Computer Security Myth: Defeating Keyloggers With Onscreen Keyboards - gHacks Tech News

Computer Security Myth: Defeating Keyloggers With Onscreen Keyboards

I recently read a few articles that gave readers the tip to use onscreen keyboards to defeat keyloggers installed on the computer system.

The idea behind the tip is to prevent that keys are logged because you are not tapping on keys physically. These experts suggest to use onscreen keyboards for important tasks on the Internet such as online banking, making online purchases or communicating with select people.

The theory that keyloggers can be defeated with onscreen keyboards is unfortunately a computer security myth.

It is definitely true that some keyloggers, especially those that only record the keys that the user types on the computer computer keyboard, can be defeated with onscreen keyboards.

computer security

There are however advanced keyloggers in circulation that use several methods to record the information anyway. Some are able to record the keys that get clicked on, others may use screenshots to find out about the keys or track mouse movement and the position of open windows on the desktop. It is then a matter of simply reconstructing the mouse movement to know exactly what a user typed on a computer system.

There is only one 100% way of defeating keyloggers and that is to not use computer systems for sensitive information. That's not always practicable and it is possible to reduce the chance that keyloggers are installed by running good antivirus software.

Again: I'm not saying that you cannot defeat some keyloggers by using onscreen keyboards. Depending on their functionality it may very well be possible but you won't be able to defeat them all using these type of programs.

You can check out Raymond's article on the topic where he tested several onscreen keyboards against a variety of keyloggers. Most failed while one seems to have passed his test.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Salz` said on June 15, 2009 at 11:09 pm
    Reply

    I’m not sure if there is something like that, but i would believe that there is an generic interface for all keyboards. And in the end no body can tell you what kind of keyboard you use.

  2. Rarst said on June 16, 2009 at 7:09 am
    Reply

    If you got malware already in your system and active – you are pretty much screwed. It must not either get into PC at all or at least must not get access to system. Past that it’s using umbrella against flood. :)

  3. jayminho said on June 16, 2009 at 7:10 am
    Reply

    i disagree with you. acctually screen keyboards are very useful.
    in order for a keylogger to to record your screen 100% correctly, it would have to be taping or taking pictures, at a 1second or less ratio.
    what is not the case,
    the majority of the keyloggers, i try and counter test, are set to default “take screen shots every 30 seconds” or every 60 seconds and so one.
    well, less than 4 seconds, you input your password on a screen keyboard.
    so, yes, screen keyboards are very effective, though, definetly, not flawless. nothing is as you very well mentioned.

    still if you want to give a try at a good keylogger “defender” i suggest you to try keyscrambler.

  4. Tobey said on June 16, 2009 at 5:48 pm
    Reply

    At least you can bypass hardware keyloggers.. though, these ain’t very common. Perhaps Martin, you could elaborate on some functions of the AKLog software anti-keylogger sometime ?

  5. sunshinekhan said on June 17, 2009 at 3:25 pm
    Reply

    depends entirely upon your system and the protection under the hood…now what kinda keyloggers are we referring to…setup intentionally, malware or what???

  6. John said on June 18, 2009 at 4:23 am
    Reply

    There is a free Firefox and IE addin antikeylogger program called Keyscrambler. Check it out at http://www.qfxsoftware.com/.

  7. unixunited said on May 29, 2011 at 2:00 am
    Reply

    The on screen keyboard countermeasure can easily be subverted by hooking the osk.exe process, and then intercepting the virtual key codes.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.