Keylogger resistance

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hello,
Keyloggers has become the most popular form of virus, therefore some
websites deviced certain mechanism to resist this kind of attack. For
those sites without any remedy for it, as a user while logging in, can
I use this method to resist keylogger type attacks?
My method is to type password and username in an interlaced mode, and
even add some backspaces among them, such that the keylogger will
record incorrect username and password. Will such a DIY method help to
resist keylogger type attacks?


Thanks for your comments.
 
x-no-archive: yes

John said:
Hello,
Keyloggers has become the most popular form of virus, therefore some
websites deviced certain mechanism to resist this kind of attack. For
those sites without any remedy for it, as a user while logging in, can
I use this method to resist keylogger type attacks?
My method is to type password and username in an interlaced mode, and
even add some backspaces among them, such that the keylogger will
record incorrect username and password. Will such a DIY method help to
resist keylogger type attacks?


Thanks for your comments.
Click to expand...
I have no problem with it. I run anti virus and anti spyare.
 
From: "John" <[email protected]>

| Hello,
| Keyloggers has become the most popular form of virus, therefore some
| websites deviced certain mechanism to resist this kind of attack. For
| those sites without any remedy for it, as a user while logging in, can
| I use this method to resist keylogger type attacks?
| My method is to type password and username in an interlaced mode, and
| even add some backspaces among them, such that the keylogger will
| record incorrect username and password. Will such a DIY method help to
| resist keylogger type attacks?
|
| Thanks for your comments.

Most Keyloggers are Trojans and not viruses. Some viruses do however have keylogging
capabilities.

Your best prevention is anti virus software performing "On Access" scanning, practicing Safe
Hex and not sharing the computer with "others".

Your present methodology sounds worthless.
 
'David H. Lipman' wrote:
| Your best prevention is anti virus software performing "On Access"
scanning, practicing Safe
| Hex and not sharing the computer with "others".
|
| Your present methodology sounds worthless.
_____

I agree with David. After all, a 'keylogger' captures the key sequence you
type in, not what the results look like on the screen.

Phil Weldon

| From: "John" <[email protected]>
|
|| Hello,
|| Keyloggers has become the most popular form of virus, therefore some
|| websites deviced certain mechanism to resist this kind of attack. For
|| those sites without any remedy for it, as a user while logging in, can
|| I use this method to resist keylogger type attacks?
|| My method is to type password and username in an interlaced mode, and
|| even add some backspaces among them, such that the keylogger will
|| record incorrect username and password. Will such a DIY method help to
|| resist keylogger type attacks?
||
|| Thanks for your comments.
|
| Most Keyloggers are Trojans and not viruses. Some viruses do however have
keylogging
| capabilities.
|
| Your best prevention is anti virus software performing "On Access"
scanning, practicing Safe
| Hex and not sharing the computer with "others".
|
| Your present methodology sounds worthless.
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
 
Phil,
| After all, a 'keylogger' captures the key sequence you
| type in, not what the results look like on the screen.

The sequence may be misleading because I typed user/pass in an
interlaced mode.
eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
simple keyloggers?
 
'John' wrote:
| The sequence may be misleading because I typed user/pass in an
| interlaced mode.
| eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
| A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
| simple keyloggers?
_____

Now I think I know what you mean; you enter characters alternately into the
'User ID' and 'Password' slots.

It MIGHT be better than nothing, but do you want to bet your security on it?
After all, if a keylogger has breached your security, what else may have?
And keyloggers don't just capture User ID and Password keystrokes.

Phil Weldon

| Phil,
|| After all, a 'keylogger' captures the key sequence you
|| type in, not what the results look like on the screen.
|
| The sequence may be misleading because I typed user/pass in an
| interlaced mode.
| eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
| A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
| simple keyloggers?
|
 
| Most Keyloggers are Trojans and not viruses. Some viruses do however
have keylogging
| capabilities.

As I know, Trojans are a type of viruses.
 
| Most Keyloggers are Trojans and not viruses. Some viruses do however
have keylogging
| capabilities.

As I know, Trojans are a type of viruses.
Click to expand...

No, viruses and worms self-replicate. Trojans do not. The
all-encompassing term is malware, not viruses. Viruses and Trojans are
forms of malware.

Art
http://home.epix.net/~artnpeg
 
I am pleased to find that Windows 2000 and XP have a great tool that
can help in logging onto unprotected web sites. OSK.EXE can set the
mouse input mode as time delay instead of left-clicking which will
resist some advanced keyloggers that take screen shot. I shall use it
to login unprotected web sites.

Any comment?
 
John said:
I am pleased to find that Windows 2000 and XP have a great tool that
can help in logging onto unprotected web sites. OSK.EXE can set the
mouse input mode as time delay instead of left-clicking which will
resist some advanced keyloggers that take screen shot. I shall use it
to login unprotected web sites.

Any comment?
Click to expand...

A comment: practically both methods (the one the first user posted and
the one you are talking about) are worthless. There are a new breed of
trojans / keyloggers which is becomming more and more popular which
register themselves as browser plugins (BHO - Browser Helper Objects -
is the name for IE plugins) and capture the data when you are posting
it to the site, meaning that if you have such a tool, you are
defensless (no on screen keyboard, https or any other thing can help
you). So have a good up-to-date antivirus.
 
There are a new breed of
trojans / keyloggers which is becomming more and more popular which
register themselves as browser plugins (BHO - Browser Helper Objects -
is the name for IE plugins) and capture the data when you are posting
it to the site, meaning that if you have such a tool, you are
defensless (no on screen keyboard, https or any other thing can help
you). So have a good up-to-date antivirus.
Click to expand...

For such a plugin attack, there should be no way to protect passwords
on simple webpages.
The workable technique that I can figure out is to embed a java applet
or COM in the webpage for inputting sensitive data, so that BHO has no
chance to capture posting data.
Right?
 
Back
Top