How to defeat most keyloggers on public computers
Keyloggers can generally be classified as either software or hardware keyloggers. Software keyloggers are running as a background task on the system while hardware keyloggers are little devices that are most of the time connected between pc and keyboard recording every keystroke to their own memory.
The simple keylogger records every keystroke while more advanced ones make screenshots and record mouse movements as well. The idea for this article was born while reading the excellent Technospot article about keyloggers. The most secure way to defeat keyloggers is of course not to use public computers at all, and to keep a good eye on your own systems or the systems you are working on.
You sometimes do not have a choice though which leads to the next most secure way to defeat them: Live CDs. If you are allowed to boot from DVD or CD you should pop in your Linux live CD and use it to go online. This defeats all software keyloggers but not the hardware ones obviously.
Next in line is a method detailed by Technospot which suggests that you should do the following when entering usernames and passwords:
Let us assume you want to type in ghacks and fear that a keylogger would record the string. What you could do is add random chars to the string and replace them with the ghacks chars. You begin by typing "re4", mark the three chars with your mouse and type the "g". Then after the g you would write "bt" and replace bt with "h".
This is a great method to defeat software keyloggers that do not take screenshots when moving or clicking the mouse.
A quick check of the system tray and if possible the task manager could also reveal several keyloggers as long as they are not running in stealth mode.
It it important to do a quick check of the PC hardware to see if a hardware keylogger is connected to it. It is not always that easy to detect hardware keyloggers but some common ones can be spotted quite easily.
The picture above shows a hardware keylogger that was connected between PC and keyboard recording any keystrokes right into his internal memory. It becomes more difficult if the keyboard itself contains the hardware keylogger and impossible to tell if the hardware keylogger was placed inside the system. (assuming that you can't open the PC's)
So, a quick look at the back of the PC is a good way to start. If you see anything connected between the keyboard cable and the PC, or something inserted into an USB port at the back, you may want to check it out closer before you do anything.
The most secure alternative would be to use your own notebook to connect to the Internet which defeats all keyloggers but not programs that record network traffic.
What you may be able to do instead is to use the public computer only for things that you have no problem revealing. So, instead of checking your Gmail account or logging in to Facebook, you may use it to look up an address on Google Maps or use a search engine.
Another excellent privacy protecting post! Great! Surely students will be more than thrilled to know….
I’m feeling over the top! Never thought my guest post on Technospot will be such a hit.
Very glad you found it useful..Thanks and spread the word..
I’ve heard that Roboform bypasses the keyboard and so is not vulnerable to keyloggers.
Is this accurate?
Alternatively, use the on-screen keyboard for sensitive information:
I also enter passwords using the “osk” visual keyboard. Not screenshot-proof, but it sounds safer than just typing it.
Sorry, the trick with copy / paste or breaking up your input won’t defeat most modern keystroke loggers. Financial account theft trojans have mostly abandoned the technique of literally recording every keystroke in preference to intercepting account data as it is transmitted by your web browser. Lots of advantages for the attacker – the output is cleaner and any virtual keyboard and the like are negated to name a couple.
Thats why god created SSL. You can’t interpret what you can’t decrypt.
Ummmm, a keyboard does not encrypt your typing on the way into the CPU…
I suspect my boyfriend has a keylogger on his laptop, for when I use it. How can I find out?
There is a company by the name of Special Security Technology. Their web address is http://www.PrivyInfo.com . I hope this helps.
Quit cheating on your boyfriend and he won’t need to log your strokes.
just use alphasheild it works the best to beat those keyloggers trust me it works..
Most of this info is useless if you don’t have access to do these things. Most corporate computers record this stuff “off site” and most keyloggers record which websites you visit, so even if you “hide” your keystrokes, you can’t hide where you’ve been…
That’s the main purpose for keyloggers is to see where employees are spending their time, not what they are typing…
that’s why you use a proxy server.
only draw back is, they will probably assume you are “up to no good” just off the fact that you’d go through the trouble of using one.
This leading to possible termination on that grounds alone.
it defeats the server logs, and keyloggers, but you’d still get canned just for using one.
Thank you for the content.
osk is now obselete since most keyloggers detect it. . . .
whats the best option for key loggers! is there any short cut to onscreen keyboard
A friend of mine asked me the other day about how to do anything “secure” on the Internet… I had to disappoint him that it is NOT possible. Currently the struggle between hackers and users is 1:0, and it’s a constant. Hackers by definition wanna be smarter than yuzerz, so they will keep up with tricks and there is NO WAY you can outsmart a hacker. If you could do that, by definition you would become a hacker yourself.
Sad, but true. I really, seriously, honestly suggest anyone who is REALLY interested in privacy and data security, to simply resist the temptation and DO NOT USE the Internet at all for those things that are deemed important.
Really important things always handle offline. And set a limit to your losses (financial, reputation, etc) to all those things you ever incur online. Let me tell you an example.
Money? Afraid that someone will hack your bank account? Solution is simple. Have (at least) 2 bank accounts. One that is quite modern, “fashionable”, trendy, just like all modern idiots have: credit card (easy to steal info from it), online banking, all kinds of crap. DO NOT keep more than a few hundred dollars on it. Make sure that the balance on it is always around 2-300 dollars only. When the balance is down a little bit, ALWAYS refund it physically, by going to that bank and handing over CA$H to the clerk, to put it on your account. This way no leak on that account.
For the REST of your money, open a safe and secure bank account at your choice (recommended: Switzerland, Singapore, Luxembourg, Liechtenstein, etc). Make sure you DO NOT have any kind of electronic access to THAT money, only physically yourself can get anything out of it, by good old fashioned WALKING to the nearest bank outlet and TALKING to a flesh-and-blood other human banker and getting CRISP PAPER MONEY in your pocket every time you need it. Do not access your safe money with any kind of debit/credit/whatever fancy card.
The real solution is a little more complicated than that, but you get the picture.
Same about other sensitive things, like passwords, data, etc. If it is REALLY important, WRITE IT DOWN by hand (!!!) on a piece of PAPER and lock it up or hide it at a place which only YOU know. (Try not to forget where you put it, though…)
Is this article a joke ?
Is this commenter a troll?
You described a way which can defeat simple keyloggers (typing a different word and the selecting it with mouse to change the actual word.) but how can we defeat keyloggers which also take screenshots?
Yea knowing how to spot one of these is a good things. Someone put a keylogger in my colleges library and many people got stung.
Is it possible to tack hardware based key logger.
well if you ask me i’ll say keloggers are not that dumb now a days. there are techniques to intercept the user id and password fields of any browser. it goes like this
hook the browser and then find out user-id and password fields. it is not that difficult.
then simply log whatever text is inserted.
you can even even track other browser objects and get en idea what the site is doing.
damn you people think it is easy to defeat keyloggers
btw above techniques is better then so called keylogger. :)
I most of the time worry about key-loggers at public computers. Tips mentioned in this article will surely help. Thanks.
What about KeyScrambler ??
Most keyloggers are designed for Windows any benefits of using Fedora ??