Exactly. This line of questioning is all too common among IT security people even. When a machine is compromised, anything can be done to it including what was outlined above.
You need to first do everything you can to prevent systems from being compromised, and second, have means of detecting and responding to compromises. Worrying about what can happen once a system is compromised is pointless, because the answer to that is "anything".
Anthny
February 18, 2008 8:59 PM
There are at least few programs that can block or delete keyloggers. They are called 'anti-keyloggers' and there are two basic types of them. The first type are those that have a signature base and the principle of their work is based on scanning of your PC and comparing the files found with the ones that are in anti-keylogger's signature. (As an example you can take a any anti-spyware product).
The second type of anti-keyloggers are those, that use methods of heristic analysis. So the main principle of their work is the behavioral analysis. So, they do not have signatures, as they just don't need them. The main advantage of such kind of signature-based anti-keyloggers is the ability to protect both against known and unknown keyloggers, as they all have the same principle of work. So such kind of anti-keyloggers will help you when the first type of them will not(As an example of behavioral anti-keyloggers you can take PrivacyKeyboard).
Maurice
February 22, 2008 6:14 PM
Please have a look at KeyScrambler (there is a free version) at http://www.qfxsoftware.com/ - I would be interested if these comments are applicable to that software. Thx
Mike
February 22, 2008 10:40 PM
I have Key Scrambler Pro. It supposedly "scrambles" your keystrokes when typed. Key Scrambler claims that the only thing that a "keylogger" would get is a bunch of random characters/numbers rather than plain text. I believe it is worth checking out, and/or using.
Dave Vogl
January 13, 2009 8:30 AM
Check out the free program at http://cloakpass.com as it is portable, free, and has a good web site. It defeats keyloggers and other forms of password problems.
Color me skeptical. Anything installed on your machine can be defeated at some level.
- Leo 14-Jan-2009
Martin Welfeld
April 19, 2009 10:06 PM
While traveling I need to use unsecure public access computers in the US, Europe and Asia to access financial accounts. I want to go with a secure USB drive solution, but don't know if that exists.
I know that products such as an Iron Drive offer password protection for stored files (how safe is that?) and file encryption. If I activate the "Remember Me" function on the various sites using the portable browser from Firefox it seems that I would only need to enter a password, which raises the keylogger issue.
I have heard of but am not familiar with the use of images for passwords. Can you comment on this and any existing applications for that purpose?
Does that seem to improve safety from keylogger capture and later account penetration?
Some, but not really. If a keylogger is installed on the system you're using, it could easily log whatever keys or mouse movements you use to access whatever is on your thumbdrive. If you *boot* from the thumbdrive, a hardware keylogger could still collect everything. Public access computers are scary.
- Leo 20-Apr-2009
Rocco
March 23, 2010 4:50 PM
While using "KeyScrambler" I see it does encrypt the keystrokes but the actual Un-crypted keys are still shown on the screen and those can be recorded by spy screen detectors.
Burt Kaplan
March 24, 2010 9:47 AM
What if your pasword is enterted by Dragon Naturally Speaking?
It's still converted to text somewhere, and thus capturable.
Here is a reasonable way to avoid keyloggers and malware of other sorts. At home, I use my notebook computer (Windows XP SP2) for all my work and finances and have a separate (desktop) machine for accessing the Internet. Viri can destroy that machine if they want, I can quickly recreate it from a True Image backup. I transfer anything I want on my notebook computer via flash card or very temporary LAN connection between the two.
I connect my notebook computer to the Internet only to access extremely safe sites, like banking, insurance, and the like and when I am on the road (using Cricket’s wireless broadband. I never use someone else’s machine or network to access anything of consequence.)
Seems to work. I have not had a virus issue for years. Then again, it may be in part because even with my desktop (Internet) machine, I don’t go to “popular” places, like networking social sites, music swapping, etc. I once in a while look someone up in FaceBook or visit YouTube. (It’s not a precaution, they just don’t interest me.)
A side benefit of using dial-up like Internet access, like wireless services from Cricket, Sprint, Verizon, et al is that each time you reconnect, you get a brand new IP address. That is very useful in many circumstances.
Lee Guptill
August 31, 2010 7:07 AM
This may be a really dumb question, but couldn't you install Captcha on your machine to defeat keystroke loggers?
