Basic Computer Security/Malware/Spyware/Avoiding Keyloggers

From Wikibooks, open books for an open world
Jump to navigation Jump to search

General[edit | edit source]

Keylogging is the recording of a computer user's keystrokes. It is used at times by thieves to steal internet passwords and bank details, mainly during web-page data entry. This page describes a method to confuse their normal functions.

The Threat[edit | edit source]

Keyloggers are software products that infect computers. They can be implemented by hard-wired circuit design in the keyboards themselves, but this page applies to the software versions. Good anti-virus software will detect keyloggers and remove them, but every once in a while there is an omission in the virus-signature package and a keylogger persists for a while.

The main problem is to avoid the keylogger getting your typed information. That is, when you enter text on a web page. Fortunately, many loggers have limitations and a method exists, if not to prevent it trying, at least to give it an obstructively hard time with your most sensitive passwords.

Dodging the Keylogger[edit | edit source]

A keylogger detects only which keys were pressed. It does not know where the insertion point is located at the time. That is to say, if instead of having the insertion point, the cursor, in the text box of interest, it were placed somewhere else on the page, most keyloggers could not detect the fact. If, when off the text box, twenty or so characters were typed, the keylogger would quite happily record these as if they had been typed into the box.

The web-page on the other hand, will consider only the characters typed into the text box, so will work as intended.

The method to use is therefore this:

  • Before starting the password entry click the mouse outside the text box somewhere else on the web-page. Type a string of data that resembles the type that you use for the text field, for example, digits, letters, or mixed etc.
  • Then click the mouse inside the text field and type the first character of your password.
  • Click somewhere on the page again and enter dummy characters, lots of them.
  • Back into the text field again, and type another password character, then back out to do dummy data. Move back and forth entering dummy data and password characters until the password is complete.
  • After the password is completed move the mouse insertion point outside the field again and add a dummy tail-piece in the same way as before.

The user can decide how much dummy data is needed and how many real characters can be typed at a time. The main point is to make sure that the characters of the password and the sections before and after the password are padded thoroughly with data indistinguishable from that used for the password itself.

Any intruder will be faced with a very long string of key-presses to resolve, while the password will work in the normal way.

Advanced Keyloggers[edit | edit source]

Some more advanced keyloggers, not sure which ones, are said to be able to make images of the screen after each key-press. In this way they can get around the more basic loggers' limitations. The process is still undoubtedly more complex with an increased data string, but it is unclear as to whether a large set of images would be detected by the user, or what form the detection could take.

See also[edit | edit source]

External links[edit | edit source]