Helping people with computers... one answer at a time.
It sounds counter-intuitive, but avoiding your keyboard will not bypass keyloggers. I'll look at why, and what you need to do instead.
Will this work to fool key loggers? On the desktop, create a notepad (or similar) text file that contains your login names and passwords. Then use ONLY the mouse's "right-click" to copy-paste your entry data from notepad to your internet login. The keyboard is never used since nothing is ever typed real-time. And never save password or form data in IE's, FireFox, ... options. Could this fool key loggers?
•
No.
I know it sounds completely counter-intuitive or backwards, but ... no, avoiding the keyboard will not necessarily keep you safe from keyloggers.
And that's a reflection of just how sophisticated these forms of malware have become.
As one hint, don't let the term "keystroke logger" fool you.
•
The reason is actually pretty simple: software that's tracking what you're doing will often track much more than just keystrokes. While we might still refer to them as "keystroke loggers", the reality is that they're much more appropriate called "activity loggers".
Or just plain spyware.
Let's use your idea: in addition to logging keystrokes, activity monitoring software might actually record a screen image at every mouse click. Thus every time you copy or paste using only the mouse, a screen image is captured that shows exactly what you copied and pasted. (Many parental monitoring software packages do something similar.)
In your case, that screen image might even include much more: like the text file you have open to copy from, containing all your logins and passwords.
As you can see this renders not only your copy/paste solution vulnerable, but using an on-screen keyboard - another common suggestion - becomes just as vulnerable.
And it doesn't have to be just keystroke logging or screen capture. Spyware can insert itself anywhere in your system - from a malicious toolbar that has access to everything you do within the browser to a malicious driver that sees everything that's being sent and received via your network, perhaps even before being encrypted for https connections.
Now of course many rudimentary or simple key stroke loggers may capture only keystrokes, and will be thwarted by the approach that you've laid out. I suppose that means that my answer should really be "yes, sometimes".
The problem is how do you know when "sometimes" is? How do you know when the "simple" kind of keylogger is installed versus a more comprehensive activity monitor? (And if you suspect that either is, why are you using the machine at all?)
The only absolutely safe answer is that no, your approach will not work with all key loggers and activity monitoring software. You cannot assume you're safe by "techniquing" your way around activity loggers.
Keep your machine safe, and avoid using machines that may not be. If you must use questionable machines, never use them for anything even remotely personal.
Article C4227 - March 21, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
i tried to install the http://www.qfxsoftware.com/Download.htm on my vista 32 bit , firefox and IE 8, but it failed, then i looked at the file installation better and it tries to put it in one of your own files why is that? I emailed support but they never answered that question.
Then why do you first say this software is not good to use, then you suggest it?
tks
29-Mar-2010
Posted by: dan at March 28, 2010 7:07 PM
I remember one of my friends telling me that he can fool the keylogger by using a combination of Keyboard and mouse clicks.
He used to enter his password with some mistakes and then he clicked in between characters using mouse and then fixing the mistakes and then press the Sign In/ Log in button.
Can you tell me how safe is this approach?
31-Mar-2010
Posted by: Waqar Mushtaq at March 30, 2010 10:44 PM
I thought I was safe using Roboform-to-Go, both at home and at internet cafes while travelling. Now I guess not so! How should you connect with your bank while traveling?
02-Apr-2010
Posted by: Edward Satterblom at March 31, 2010 8:04 AM
This reply is for Ben:
Posted by: Chris Dell at April 2, 2010 5:59 AMI suspect that the "Vista defender" that you mentioned was possibly a malware program trying to entice you to install it on your system using the scare tactic of having found numerous threats on your computer. The program I think it was trying to imitate was WINDOWS Defender, which is an antispyware program that in part of the Vista OS. I use Windows Defender regularly to scan my computers.
Be very wary of any program offering "free" scans of your computer; most times they are either malware looking for a victim, or sometimes a real vendor just looking for a sale. These programs often have names that are so close to the original & legitimate program, and we have to really be careful when considering using that software. I have seen names that only differ by 1 letter or number from the original.
Chris
GET VISTA DEFENDER OFF YOUR SYSTEM! Just do a Google search on "vista defender" and you'll see what I mean. Do NOT go to any financial sites as long as that thing is on your system and do NOT listen to whatever it tells you to do.
Posted by: Bill at April 3, 2010 9:42 AM