Tuesday, February 05, 2008

Keyloggers protection

Keylogging works by recording the keystrokes you type on the keyboard to a log file that can be transmitted to a third party. Keyloggers can capture user names, passwords, account numbers, social security numbers or any other confidential information that you type using your keyboard.

There are two types of Keystroke loggers:

  • Hardware key loggers are devices that are attached to the keyboard cable or installed inside the keyboard. There are commercially available products of this kind, even dedicated keyboards with key logging functionality.
  • Software key loggers are usually simple programs that can capture the keystrokes the user is typing, They can also record mouse clicks, files opened and closed, sites visited on the Internet, etc. A more advanced type of key loggers can also capture text from windows and make screenshots of what displayed on the screen.
While writing keylogging programs is simple, a different matter is installing it inside the victim's computer without getting caught and downloading the data that has been logged without being traced.

The best protection against keyloggers is to avoid them in the first place.
A few golden rules:
  • Use a Firewall
  • Use an Anti-virus program
  • Use an Anti-spyware program
  • Never click on links sent by unknown people and be very careful of the known ones since their address might be faked. If in doubt, check the e-mail headers.
  • Never execute attachments on e-mails that are executable files (EXE, COM, SCR, etc). No exceptions here.
  • Never execute programs from the Internet that lack a security certificate. Except from Microsoft update and very few others, there should be no reason for executing any programs from the web.
  • Run a virus and spyware check on ALL files that come from external sources (USB pen, DVDs, etc)
Additional measures that can be taken are:
Monitoring what programs are running on your computer
Monitor your network whenever an application attempts to make a network connection.
Use an automatic form filler programs that prevent keylogging since they're not using the keyboard.

There are commercially available anti-keyloggers, but if you're looking for a free alternative try Spybot Search & Destroy, a freeware tool that does a pretty decent job at detecting all kinds of spyware:

Windows Defender, a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware: http://www.microsoft.com/athome/security/spyware/software/default.mspx

The Sysinternals web site hosts several utilities to help you manage, troubleshoot and diagnose Windows systems and applications.
File & DiskFile and Disk Utilities

Utilities for viewing and monitoring file and disk access and usage.

NetworkingNetworking Utilities

Networking tools that range from connection monitors to resource security analyzers.

ProcessProcess Utilities

Utilities for looking under the hood to see what processes are doing and the resources they are consuming.

SecuritySecurity Utilities

Security configuration and management utilities, including rootkit and spyware hunting programs.

SystemSystem Information

Utilities for looking at system resource usage and configuration.

MiscellaneousMiscellaneous Utilities

A collection of diverse utilities that includes a screen saver, presentation aid, and debugging tool.


In this article:
http://www.lazybit.com/index.php/a/2007/03/01/free_keylogger_protection
Alex provides some free and valuable advice about keylogging protection such as using the on-screen keyboard available in W2000 and XP that can be launched by executing "osk" or the technique of mouse highlighting and overwriting.

Or you can also download Click-N-Type virtual keyboard free from:
http://www.lakefolks.org/cnt/

Click for other popular layouts

Also worth reading is Wikipedia's article on Keystroke logging:
http://en.wikipedia.org/wiki/Keystroke_logging

4 comments:

TyVa said...

I usually recommend to all my friends and clients to use PrivacyKeyboard(http://www.anti-keylogger.com). It uses the methods of heuristic analysis and has no signature base, so it is always 100% effective, do not require frequent updates and protects against all the known and unknown keyloggers.

laparanoia said...

Speaking of keyloggers, Spybot - Search & Destroy latest update protects against the following Keyloggers:
+ Perfect Keylogger
+ Ardamax
+ Elite Keylogger

http://www.safer-networking.org/

1001 Webs said...

PrivacyKeyboard's features look very promising:

* No signature base;
* Protection against windows text capturing;
* Protection against keystroke logging;
* Protection against clipboard capturing;
* Protection against active window screenshoting;
* Protection against desktop screenshoting;
* Protection against attacks of spy programs;
* Protection against hardware keyloggers;
* Full UNICODE support;
* The ability to work at the background, transparently for the user
* The ability to disable keyloggers instantly

But you'll have to part with $89.95 ...

laparanoia said...

A simple trick to fool keyloggers:
http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf