ratsrcute Posted January 28, 2010 Report Share Posted January 28, 2010 I have been wondering about how illicit key loggers work, the ones that try to grab passwords, and wondering if there would be a simple way to defeat them based on how you type in a password. This is mostly a question of curiosity about security techniques. The best thing to do is make sure you don't have a worm or trojan at all.Most people type their password once into the box.I was thinking, you could type part of it, then switch to another window and type gibberish, then switch back and type the rest of it. That might confuse the keylogger. Or you type some of it and *paste* some of it (with ctrl-v). You could do enter wrong characters, then use the arrow keys to back up and delete them.You could make the process of entering your password arbitrarily complex. But would this defeat the keylogger? It seems to me that it depends on how the keylogger works. If the keylogger is able to spy into the window widget that is receiving the password and inspect its contents, then none of this would confuse it. It would simply register the last set of contents before submitting the password, just as the application would do.However, if the keylogger is just tracking key sequences and has no insight into (1) when the active window changes, (2) what is on the clipboard, etc. then it would be very easy to fool it. Quote Link to comment Share on other sites More sharing options...
andsome Posted January 28, 2010 Report Share Posted January 28, 2010 There is a program available on line that I have used for several years. Unfortunately a very few users are finding a problem when using it in Windows 7.Here it is.What I do now, as I am one of the few with problems, is to keep all my log in details in a folder on a USB plug in drive. I open the folder for the passwords etc that I need, highlight, copy and then paste into the box on the website in question.Be aware, that if you install Key Scrambler, it will not be visible when you boot up the computer. It will only show when you access the INTERNET, and will tell you that that page is protected. Configure it in Tools/Key Scrambler options, saying where you want it to display, i.e. bottom right or top left etc. When you type pass words etc if you look at the Key scrambler box you will see gibberish instead of what you are typing. Quote Link to comment Share on other sites More sharing options...
ratsrcute Posted January 28, 2010 Author Report Share Posted January 28, 2010 There is a program available on line that I have used for several years. Unfortunately a very few users are finding a problem when using it in Windows 7.Here it is.What I do now, as I am one of the few with problems, is to keep all my log in details in a folder on a USB plug in drive. I open the folder for the passwords etc that I need, highlight, copy and then paste into the box on the website in question.Thanks for the reference to KeyScrambler.. I'm checking it out.But, I'm not quite clear on your answer to my question about how keyloggers work. Do you feel that copying and pasting will defeat a keylogger? If keyloggers are able to spy into the contents of a widget, then they aren't really logging keypresses so much as watching for the contents of the password entry box. Quote Link to comment Share on other sites More sharing options...
MANEMAN Posted January 28, 2010 Report Share Posted January 28, 2010 Hi there and I have been wondering about how illicit key loggers work There is a very good article on keyloggers here: **Keyloggers**And some more articles here: ** More about Keyloggers **John. Quote Link to comment Share on other sites More sharing options...
ratsrcute Posted January 30, 2010 Author Report Share Posted January 30, 2010 Another possibility, for those who have two computers, is to use remote desktop to log into your other computer before typing any sensitive passwords/credit card. I don't know how well that would work. Quote Link to comment Share on other sites More sharing options...
MANEMAN Posted February 2, 2010 Report Share Posted February 2, 2010 Another possibility, for those who have two computers, is to use remote desktop to log into your other computer before typing any sensitive passwords/credit card. I don't know how well that would work. Thanks for the reply.There are 676,000 further links on the Google page I gave you. I bet somewhere on there it would tell you how well your idea would work.John. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.