A keylogger records keystrokes which is an obvious security threat to sensitive information like your banking password. Some Keyloggers can be very hard to detect as they dont appear as a process and aren’t detected by anti-virus software. Keyloggers work by recording every single keystroke that is entered via keyboard, so a person with access to the keylogger can see those keystrokes including any passwords that were typed. Obviously you don’t want this to happen because it could result in the draining of your bank account.
The goal of this article is to help avoid this happening to you and luckily there are a few simple methods that can be used to defeat a keylogger. Knowing at least one of these methods is critical if you are using a public computer, such as those found at an internet cafe’s which have an extremely high risk of infection with a keylogger of some kind.
Types of Keyloggers?
Keyloggers come in both hardware and software types. A software keylogger can be installed in different ways such as via an infected email message or when installing software, especially software downloaded from the internet. Hardware keyloggers require physical access to the computer and come in both USB or PS2 versions, which look something like this…
On-Screen Keyboard Method of Defeating a Keylogger
This method uses the built in On-Screen Keyboard utility to enter the Password. To bring it up hold the Windows Key + U which will bring up the utility manager, then select On-Screen Keyboard then start. It can also be started by going start –> run and typing osk.exe.
Once the keyboard is up it is just a matter of selecting the password box where you want the password to appear, and entering the password via the On-Screen keyboard. This defeats the keylogger because you are entering the password with your mouse instead of the keyboard, so there are no keystrokes for the keylogger to record.
Scramble The Password Manually
As a security measure many public computers will not have access to the run command and if the Windows+U shortcut is also blocked you won’t be able to run the On-Screen keyboard. If this is the case you can manually scramble the password. This is probably the simplest method will always work.
This is how it works, type say the first 3 characters of the password…
Then click on another window or the desktop and type a few random keystrokes…
Then go back to the login window and finish typing the password…
That’s all you need to do. This method works because a keylogger records all keystrokes, no matter what window is currently selected. For example if your password is “bosco”, you could type “bos” then go to another window and type “111″ then back to password box to finish the password with “co”. The password box will see the correct password “bosco” but the keylogger will see all keystrokes “bos111co”, so that your true password has been scrambled.
Firefox KeyScrambler
Another way of scrambling your password is to use a Firefox extension called KeyScrambler. Obviously you need to be using the Firefox browser to use this method and I can’t vouch for the effectiveness of this method as I haven’t tested it, although I have read accounts of people who have tested it with an installed keylogger and report it to be effective.
5 responses so far ↓
1 Ivan Jakovljevic // Jul 1, 2008 at 10:46 am
This is so simple and so powefull at the same time, so I’m a bitt shamed for not figurig it myself. Anyway, thanks for tips, they are realy effective.
I instaled several keylogers on my system, trying to figure out how to detect them, pass them or dissable them, than came up to this URL, googling for keyloggers.
And I cann’t realise how I was so blind to see those possibilities.
Now, I have another idea:
- type some random text in text editor, but with sence (some bad words for keylogger operator, for example)
- Copy + Paste letters to anywhere you want to place them…
- Enjoy
Greetings from Serbia
2 Aaron // Jul 18, 2008 at 8:30 pm
I couldn’t understand some parts of this article , but I guess I just need to check some more resources regarding this, because it sounds interesting.
3 Bo. Indonesia. // Jul 29, 2008 at 10:47 pm
well, there are keylogger can break this method because they also log every mouse click.
example your pass is “ABCD”
they still got this in the log:
A adsdfsdasd B asdfasdf C adasdadad D
so the solutions is “auto focus mouse must be enable” before using manual scramble. so we can focus on somewhere in the page without click on it, then doing scramble without click logged.
4 Bo. Indonesia. // Jul 29, 2008 at 10:53 pm
@Ivan
NO, dont you know that keylogger also log clipboard? your copy-paste method is more dangerous than scramble method.
5 brett // Aug 14, 2008 at 6:02 pm
@Bo Indonesia
There is no copying or pasting mentioned in the article so i’m not sure what you are referring to when you say “NO, dont you know that keylogger also log clipboard? your copy-paste method is more dangerous than scramble method.”
I agree with your first comment though, some keyloggers also track mouse clicks. Your suggestion of enabling auto focus is good as it adds another layer of protection. My understanding however, is that most keyloggers use a “keyboard hook” and track keystrokes only, so the methods in the article would indeed work. But no method can guarantee protection so the methods above merely offer an additional layer of protection. To be truly safe I recommend the following…
1. Use a strong password
2. Change your password regularly
3. Avoid using public computers
4. Make sure windows is fully patched with latest updates.
5. Don’t download cracks and wares of the internet.
6. Periodically perform a clean installation of windows. I know this sounds like a pain but it is the only way to guarantee a clean system. If you use an imaging system like Norton Ghost a re-installation can take less than five minutes.
Leave a Comment