Looking for new ideas to defeat keyloggers

Hi,

I am looking for new and different ways to defeat keyloggers. All keyloggers, including software and hardware keyloggers.

I have heard of programs like Process Guard, Spycop and Security Task Manager, but I'm looking for ways to bypass keyloggers if you should be using someone elses machine, and you can't install and run any anti-keylogger software such as on a library or cafe computer.

I have heard others say that using a knoppix cd and a USB keyboard would be one way, provided the usb and cd drive are functional. Is that about the best way outside of bringing your own laptop? Any other ideas? How about running off a portable mini usb hard drive with it's own OS installed and booting to it instead of using the installed OS on the machine your using, again as long as the usb ports are working?

What are some of your expert ideas to bypass all keyloggers that may be installed on a machine, other than your own, that you may be using? Do you have any tricks that you could share? I'm looking for all and any ideas that will work.

Thanks very much for your time and help.

[Wayne - DiamondCS]

The most obvious alternative is to use a virtual keyboard program, whereby a keyboard is shown on your screen and you click on its keys with your mouse. Some online banks are starting to use such virtual keypads (often just the numeric keys) for entering your customer ID number, and are also randomizing the key locations.

However, although such a program can bypass most keyloggers, it wouldn't for example be able to stop programs which kept a log of text changes from all textboxes in all programs on your system (something which is trivial to do programatically by calling the GetWindowText API function).

Best regards,
Wayne

Thanks Wayne. Could you recommend a good virtual keyboard program other than the one installed in Windows? Because I may go the Knoppix route, or create my own bootable cd, and would like to add a virtual keyboard program. Or is there a way to copy the one in Windows and use that somehow? Thanks very much.

[kareldjag]

Hi,

A friend was confronted by the same problem in his cybercafe.
Solutions exists both for softwares and hardware keyloggers.
It depends on the environment (home or public computers etc).

For softwares keyloggers, security softs which implement kernel space device drivers are very effective (can "catch the hookers"); especially when they disable some specific APIs.

ProcessGuard is one of them.
But for only a simple diagnostic, anti-rootkits free tools can be used: IceSword (works with undocumented APIs) and RootkitDetector (new version available this summer) are the most interesting in this case.

Another solution (specifically for several workstations/computers or public computers) is a hardware drive protection: Centurion Gurard seems more interesting than solutions like DeepFreeze/Shadow User: http://www.centurionguard.com/

For hardware keyloggers, it depends on the kind of keyboard.
For a classical keyboard (relied to the pc), regular phisical inspections are necessary.
Virtual keyboard are a good solution (more interesting than flexible keyboards).
There is an example on this next link: http://virtualdevices.net/

Wayne is on the right about the security provided by virtual keyboards.
But unfortunately, this solution is not 100% secure/sure.
Nicolas Gregoire, a french security analyst has prooved that in a recent symposium and some banks managers need many aspirins now.

A presentation (madia player) can be viewed here: http://www.nicob.net/SSTIC05/Demo-SSTIC05.avi

Goog luck in your challenge,Thewolf,

regards.

Thanks very much Kareldjag. Some interesting stuff. That laser generated usb keyboard does look interesting too.

[Paranoid2000]

Quote:

Originally Posted by kareldjag

Wayne is on the right about the security provided by virtual keyboards.
But unfortunately, this solution is not 100% secure/sure.

The best option would seem to be a combination of a bootdisk (to bypass any software keyloggers installed) and using virtual keyboard software (which would have to be on that disk, such as the Gnome Onscreen Keyboard with a Linux distro) to counter hardware keylogging - while most such items are physically visible, it is possible to get keyboards with logging built in which are then indistinguishable from normal keyboards like the KeyGhost Security Keyboard reviewed at DansData.

[kareldjag]

Hi Para,

I don't trust too much in software security: a piece of code can be defeated by another one which will be bypassed by another one and so on...
That's the case for virtual keyboards (and some virtual keyboards keyloggers are available for free).
I'm agree that multi-layered strategy must be applied, and believe more in physical security.
But it depends on the environment (public libraries, big or small internet cafes etc).
On a personal PC, it's not difficult to prevent the most advanced softwares keyloggers.

regards

[Paranoid2000]

Quote:

Originally Posted by kareldjag

I don't trust too much in software security: a piece of code can be defeated by another one which will be bypassed by another one and so on...

