Computer Security Myth: Defeating Keyloggers With Onscreen Keyboards
I recently read a few articles that gave readers the tip to use onscreen keyboards to defeat keyloggers installed on the computer system.
The idea behind the tip is to prevent that keys are logged because you are not tapping on keys physically. These experts suggest to use onscreen keyboards for important tasks on the Internet such as online banking, making online purchases or communicating with select people.
The theory that keyloggers can be defeated with onscreen keyboards is unfortunately a computer security myth.
It is definitely true that some keyloggers, especially those that only record the keys that the user types on the computer computer keyboard, can be defeated with onscreen keyboards.
There are however advanced keyloggers in circulation that use several methods to record the information anyway. Some are able to record the keys that get clicked on, others may use screenshots to find out about the keys or track mouse movement and the position of open windows on the desktop. It is then a matter of simply reconstructing the mouse movement to know exactly what a user typed on a computer system.
There is only one 100% way of defeating keyloggers and that is to not use computer systems for sensitive information. That's not always practicable and it is possible to reduce the chance that keyloggers are installed by running good antivirus software.
Again: I'm not saying that you cannot defeat some keyloggers by using onscreen keyboards. Depending on their functionality it may very well be possible but you won't be able to defeat them all using these type of programs.
You can check out Raymond's article on the topic where he tested several onscreen keyboards against a variety of keyloggers. Most failed while one seems to have passed his test.Advertisement