I don't understand how that would help. Captcha would be performed and the logger would log what you enter thereafter or as part of it.
Comments
Read the article that everyone's commenting on.
February 18, 2008 12:49 PM
Exactly. This line of questioning is all too common among IT security people even. When a machine is compromised, anything can be done to it including what was outlined above.
You need to first do everything you can to prevent systems from being compromised, and second, have means of detecting and responding to compromises. Worrying about what can happen once a system is compromised is pointless, because the answer to that is "anything".
February 18, 2008 8:59 PM
There are at least few programs that can block or delete keyloggers. They are called 'anti-keyloggers' and there are two basic types of them. The first type are those that have a signature base and the principle of their work is based on scanning of your PC and comparing the files found with the ones that are in anti-keylogger's signature. (As an example you can take a any anti-spyware product).
The second type of anti-keyloggers are those, that use methods of heristic analysis. So the main principle of their work is the behavioral analysis. So, they do not have signatures, as they just don't need them. The main advantage of such kind of signature-based anti-keyloggers is the ability to protect both against known and unknown keyloggers, as they all have the same principle of work. So such kind of anti-keyloggers will help you when the first type of them will not(As an example of behavioral anti-keyloggers you can take PrivacyKeyboard).
February 22, 2008 6:14 PM
Please have a look at KeyScrambler (there is a free version) at http://www.qfxsoftware.com/ - I would be interested if these comments are applicable to that software. Thx
February 22, 2008 10:40 PM
I have Key Scrambler Pro. It supposedly "scrambles" your keystrokes when typed. Key Scrambler claims that the only thing that a "keylogger" would get is a bunch of random characters/numbers rather than plain text. I believe it is worth checking out, and/or using.
January 13, 2009 8:30 AM
Check out the free program at http://cloakpass.com as it is portable, free, and has a good web site. It defeats keyloggers and other forms of password problems.
14-Jan-2009
April 19, 2009 10:06 PM
While traveling I need to use unsecure public access computers in the US, Europe and Asia to access financial accounts. I want to go with a secure USB drive solution, but don't know if that exists.
I know that products such as an Iron Drive offer password protection for stored files (how safe is that?) and file encryption. If I activate the "Remember Me" function on the various sites using the portable browser from Firefox it seems that I would only need to enter a password, which raises the keylogger issue.
I have heard of but am not familiar with the use of images for passwords. Can you comment on this and any existing applications for that purpose?
Does that seem to improve safety from keylogger capture and later account penetration?
20-Apr-2009
March 23, 2010 4:50 PM
While using "KeyScrambler" I see it does encrypt the keystrokes but the actual Un-crypted keys are still shown on the screen and those can be recorded by spy screen detectors.
March 24, 2010 9:47 AM
What if your pasword is enterted by Dragon Naturally Speaking?
26-Mar-2010
April 13, 2010 3:53 PM
http://ask-leo.com/is_there_a_way_to_bypass_keyloggers.html
Here is a reasonable way to avoid keyloggers and malware of other sorts. At home, I use my notebook computer (Windows XP SP2) for all my work and finances and have a separate (desktop) machine for accessing the Internet. Viri can destroy that machine if they want, I can quickly recreate it from a True Image backup. I transfer anything I want on my notebook computer via flash card or very temporary LAN connection between the two.
I connect my notebook computer to the Internet only to access extremely safe sites, like banking, insurance, and the like and when I am on the road (using Cricket’s wireless broadband. I never use someone else’s machine or network to access anything of consequence.)
Seems to work. I have not had a virus issue for years. Then again, it may be in part because even with my desktop (Internet) machine, I don’t go to “popular” places, like networking social sites, music swapping, etc. I once in a while look someone up in FaceBook or visit YouTube. (It’s not a precaution, they just don’t interest me.)
A side benefit of using dial-up like Internet access, like wireless services from Cricket, Sprint, Verizon, et al is that each time you reconnect, you get a brand new IP address. That is very useful in many circumstances.
August 31, 2010 7:07 AM
This may be a really dumb question, but couldn't you install Captcha on your machine to defeat keystroke loggers?
02-Sep-2010
To post a comment on "Is there a way to bypass keyloggers?", please return to that article's main page.