Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Defeating Keystroke Logging Programs ?

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 06-18-2007
Paul
 

Posts: n/a
Defeating Keystroke Logging Programs ?
Hello everyone,

I came across someone's idea (printed below) on how to defeat keystroke
logging programs, it seems like a good idea. What do you all think ? Is
there another perhaps better way ? Other than keeping your antivirus and
antispyware up to date, of course.

Also, what about on screen keyboards ? (Ie. type osk.exe in the "run" menu)
Are they effective ? Here, you don't even use the keyboard at all !

*** excerpt of person's idea ***

But there’s a completely simple way to defeat them, based on the fact that a
keylogger doesn’t know where on the page the focus is when you’re typing — it
has no context, it just has what is typed.

So, next time you login from a public internet terminal or somewhere else
you want to make sure your keystrokes aren’t being logged, do this —

Put the focus on the password field, and type one character. Then click
somewhere else on the page — open Notepad if you have to — and type a bunch
of random characters. Then, click back in the password field, and type
another character. Repeat until your password is complete.

Extremely simple, extremely effective. Without the context of where the
focus was when you were typing, the resulting string of characters is useless.

From this report at Alta Vista Security Group. Via Metafilter.

**** end of excerpt ****

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 06-18-2007
Alun Harford
 

Posts: n/a
Re: Defeating Keystroke Logging Programs ?
Paul wrote:
> Hello everyone,
>
> I came across someone's idea (printed below) on how to defeat keystroke
> logging programs, it seems like a good idea. What do you all think ? Is
> there another perhaps better way ? Other than keeping your antivirus and
> antispyware up to date, of course.
>
> Also, what about on screen keyboards ? (Ie. type osk.exe in the "run" menu)
> Are they effective ? Here, you don't even use the keyboard at all !


The onscreen keyboard completely emulates keyboard events, and just
looks like a normal keyboard to your programs (good and bad). This means
the key presses will still be captured normally.

> *** excerpt of person's idea ***
>
> But there’s a completely simple way to defeat them, based on the fact that a
> keylogger doesn’t know where on the page the focus is when you’re typing — it
> has no context, it just has what is typed.


Faulty axiom. A keylogger can easily know which control has the focus,
and most keyloggers do track focus changes.

Sorry. Doesn't work :-(

Alun Harford
Reply With Quote
  #3 (permalink)  
Old 06-19-2007
Paul
 

Posts: n/a
Re: Defeating Keystroke Logging Programs ?
I didn't know this. So, if I understand you correctly, the keylogger can
tell which keystrokes are actually used by the application and how they are
used, and which keystrokes are "thrown on the floor".

I order to do this, doesn't the keylogger have to log a picture of the
website as well ?

Paul
____________________________________

"Alun Harford" wrote:

> . . .
> > *** excerpt of person's idea ***
> >
> > But there’s a completely simple way to defeat them, based on the fact that a
> > keylogger doesn’t know where on the page the focus is when you’re typing — it
> > has no context, it just has what is typed.

>
> Faulty axiom. A keylogger can easily know which control has the focus,
> and most keyloggers do track focus changes.
>
> Sorry. Doesn't work :-(
>
> Alun Harford
>

keystroke logging keypress log
Reply With Quote
  #4 (permalink)  
Old 06-19-2007
Alun Harford
 

Posts: n/a
Re: Defeating Keystroke Logging Programs ?
Paul wrote:
> I didn't know this. So, if I understand you correctly, the keylogger can
> tell which keystrokes are actually used by the application and how they are
> used, and which keystrokes are "thrown on the floor".
>
> I order to do this, doesn't the keylogger have to log a picture of the
> website as well ?


No. It just has to log the handle of the windows control that has the
focus when the user types each key.

Alun Harford
Reply With Quote
  #5 (permalink)  
Old 06-19-2007
Emill
 

Posts: n/a
Re: Defeating Keystroke Logging Programs ?
Just a thought, because I don't know anything about keyloggers, but can they
be tricked by typing text into the appropriate field, selecting all (or a
part) of the text via the mouse and just replacing text that way as you go
(the window in question never looses focus)???
Emill

"Alun Harford" <devnull@alunharford.co.uk> wrote in message
news:e63ZbAnsHHA.4916@TK2MSFTNGP05.phx.gbl...
> Paul wrote:
>> I didn't know this. So, if I understand you correctly, the keylogger can
>> tell which keystrokes are actually used by the application and how they
>> are used, and which keystrokes are "thrown on the floor".
>>
>> I order to do this, doesn't the keylogger have to log a picture of the
>> website as well ?

>
> No. It just has to log the handle of the windows control that has the
> focus when the user types each key.
>
> Alun Harford
>


Reply With Quote
  #6 (permalink)  
Old 06-19-2007
Cy!on
 

Posts: n/a
Re: Defeating Keystroke Logging Programs ?

> "Alun Harford" <devnull@alunharford.co.uk> wrote in message
> news:e63ZbAnsHHA.4916@TK2MSFTNGP05.phx.gbl...
>> Paul wrote:
>>> I didn't know this. So, if I understand you correctly, the keylogger
>>> can tell which keystrokes are actually used by the application and how
>>> they are used, and which keystrokes are "thrown on the floor".
>>>
>>> I order to do this, doesn't the keylogger have to log a picture of the
>>> website as well ?

>>
>> No. It just has to log the handle of the windows control that has the
>> focus when the user types each key.
>>
>> Alun Harford


"Emill" <emill@eunet.yu> wrote in message
news:1D756D69-02D3-4A5F-80D8-8C33B27898D8@microsoft.com...
> Just a thought, because I don't know anything about keyloggers, but can
> they be tricked by typing text into the appropriate field, selecting all
> (or a part) of the text via the mouse and just replacing text that way as
> you go (the window in question never looses focus)???
> Emill


You could get around it by typing the end of the password, clicking to the
start and entering the start of the password. Most keyloggers will record
focus and if the moust was clicked but they generally dont know WHERE the
mouse was clicked. So if my password was 12345 i could type 345 click to
the start, type 23, click to the start and type 1. Or you could just
open character map and choose the letters from that or an on-screen
keyboard.

Copy and pasting from another window that already has the words in is
another workaround.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Article - Malware defeating UAC doesn't appear too hard to do Terry microsoft.public.windows.vista.general 1 05-17-2007 01:12
Logging in =?Utf-8?B?YmV0YQ==?= microsoft.public.windows.vista.mail 6 04-29-2007 20:56
Keystroke Biometrics Paul Security News 0 04-23-2007 14:56
Logging In =?Utf-8?B?Y2hhcGFub2lkOA==?= microsoft.public.windows.vista.mail 1 04-08-2007 06:03




All times are GMT +1. The time now is 15:40.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120