Which is why I mentioned using a bootdisk - starting a PC from one would bypass any software keyloggers installed and using virtual keyboard software on that bootdisk would defeat any hardware keylogger.

Until someone comes up with malware that infects the PC BIOS, a bootdisk is a guaranteed method of getting a clean configuration (assuming the bootdisk itself is clean).

[Detox]

Post with link to keyloggers removed.

[TOMxEU]

Antihook / FREE AntiHook Home Edition License

[controler]

Quote:

Until someone comes up with malware that infects the PC BIOS

Ok the old fart is confused again here. I thought BIOS Viri have been around since the early 80's

controler

[Paranoid2000]

Quote:

Originally Posted by controler

...I thought BIOS Viri have been around since the early 80's

You may be talking about DOS viruses that accessed BIOS function calls in order to write to disk directly. There have also been some viruses (e.g. CIH) that corrupted Flash BIOSes (resulting in a dead PC) but I have yet to hear of a virus that can reside in a BIOS and take over a PC before any operating system (be it DOS, Linux or Windows) starts.

Yes it does appear that Actual BIOS infections of whatever OS flavour have been rare. P2K mentions CIH and there have been a number of others over the years, but these seem to flash or trash the BIOS in some way, rather than stealthily take control of it.

I found a couple of things which might interest you. The first is about the " infamous " swami guy that no one seemed to believe !

. . .


regarding a trojan that swami claimed to break itself into pieces and hide in firmwares/bios, etc

How I finally caught it?

I attached a small portion of the dll contents for you to see.

Attached File(s) shell32dlltext.txt ( 65.13k )

http://www.spywareinfoforum.com/inde...howtopic=52016

. . .

chips may contain a Trojan horse -- a hole that could potentially enable
hackers to wreak havoc on the company's CPUs -- said a BIOS expert
familiar with the technology.

http://www.privacy.nb.ca/cryptograph...7-07/0107.html

. . .


StevieO

I would prefer using a live CD of Linux DSL or Puppy... IMO, these are the safest options you have.

How about a PDA with Wifi capability? Only safe with encrypted sites, of course, as signal can be intercepted.

[MikeNash]

Quote:

Originally Posted by Stilgar

How about a PDA with Wifi capability? Only safe with encrypted sites, of course, as signal can be intercepted.

If the device ran Linux - create an SSH connection to your home server (also running Linux), and port forward through that for your WWW services. All data would go SSH encrypted to your box at home/office and then from there out via an SSL secured connection to your bank.

I've not much linux experience personally, but I am learning to love how cool some things are with that OS.

The web browser in my Palm Tungsten C uses SSL already, so it's a simple, secure alternative to using internet cafe computers that may have keyloggers. At least I think it's secure, with sites that support SSL. The small screen size can be annoying, but it fits in a shirt pocket.

It would be great if they'd add a virtual keyboard to Firefox, designed to defeat the vulnerabilities (like GetWindowText) described in other posts here.

All versions of Windows have a built in On-Screen Keyboard, which is a virtual keyboard, so why would you need one in Firefox?

In Windows XP just go to Start > All Programs > Accessories > Accessibility > On-Screen Keyboard to access it.

Also here is a completely free virtual keyboard that is reliable and malware free. http://www.lakefolks.org/cnt/ It only runs on Windows though, not others operating systems.

[AvianFlux]

Quote:

Originally Posted by peacemaker

Also here is a completely free virtual keyboard that is reliable and malware free. http://www.lakefolks.org/cnt/ It only runs on Windows though, not others operating systems.

Hey, that Click-N-Type is sweet.

would installing every known keylogger (perhaps disabled) and password protecting them defeat the installation of malware installed versions - sort of giving your machine immunity?

[MikeNash]

Quote:

Originally Posted by 32erawef

would installing every known keylogger (perhaps disabled) and password protecting them defeat the installation of malware installed versions - sort of giving your machine immunity?

No. The problem is that writing a keylogger is easy. So, while your idea may have some merit for protecting against known keyloggers (depending on the quality of the installation, how you disable them, etc) it is likely to give you a false sense of security.