Keyloggers can generally be classified as either software or hardware keyloggers. Software keyloggers are running as a background task on the system while hardware keyloggers are little devices that are most of the time connected between pc and keyboard recording every keystroke in their own memory.
The simple keylogger records every keystroke while more advanced ones make screenshots and record mouse movements as well. The idea for this article was born while reading the excellent Technospot article about keyloggers. The most secure way to defeat keyloggers is of course not to use public computers at all.
You sometimes do not have a choice though which leads to the next most secure way to defeat them: Live CDs. If you are allowed to boot from DVD or CD you should pop in your Linux live CD and use it to go online. This defeats all software keyloggers but not the hardware ones obviously.
Next in line is a method detailed by Technospot which suggests that you should do the following when entering usernames and passwords:
Let us assume you want to type in ghacks and fear that a keylogger would record the string. What you could do is add random chars to the string and replace them with the ghacks chars. You begin by typing “re4″, mark the three chars with your mouse and type the “g”. Then after the g you would write “bt” and replace bt with “h”.
This is a great method to defeat software keyloggers that do not take screenshots when moving or clicking the mouse.
A quick check of the system tray and if possible the task manager could also reveal several keyloggers as long as they are not running in stealth mode.
It it important to do a quick check of the PC hardware to see if a hardware keylogger is connected to it. It is not always that easy to detect hardware keyloggers but some common ones can be spotted quite easily.
The picture above shows a hardware keylogger that was connected between PC and keyboard recording any keystrokes right into his internal memory. It becomes more difficulty if the keyboard itself contains the hardware keylogger and impossible to tell if the hardware keylogger was placed inside the system. (assuming that you can’t open the PC’s)
The most secure alternative would be to use your own notebook to connect to the Internet which defeats all keyloggers but not programs that record network traffic.
Related posts:
- Computer Security Myth: Defeating Keyloggers With Onscreen Keyboards
- Defeating Hardware Keyloggers
- Type Text with your Mouse to increase security
- Defeat Keyloggers with Keyscrambler for Firefox
- Perfect Keylogger lite
- Freeware MyPlanetSoft Anti-Keylogger
- Use one mouse and keyboard on multiple computers
- Hardware Keylogger
Another excellent privacy protecting post! Great! Surely students will be more than thrilled to know….
Hi Martin,
I’m feeling over the top! Never thought my guest post on Technospot will be such a hit.
Very glad you found it useful..Thanks and spread the word..
I’ve heard that Roboform bypasses the keyboard and so is not vulnerable to keyloggers.
Is this accurate?
TIA
Alternatively, use the on-screen keyboard for sensitive information:
http://www.microsoft.com/enable/training/windowsxp/oskturnonuse.aspx
http://theappleblog.com/2008/09/24/mac-101-get-an-onscreen-keyboard-in-osx/
I also enter passwords using the “osk” visual keyboard. Not screenshot-proof, but it sounds safer than just typing it.
Sorry, the trick with copy / paste or breaking up your input won’t defeat most modern keystroke loggers. Financial account theft trojans have mostly abandoned the technique of literally recording every keystroke in preference to intercepting account data as it is transmitted by your web browser. Lots of advantages for the attacker – the output is cleaner and any virtual keyboard and the like are negated to name a couple.
I suspect my boyfriend has a keylogger on his laptop, for when I use it. How can I find out?
There is a company by the name of Special Security Technology. Their web address is http://www.PrivyInfo.com . I hope this helps.
just use alphasheild it works the best to beat those keyloggers trust me it works..
Most of this info is useless if you don’t have access to do these things. Most corporate computers record this stuff “off site” and most keyloggers record which websites you visit, so even if you “hide” your keystrokes, you can’t hide where you’ve been…
That’s the main purpose for keyloggers is to see where employees are spending their time, not what they are typing…