Is there a way to bypass keyloggers?

Helping people with computers... one answer at a time.

Ask Leo! » Viruses and Malware » Malware Prevention

Keystroke loggers can log a lot more than just keystrokes. We'll look at a couple of ideas for bypassing them, and the chances that you can.

Is there a way to bypass keyloggers? Suppose you go offline (file, work offline) to type in the password and go back online to submit the web page? Or suppose you use the on screen keyboard to enter the password or copy and paste the password?

•

Yes, no and maybe.

It all depends on the specific keylogger, but the answer is mostly no.

In fact, that's the only answer you can really depend on.

Let's look at your suggested work-arounds and why for the most part they might not work.

•

First off, a quick definition: a keylogger is spyware that does exactly what its name implies: it "logs" or records your keystrokes. Thus when you type in your user name and password to a web site or anything else, the keystrokes are recorded, the information saved, and somehow made available to the hacker that put the keylogger there.

Keyloggers can work several different ways:

They can send each keystroke immediately to some remote listener over the internet.
They can collect each keystroke in a temporary file, and then periodically upload that file to the author's location over the internet.
They can collect each keystroke in a temporary file, and much like a spam bot, listen for and receive instructions from the author - in other words the logger could upload the collected information when requested.
The collected keystrokes could never be uploaded. Instead, if someone has remote access to your machine, or ever worse physical access to your machine, they could simply come by and copy the information manually.
Finally, the information may not even be kept on your machine. There are hardware keyloggers that include a little flash memory and can be quickly inserted in between keyboard and computer to capture all the data. Some time after installing the person behind it stops by and picks up the device containing all your information.

"By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place."

Your "File, Work Offline" approach won't work because that's an instruction specifically to Internet Explorer or the application that has that option. Keystroke loggers are not going to play nicely by paying attention to that setting.

But even if they did, or even if you physically pulled the internet connection from the back of your machine, all but the first of those approaches will still work. They'll quietly collect data and then send it when an internet connection is available, or by some other means.

Now, let's look at exactly what a keystroke logger can log.

The most common, as the name would indicate, is keystrokes. Loggers typically do this by hooking into the keyboard driver, or some other low-level point within Windows where they can see each keystroke as it's being typed.

However, loggers can log other things as well, or use a different technique to log keystrokes. For example, rather than hooking into the "sending" device, like the keyboard, they can hook into the "receiving" software.

It's a little more complicated, but to use your copy/paste ideas as an example the logger could hook into all the data entry fields on a web page - including the password field. Then, when you hit "paste" it "sees" not the fact that you hit paste, but rather it sees the actual data that you're pasting in: your password.

There's another complication as well. By using the on-screen keyboard I'll assume you're using your mouse to "type". A sophisticated logger could easily:

Log your mouse movement and clicks
Take a screen shot each time you click

With those two alone the logger can see exactly what you "typed" by using the on-screen keyboard.

As you can see, a keystroke logger can log a lot more than just keystrokes.

The bottom line is simply this: you should never assume there's a way to bypass keystroke loggers. They could easily be more sophisticated than your attempts to work around them.

By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place.

Article C3294 - February 18, 2008

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?
Ask Leo! - Spyware: How do I remove and avoid spyware?
Ask Leo! - Are there hidden files that save every keystroke I've ever typed, and how do I find them?

Recent Comments

18 Comments

I DID read the article but it doesn't address the issue of keyscrambler. Do YOU know what keyscrambler does? If so, why wouldn't it work to thwart key loggers?

a) Keyloggers log more then keystrokes. b) Keyloggers can insert themselves infront of keyscrambler to catch the unscrambled keystrokes as entered. c) Keyloggers can insert themselves after keyscrambler to catch the unscrambled keystrokes as they are passed to the application that needs them. d) Keyloggers can act as malware and capture the data as it passes throught the application and out to the network.

04-Mar-2011

Posted by: MK at March 1, 2011 11:21 AM

I use a piece of free software called Keyscrambler (I'm using IE 9), this encrypts all login details/passwords as I am entering them. Obviously I use a security suite (Microsoft Security Essentials) plus Threatfire free version for backup but I like this add-on for a little additional security ;o)

As noted in the article and in my replies on other comments there is no tool that will protect you from sufficiently sophisticated keyloggers or malware. I'm concerned that people are getting a false sense of security and as a result dropping their guard.

04-Mar-2011

Posted by: Saetana at March 1, 2011 10:34 PM

I look for comments on my method but yet to see anything. I don't know if it works or not. I have all my passwords in a simple text file, which is then protected by a long, complex pw. Okay, i know that can probably be cracked.

However, I do things differently. One, the user name\site and password do not line up. The username\site might be line one, but the pw for that site is line 25. No two line up.

Two, I copy the pw's and then paste them into the site. I do not use keystrokes. So, would that defeat loggers?

Opinions?

There is no technique that is guaranteed to bypass keyloggers. Copy/Paste in particular is no good, as all the keylogger needs to do is trivially capture the copy of the clipboard when you hit paste.

04-Mar-2011

Posted by: robertpri at March 2, 2011 11:20 AM

PC security at the moment is terrible ....
Both MS and Intel know this ..
The future is possibly embedding the operating system into the CPU as read only .

Physical key loggers and wireless sniffers also need work....even so criminals are not about to give up yet.

Posted by: johnpro2 at March 8, 2011 2:27 PM

Several banks including mine suggest their customers install Trusteer Rapport to provide a potentially useful additional security level. As you point out, no single approach is perfect, but I think it's beneficial to at least some degree, and its overhead is negligible. Their help desk is articulate and actually helpful from my limited personal experience.

Took a quick look at its product page and I don't see any mention of keystroke logger protection. It does appear to do some valuable things, but your bank must support it.

13-Mar-2011

Posted by: chesscanoe at March 12, 2011 6:27 PM

See all 18 comments...

Post a comment on "Is there a way to bypass keyloggers?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/is_there_a_way_to_bypass_keyloggers.html