use the keyboard at all !

*** excerpt of person's idea ***

But there’s a completely simple way to defeat them, based on the fact that a
keylogger doesn’t know where on the page the focus is when you’re typing — it
has no context, it just has what is typed.

So, next time you login from a public internet terminal or somewhere else
you want to make sure your keystrokes aren’t being logged, do this —

Put the focus on the password field, and type one character. Then click
somewhere else on the page — open Notepad if you have to — and type a bunch
of random characters. Then, click back in the password field, and type
another character. Repeat until your password is complete.

Extremely simple, extremely effective. Without the context of where the
focus was when you were typing, the resulting string of characters is useless.

From this report at Alta Vista Security Group. Via Metafilter.

**** end of excerpt ****
 
Paul said:
Hello everyone,

I came across someone's idea (printed below) on how to defeat keystroke
logging programs, it seems like a good idea. What do you all think ? Is
there another perhaps better way ? Other than keeping your antivirus and
antispyware up to date, of course.

Also, what about on screen keyboards ? (Ie. type osk.exe in the "run" menu)
Are they effective ? Here, you don't even use the keyboard at all !
Click to expand...

The onscreen keyboard completely emulates keyboard events, and just
looks like a normal keyboard to your programs (good and bad). This means
the key presses will still be captured normally.
*** excerpt of person's idea ***

But there’s a completely simple way to defeat them, based on the fact that a
keylogger doesn’t know where on the page the focus is when you’re typing — it
has no context, it just has what is typed.
Click to expand...

Faulty axiom. A keylogger can easily know which control has the focus,
and most keyloggers do track focus changes.

Sorry. Doesn't work :-(

Alun Harford
 
I didn't know this. So, if I understand you correctly, the keylogger can
tell which keystrokes are actually used by the application and how they are
used, and which keystrokes are "thrown on the floor".

I order to do this, doesn't the keylogger have to log a picture of the
website as well ?

Paul
____________________________________

Alun Harford said:
. . .

Faulty axiom. A keylogger can easily know which control has the focus,
and most keyloggers do track focus changes.

Sorry. Doesn't work :-(

Alun Harford
Click to expand...
keystroke logging keypress log
 
Paul said:
I didn't know this. So, if I understand you correctly, the keylogger can
tell which keystrokes are actually used by the application and how they are
used, and which keystrokes are "thrown on the floor".

I order to do this, doesn't the keylogger have to log a picture of the
website as well ?
Click to expand...

No. It just has to log the handle of the windows control that has the
focus when the user types each key.

Alun Harford
 
Just a thought, because I don't know anything about keyloggers, but can they
be tricked by typing text into the appropriate field, selecting all (or a
part) of the text via the mouse and just replacing text that way as you go
(the window in question never looses focus)???
Emill
 
Emill said:
Just a thought, because I don't know anything about keyloggers, but can
they be tricked by typing text into the appropriate field, selecting all
(or a part) of the text via the mouse and just replacing text that way as
you go (the window in question never looses focus)???
Emill
Click to expand...

You could get around it by typing the end of the password, clicking to the
start and entering the start of the password. Most keyloggers will record
focus and if the moust was clicked but they generally dont know WHERE the
mouse was clicked. So if my password was 12345 i could type 345 click to
the start, type 23, click to the start and type 1. Or you could just
open character map and choose the letters from that or an on-screen
keyboard.

Copy and pasting from another window that already has the words in is
another workaround.
 
Back
Top