Helping people with computers... one answer at a time.
It sounds counter-intuitive, but avoiding your keyboard will not bypass keyloggers. I'll look at why, and what you need to do instead.
Will this work to fool key loggers? On the desktop, create a notepad (or similar) text file that contains your login names and passwords. Then use ONLY the mouse's "right-click" to copy-paste your entry data from notepad to your internet login. The keyboard is never used since nothing is ever typed real-time. And never save password or form data in IE's, FireFox, ... options. Could this fool key loggers?
I know it sounds completely counter-intuitive or backwards, but ... no, avoiding the keyboard will not necessarily keep you safe from keyloggers.
And that's a reflection of just how sophisticated these forms of malware have become.
As one hint, don't let the term "keystroke logger" fool you.
The reason is actually pretty simple: software that's tracking what you're doing will often track much more than just keystrokes. While we might still refer to them as "keystroke loggers", the reality is that they're much more appropriate called "activity loggers".
Or just plain spyware.
Let's use your idea: in addition to logging keystrokes, activity monitoring software might actually record a screen image at every mouse click. Thus every time you copy or paste using only the mouse, a screen image is captured that shows exactly what you copied and pasted. (Many parental monitoring software packages do something similar.)
In your case, that screen image might even include much more: like the text file you have open to copy from, containing all your logins and passwords.
As you can see this renders not only your copy/paste solution vulnerable, but using an on-screen keyboard - another common suggestion - becomes just as vulnerable.
And it doesn't have to be just keystroke logging or screen capture. Spyware can insert itself anywhere in your system - from a malicious toolbar that has access to everything you do within the browser to a malicious driver that sees everything that's being sent and received via your network, perhaps even before being encrypted for https connections.
Now of course many rudimentary or simple key stroke loggers may capture only keystrokes, and will be thwarted by the approach that you've laid out. I suppose that means that my answer should really be "yes, sometimes".
The problem is how do you know when "sometimes" is? How do you know when the "simple" kind of keylogger is installed versus a more comprehensive activity monitor? (And if you suspect that either is, why are you using the machine at all?)
The only absolutely safe answer is that no, your approach will not work with all key loggers and activity monitoring software. You cannot assume you're safe by "techniquing" your way around activity loggers.
Keep your machine safe, and avoid using machines that may not be. If you must use questionable machines, never use them for anything even remotely personal.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.