Is there a way to bypass keyloggers?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Viruses and Malware » Malware Prevention

Summary: Keystroke loggers can log a lot more than just keystrokes. We'll look at a couple of ideas for bypassing them, and they chances that you can.

Is there a way to bypass keyloggers? Suppose you go offline (file, work offline) to type in the password and go back online to submit the web page? Or suppose you use the on screen keyboard to enter the password or copy and paste the password?

•

Yes, no and maybe.

It all depends on the specific keylogger, but the answer is mostly no.

In fact, that's the only answer you can really depend on.

Let's look at your suggested work-arounds and why for the most part they might not work.

•

First off, a quick definition: a keylogger is spyware that does exactly what its name implies: it "logs" or records your keystrokes. Thus when you type in your user name and password to a web site or anything else, the keystrokes are recorded, the information saved, and somehow made available to the hacker that put the keylogger there.

Keyloggers can work several different ways:

They can send each keystroke immediately to some remote listener over the internet.
They can collect each keystroke in a temporary file, and then periodically upload that file to the author's location over the internet.
They can collect each keystroke in a temporary file, and much like a spam bot, listen for and receive instructions from the author - in other words the logger could upload the collected information when requested.
The collected keystrokes could never be uploaded. Instead, if someone has remote access to your machine, or ever worse physical access to your machine, they could simply come by and copy the information manually.
Finally, the information may not even be kept on your machine. There are hardware keyloggers that include a little flash memory and can be quickly inserted in between keyboard and computer to capture all the data. Some time after installing the person behind it stops by and picks up the device containing all your information.

"By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place."

Your "File, Work Offline" approach won't work because that's an instruction specifically to Internet Explorer or the application that has that option. Keystroke loggers are not going to play nicely by paying attention to that setting.

But even if they did, or even if you physically pulled the internet connection from the back of your machine, all but the first of those approaches will still work. They'll quietly collect data and then send it when an internet connection is available, or by some other means.

Now, let's look at exactly what a keystroke logger can log.

The most common, as the name would indicate, is keystrokes. Loggers typically do this by hooking into the keyboard driver, or some other low-level point within Windows where they can see each keystroke as it's being typed.

However, loggers can log other things as well, or use a different technique to log keystrokes. For example, rather than hooking into the "sending" device, like the keyboard, they can hook into the "receiving" software.

It's a little more complicated, but to use your copy/paste ideas as an example the logger could hook into all the data entry fields on a web page - including the password field. Then, when you hit "paste" it "sees" not the fact that you hit paste, but rather it sees the actual data that you're pasting in: your password.

There's another complication as well. By using the on-screen keyboard I'll assume you're using your mouse to "type". A sophisticated logger could easily:

Log your mouse movement and clicks
Take a screen shot each time you click

With those two alone the logger can see exactly what you "typed" by using the on-screen keyboard.

As you can see, a keystroke logger can log a lot more than just keystrokes.

The bottom line is simply this: you should never assume there's a way to bypass keystroke loggers. They could easily be more sophisticated than your attempts to work around them.

By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place.

Related:

Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?
Ask Leo! - Spyware: How do I remove and avoid spyware?
Ask Leo! - Are there hidden files that save every keystroke I've ever typed, and how do I find them?

Article C3294 - February 18, 2008

Recent Comments

6 Comments

Exactly. This line of questioning is all too common among IT security people even. When a machine is compromised, anything can be done to it including what was outlined above.

You need to first do everything you can to prevent systems from being compromised, and second, have means of detecting and responding to compromises. Worrying about what can happen once a system is compromised is pointless, because the answer to that is "anything".

Posted by: Chris Buechler at February 18, 2008 12:49 PM

There are at least few programs that can block or delete keyloggers. They are called 'anti-keyloggers' and there are two basic types of them. The first type are those that have a signature base and the principle of their work is based on scanning of your PC and comparing the files found with the ones that are in anti-keylogger's signature. (As an example you can take a any anti-spyware product).

The second type of anti-keyloggers are those, that use methods of heristic analysis. So the main principle of their work is the behavioral analysis. So, they do not have signatures, as they just don't need them. The main advantage of such kind of signature-based anti-keyloggers is the ability to protect both against known and unknown keyloggers, as they all have the same principle of work. So such kind of anti-keyloggers will help you when the first type of them will not(As an example of behavioral anti-keyloggers you can take PrivacyKeyboard).

Posted by: Anthny at February 18, 2008 8:59 PM

Please have a look at KeyScrambler (there is a free version) at http://www.qfxsoftware.com/ - I would be interested if these comments are applicable to that software. Thx

Posted by: Maurice at February 22, 2008 6:14 PM

I have Key Scrambler Pro. It supposedly "scrambles" your keystrokes when typed. Key Scrambler claims that the only thing that a "keylogger" would get is a bunch of random characters/numbers rather than plain text. I believe it is worth checking out, and/or using.

Posted by: Mike at February 22, 2008 10:40 PM

Check out the free program at http://cloakpass.com as it is portable, free, and has a good web site. It defeats keyloggers and other forms of password problems.

Color me skeptical. Anything installed on your machine can be defeated at some level.

- Leo
14-Jan-2009

Posted by: Dave Vogl at January 13, 2009 8:30 AM

While traveling I need to use unsecure public access computers in the US, Europe and Asia to access financial accounts. I want to go with a secure USB drive solution, but don't know if that exists.

I know that products such as an Iron Drive offer password protection for stored files (how safe is that?) and file encryption. If I activate the "Remember Me" function on the various sites using the portable browser from Firefox it seems that I would only need to enter a password, which raises the keylogger issue.

I have heard of but am not familiar with the use of images for passwords. Can you comment on this and any existing applications for that purpose?

Does that seem to improve safety from keylogger capture and later account penetration?

Some, but not really. If a keylogger is installed on the system you're using, it could easily log whatever keys or mouse movements you use to access whatever is on your thumbdrive. If you *boot* from the thumbdrive, a hardware keylogger could still collect everything. Public access computers are scary.

- Leo
20-Apr-2009

Posted by: Martin Welfeld at April 19, 2009 10:06 PM

Post a comment on "Is there a way to bypass keyloggers?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure