Saturday, November 1, 2008

Will the onscreen keyboard defeat key loggers?

Will the onscreen keyboard defeat key loggers?QUESTION:Queston [in regard to the "How to enable the onscreen keyboard" article in the October 21 issue of WXPnews]: If we use this function on a private or public PC are we still at risk if a keylogger is installed on the machine? I was thinking about log-in information being copied. - Steve K.ANSWER:That's a good question, and the answer is "it depends." There are different types of key loggers. Some are physical (hardware) devices, called inline loggers, that plug in between the keyboard and the computer like this: http://www.wxpnews.com/LL10M5/081028-KeyloggerBecause it captures to a built in memory chip what you input to the hardware keyboard before that information reaches the PC itself, using the onscreen keyboard would prevent this. There are also wireless keystroke loggers that work by picking up the signals sent by a wireless keyboard. There are even acoustic keyloggers that analyze the sound of your typing (each character on a keyboard makes a slightly different sound). In these cases, too, using an onscreen keyboard would defeat the logger. However, many keyloggers are software programs that run in the background and can record the characters sent from the onscreen keyboard to the application in which you're typing. Web-based onscreen keyboards provide more protection than the onscreen keyboard built into the OS or one installed on the computer as a program, but some keylogging programs may still be able to capture the data.
The best way to prevent key logging is to run detection software. Like other anti-malware programs, the software can use signatures and/or heuristics and behavioral analysis to find and block key loggers. Anti-spyware programs such as CounterSpy and VIPRE detect key loggers. A "poor man's" method of preventing a keylogger from intercepting logon credentials is to copy and paste them into the dialog box or web form instead of typing them. This is especially useful on public computers where you can't install anti-spyware software. Carry a USB flash drive containing a text document with your credentials on it and you can copy and paste from it. Note, though, that there are also spy programs that capture a screenshot instead of logging keystrokes and this would not prevent those from capturing your credentials.

No comments: