Helping people with computers... one answer at a time.

Keystroke loggers can log a lot more than just keystrokes. We'll look at a couple of ideas for bypassing them, and the chances that you can.

Is there a way to bypass keyloggers? Suppose you go offline (file, work offline) to type in the password and go back online to submit the web page? Or suppose you use the on screen keyboard to enter the password or copy and paste the password?

Yes, no and maybe.

It all depends on the specific keylogger, but the answer is mostly no.

In fact, that's the only answer you can really depend on.

Let's look at your suggested work-arounds and why for the most part they might not work.

First off, a quick definition: a keylogger is spyware that does exactly what its name implies: it "logs" or records your keystrokes. Thus when you type in your user name and password to a web site or anything else, the keystrokes are recorded, the information saved, and somehow made available to the hacker that put the keylogger there.

Keyloggers can work several different ways:

  • They can send each keystroke immediately to some remote listener over the internet.

  • They can collect each keystroke in a temporary file, and then periodically upload that file to the author's location over the internet.

  • They can collect each keystroke in a temporary file, and much like a spam bot, listen for and receive instructions from the author - in other words the logger could upload the collected information when requested.

  • The collected keystrokes could never be uploaded. Instead, if someone has remote access to your machine, or ever worse physical access to your machine, they could simply come by and copy the information manually.

  • Finally, the information may not even be kept on your machine. There are hardware keyloggers that include a little flash memory and can be quickly inserted in between keyboard and computer to capture all the data. Some time after installing the person behind it stops by and picks up the device containing all your information.

"By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place."

Your "File, Work Offline" approach won't work because that's an instruction specifically to Internet Explorer or the application that has that option. Keystroke loggers are not going to play nicely by paying attention to that setting.

But even if they did, or even if you physically pulled the internet connection from the back of your machine, all but the first of those approaches will still work. They'll quietly collect data and then send it when an internet connection is available, or by some other means.

Now, let's look at exactly what a keystroke logger can log.

The most common, as the name would indicate, is keystrokes. Loggers typically do this by hooking into the keyboard driver, or some other low-level point within Windows where they can see each keystroke as it's being typed.

However, loggers can log other things as well, or use a different technique to log keystrokes. For example, rather than hooking into the "sending" device, like the keyboard, they can hook into the "receiving" software.

It's a little more complicated, but to use your copy/paste ideas as an example the logger could hook into all the data entry fields on a web page - including the password field. Then, when you hit "paste" it "sees" not the fact that you hit paste, but rather it sees the actual data that you're pasting in: your password.

There's another complication as well. By using the on-screen keyboard I'll assume you're using your mouse to "type". A sophisticated logger could easily:

  • Log your mouse movement and clicks

  • Take a screen shot each time you click

With those two alone the logger can see exactly what you "typed" by using the on-screen keyboard.

As you can see, a keystroke logger can log a lot more than just keystrokes.

The bottom line is simply this: you should never assume there's a way to bypass keystroke loggers. They could easily be more sophisticated than your attempts to work around them.

By far the only sure way to deal with keystroke loggers is simply not allow your machine to be compromised in the first place.

Article C3294 - February 18, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

20 Comments
Chris Buechler
February 18, 2008 12:49 PM

Exactly. This line of questioning is all too common among IT security people even. When a machine is compromised, anything can be done to it including what was outlined above.

You need to first do everything you can to prevent systems from being compromised, and second, have means of detecting and responding to compromises. Worrying about what can happen once a system is compromised is pointless, because the answer to that is "anything".

Anthny
February 18, 2008 8:59 PM

There are at least few programs that can block or delete keyloggers. They are called 'anti-keyloggers' and there are two basic types of them. The first type are those that have a signature base and the principle of their work is based on scanning of your PC and comparing the files found with the ones that are in anti-keylogger's signature. (As an example you can take a any anti-spyware product).

The second type of anti-keyloggers are those, that use methods of heristic analysis. So the main principle of their work is the behavioral analysis. So, they do not have signatures, as they just don't need them. The main advantage of such kind of signature-based anti-keyloggers is the ability to protect both against known and unknown keyloggers, as they all have the same principle of work. So such kind of anti-keyloggers will help you when the first type of them will not(As an example of behavioral anti-keyloggers you can take PrivacyKeyboard).

