Spyware, Viruses, & Security forum

General discussion

Defeat keyboard loggers?

by dromel / January 24, 2007 3:29 PM PST

Like most people I do financial transactions on line. The most critical vulnerability that I haven't been able to address is the possibility of a stealth keyboard logger emailing websites and passwords.
I know that firewalls and anti-virus/Trojan programs can be defeated.
Is there a way to positively defeat this threat? Perhaps a program that uses mouse clicks rather than keyboard transmissions?
Any suggestions?

Post a reply
Discussion is locked
You are posting a reply to: Defeat keyboard loggers?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Defeat keyboard loggers?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Defeating DIY Hardware Keyloggers
by Marianna Schmudlach / January 24, 2007 3:37 PM PST
Collapse -
Thank you
by dromel / January 24, 2007 4:03 PM PST
In reply to: Anti-Keyloggers

Thank you for your quick and impressive response. First, there is more information here then I can assimilate at 3:00 AM, and secondly, I'm not the only nocturnal person on this forum.

Even at a quick scan of these sites, I can see that the WinXP on screen keyboard won't work, nor will a cut and paste from a text file. Obviously I will need to do more research. Any direction that you favor?

Thanks

Collapse -
An ounce of prevention...
by tomron / January 24, 2007 9:53 PM PST
In reply to: Thank you

All though the castle cops link that Marianna provided is reputable then this LINK you might consider installing some kind of prevention program.

Tom

Collapse -
Best advice
by usrhlp / January 25, 2007 7:13 PM PST

When you get your computer set up the first time press CONTROL + SHIFT + ESCAPE and take a note of the running processes.

When you install another piece of software that you know to be good, do the same, take a note of running processes.

Then when you go to a financial site, press CTRL + SHFT + ESC and check what is running, if there is something that does not look right google the process name and find out what it is!

Also check your IE addons, they can be housed in there sometimes too.

Collapse -
Thwarting keyloggers; editing processes vs encryption
by scottscreek0 / January 26, 2007 1:04 AM PST
In reply to: Best advice

The advice to check what processes are running and then Googling each to see if it's valid is too labor intensive to be practical. I just checked my Task Manager, for instance, and found I have 64 processes running. Surely there must be an easier solution.

I use WPA-PSK encryption on my home wireless network. Isn't that enough to thwart keyloggers?

Collapse -
ahahahha
by usrhlp / November 7, 2007 6:23 PM PST

You are the exact problem IT people need to address.

WPA has nothing at all to do with keyloggers.

Is it too labour intensive to ensure your financial details are secure and safe or are you happy to think that something totally unrelated to what you are doing is going to protect you from being hacked?

The only sure fire way is to do as i said. Otherwise id not have said it.

Collapse -
Arrrrr.
by R. Proffitt Forum moderator / November 7, 2007 10:50 PM PST

Thar be booty to be plundered!!

Collapse -
Simple Method
by Rickybee / January 25, 2007 10:18 PM PST

If you are on an unknown computer and want to enter a password for a site use the on-screen keyboard. Every windows computer should have one installed by default, on XP it is in Start - All Programs - Accessories - Accessibility.
If you don't actually use the keyboard to enter the password then that should defeat just about any keylogger, hardware or software.

Collapse -
Onscreen keyboard does not stop software keylogging
by Sith840 / January 26, 2007 1:13 AM PST
In reply to: Simple Method

A software keylogger is attached to the keyboard API DLL. This is at the kernel level. The on-screen keyboard feeds through this. Other than websites which produce their own Java keyboard (which then never goes through the keyboard api), you have to find the keylogger using anti-malware software. The onscreen one is only good for hardware loggers (which are quite rare - someone has to plug it into the cable).

Collapse -
Clarification from Rickybee Please
by bravexrt-21528481674069743872794683923763 / January 26, 2007 1:47 AM PST
In reply to: Simple Method

Rickybee,

Are you saying If you don't actually use the keyboard to enter the password then that SHOULD defeat just about any keylogger, hardware or software.?

Or are you saying If you don't actually use the keyboard to enter the password then that WILL defeat just about any keylogger, hardware or software.?

Unfortunately SHOULD is not an adequate answer. I can get that from any $7/hr Cirsuit City employee.

If you are not Positive then you shouoldn't Post such an answer. If you are Positive then thank you & I will use your suggestion from here on out. Please advise.

Collapse -
Keylogger
by micker377 / January 26, 2007 2:53 AM PST

I'm using a program called "KeyScrambler" (http://www.qfxsoftware.com/). Don't know if it helps, but it's free and it does popup to say if the page is protected or not.

Collapse -
Keyscrambler
by sundancer245 / January 27, 2007 11:17 PM PST
In reply to: Keylogger

KeyScrambler is the way to go. It works in FireFox and IE. You can get it on the Mozilla Web Site.

Collapse -
Keyscrambler
by phil66 / January 28, 2007 1:20 AM PST
In reply to: Keyscrambler

The reviews on Firefox are not as impressive as your views of this software.

Seems like more problems than benefits in this software.

Why do you like it so much?

Ray

Collapse -
Keylogger
by bravexrt-21528481674069743872794683923763 / January 28, 2007 5:08 AM PST
In reply to: Keyscrambler

My question, as a followup, would be what are its limitations since a free version won't ever be as adequate as a paid version. I suppose you are limited to the amount of upgrade versions, as hackers continue their ever-vigilant dastardly deeds.

Collapse -
Still waiting for someone to tell me why.
by scottscreek0 / February 1, 2007 8:56 PM PST
In reply to: Keylogger

I'm still waiting for someone to explain why my McAfee firewall and anti virus progams coupled to a network encrypted using WPA is not enough? I would suggest as a non-technical computer user who banks and manages his mutual funds online, that they are effective and adaquate.

Collapse -
Re: Still waiting for someone to tell me why.
by mrhex / February 9, 2007 9:46 PM PST

A firewall will help you to see outgoing/incoming connections to your computer. If the firewall is properly cofigured, then any spyware should be stopped. An up to date anti-virus does help with identifying malware. The key here is making sure that you keep your definitions up to date.

However, WPA-PSK will not protect your from malware. It will protect you from someone using a wireless packet sniffer. WPA has nothing to do with a keyboard sniffing program.

Collapse -
Beating Keyloggers - low tech solution
by er20194 / July 29, 2009 2:30 AM PDT

Its not the best, but when I am on a PC I don't trust (all of them.... I'm a Mac guy) and I get a user id / password prompt, I alternate between the two fields. I enter the first few characters of the user id, then mouse over to the pawword and do a few characters of that, maybe throw in a random backspace, switch back to the user id field and complete and then back to password

So if my user name / password is ABCDE and 12345 the key stroke logger would see AB12CDE345 which might be enough to throw off the simple minded .

Any thoughts on the efficacy of this approach?

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.