Maurice
February 22, 2008 6:14 PM

Please have a look at KeyScrambler (there is a free version) at http://www.qfxsoftware.com/ - I would be interested if these comments are applicable to that software. Thx

Mike
February 22, 2008 10:40 PM

I have Key Scrambler Pro. It supposedly "scrambles" your keystrokes when typed. Key Scrambler claims that the only thing that a "keylogger" would get is a bunch of random characters/numbers rather than plain text. I believe it is worth checking out, and/or using.

Dave Vogl
January 13, 2009 8:30 AM

Check out the free program at http://cloakpass.com as it is portable, free, and has a good web site. It defeats keyloggers and other forms of password problems.

Color me skeptical. Anything installed on your machine can be defeated at some level.
- Leo
14-Jan-2009

Martin Welfeld
April 19, 2009 10:06 PM

While traveling I need to use unsecure public access computers in the US, Europe and Asia to access financial accounts. I want to go with a secure USB drive solution, but don't know if that exists.

I know that products such as an Iron Drive offer password protection for stored files (how safe is that?) and file encryption. If I activate the "Remember Me" function on the various sites using the portable browser from Firefox it seems that I would only need to enter a password, which raises the keylogger issue.

I have heard of but am not familiar with the use of images for passwords. Can you comment on this and any existing applications for that purpose?

Does that seem to improve safety from keylogger capture and later account penetration?

Some, but not really. If a keylogger is installed on the system you're using, it could easily log whatever keys or mouse movements you use to access whatever is on your thumbdrive. If you *boot* from the thumbdrive, a hardware keylogger could still collect everything. Public access computers are scary.
- Leo
20-Apr-2009
Rocco
March 23, 2010 4:50 PM

While using "KeyScrambler" I see it does encrypt the keystrokes but the actual Un-crypted keys are still shown on the screen and those can be recorded by spy screen detectors.

Burt Kaplan
March 24, 2010 9:47 AM

What if your pasword is enterted by Dragon Naturally Speaking?

It's still converted to text somewhere, and thus capturable.
Leo
26-Mar-2010

Carlos Coquet
April 13, 2010 3:53 PM

http://ask-leo.com/is_there_a_way_to_bypass_keyloggers.html

Here is a reasonable way to avoid keyloggers and malware of other sorts. At home, I use my notebook computer (Windows XP SP2) for all my work and finances and have a separate (desktop) machine for accessing the Internet. Viri can destroy that machine if they want, I can quickly recreate it from a True Image backup. I transfer anything I want on my notebook computer via flash card or very temporary LAN connection between the two.
I connect my notebook computer to the Internet only to access extremely safe sites, like banking, insurance, and the like and when I am on the road (using Cricketís wireless broadband. I never use someone elseís machine or network to access anything of consequence.)
Seems to work. I have not had a virus issue for years. Then again, it may be in part because even with my desktop (Internet) machine, I donít go to ďpopularĒ places, like networking social sites, music swapping, etc. I once in a while look someone up in FaceBook or visit YouTube. (Itís not a precaution, they just donít interest me.)
A side benefit of using dial-up like Internet access, like wireless services from Cricket, Sprint, Verizon, et al is that each time you reconnect, you get a brand new IP address. That is very useful in many circumstances.

Lee Guptill
August 31, 2010 7:07 AM

This may be a really dumb question, but couldn't you install Captcha on your machine to defeat keystroke loggers?

I don't understand how that would help. Captcha would be performed and the logger would log what you enter thereafter or as part of it.
Leo
02-Sep-2010

lightshadow
September 10, 2010 2:10 PM

* Use one computer (or virtual system) to access the internet (and to update) - it is your sandbox, playground ... etc

* Use another clean computer (or virtual system) to access your trusted online sites.

* Use a third clean and closed computer (or virtual system) to do your work, this computer should only get data files from the outside, and in a secure way (e.g. don't use flash cards, or LAN connections form live system(s). Copy directly from the hardware (e.g. offline hdd), and only the needed data), if your work needs to run an executable or install something, do that on a hosted virtual system, where you install your updates/software, and pass the needed data to be used, remember the third system should be in complete isolation, and never to be connected to the internet or updated :)

play it clean, play it in the shadow.

take care

david
February 23, 2011 12:42 AM

check out lastpass.com Provides a secure vault on your computer where passwords and other sensitive data can be stored. Access to this vault is by master password that requests a further password through a usb key that you buy from lastpass.com This key generates a random one time only password that lets you access the vault. Even if this password is copied it cannot be used again. This means no key - no access.
Once in the vault, a click on the name of the site causes lastpass to automatically log you in - no key strokes whatsoever. Further info from the lastpass site.
Thoroughly recommended. cheers, David

"no key strokes whatsoever." is missleading. These tools work by mimicing keystrokes to the various forms and tools into which the password must be entered. Malware can still capture anything that lastpast (or any other similar tool) can do. They DO NOT bypass advanced keyloggers.
Leo
23-Feb-2011

MK
February 23, 2011 6:45 AM

What about keyscrambler from [link removed]?

No. Read the article.
Leo
23-Feb-2011

MK
March 1, 2011 11:21 AM

I DID read the article but it doesn't address the issue of keyscrambler. Do YOU know what keyscrambler does? If so, why wouldn't it work to thwart key loggers?

a) Keyloggers log more then keystrokes. b) Keyloggers can insert themselves infront of keyscrambler to catch the unscrambled keystrokes as entered. c) Keyloggers can insert themselves after keyscrambler to catch the unscrambled keystrokes as they are passed to the application that needs them. d) Keyloggers can act as malware and capture the data as it passes throught the application and out to the network.
Leo
04-Mar-2011

Saetana
March 1, 2011 10:34 PM

I use a piece of free software called Keyscrambler (I'm using IE 9), this encrypts all login details/passwords as I am entering them. Obviously I use a security suite (Microsoft Security Essentials) plus Threatfire free version for backup but I like this add-on for a little additional security ;o)

As noted in the article and in my replies on other comments there is no tool that will protect you from sufficiently sophisticated keyloggers or malware. I'm concerned that people are getting a false sense of security and as a result dropping their guard.
Leo
04-Mar-2011

robertpri
March 2, 2011 11:20 AM

I look for comments on my method but yet to see anything. I don't know if it works or not. I have all my passwords in a simple text file, which is then protected by a long, complex pw. Okay, i know that can probably be cracked.

However, I do things differently. One, the user name\site and password do not line up. The username\site might be line one, but the pw for that site is line 25. No two line up.

Two, I copy the pw's and then paste them into the site. I do not use keystrokes. So, would that defeat loggers?

Opinions?

There is no technique that is guaranteed to bypass keyloggers. Copy/Paste in particular is no good, as all the keylogger needs to do is trivially capture the copy of the clipboard when you hit paste.
Leo
04-Mar-2011

johnpro2
March 8, 2011 2:27 PM

PC security at the moment is terrible ....
Both MS and Intel know this ..
The future is possibly embedding the operating system into the CPU as read only .

Physical key loggers and wireless sniffers also need work....even so criminals are not about to give up yet.

chesscanoe
March 12, 2011 6:27 PM

Several banks including mine suggest their customers install Trusteer Rapport to provide a potentially useful additional security level. As you point out, no single approach is perfect, but I think it's beneficial to at least some degree, and its overhead is negligible. Their help desk is articulate and actually helpful from my limited personal experience.

Took a quick look at its product page and I don't see any mention of keystroke logger protection. It does appear to do some valuable things, but your bank must support it.
Leo
13-Mar-2011

Kevin
November 30, 2012 9:37 AM

You can defeat the key-logger with a sandbox.

No you cannot. There certainly can be keyloggers that will still log sandboxed operations.
Leo
01-Dec-2012

Zitany Niel
January 24, 2013 12:27 AM

I think the most easy and secure way to bypass keylogger is to boot up the machine in safe mode. This will not allow keylogger to run. The you can selectively start and use the specific program you want.

This is simply not true. Keyloggers (and any malware for that matter) can certainly insert themselves into safe mode.
Leo
24-Jan-2013

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.