Keyloggers Detecting Passwords?

Discussion in 'privacy technology' started by tomteeth, Jul 27, 2009.

Thread Status:
Not open for further replies.
  1. tomteeth

    tomteeth Registered Member

    Joined:
    May 23, 2002
    Posts:
    153
    Location:
    filthydelphia
    Hello: I was looking for a free keylogger to keep the kids in check and I found this one>> http://www.topqualityfreeware.com/security/security55.html <<<
    It seems to work ok, (but I just installed it and have to wait and see)!

    My problem is this, I am trying to be very cautious with online banking and I heard that if I use the "Onscreen Keyboard" that is on my pc to type out a username and password that the keyloggerwould not recognize it and would not know what I typed in, I found this NOT to be true, to test this I typed in a username and password on this one site I have and it recorded Everything even my password was disclosed in FULL.

    I thought keyloggers were not suppose to be able to see the input from an Onscreen keyboard?
    Anyone know anything about this, please let me know, Thanks
     
  2. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Regardless of what it saves and what it doesn't, dont you think it is a shame that you have to resort to such tactics to watch over your children. ?

    I would never dream of playing big brother to that extent, -- whatever happened to trust ?

    Re internet banking --common sense is the best approach.
     
  3. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    TT - can you say what your Onscreen Keyboard is ? I use Neo's Safekeys
    and Key Scrambler as a help
    and would like to know that they (OK's) are actually SAFE to be using rather than finding out sometime in the future that any old KL can pick up on them.

    I would be concerned to know that the Keylogger you have does NOT have
    any access to the net via svchost or any other - in fact I would have VERY quickly changed that password you used after noticing that the KL had been able to read it off the Onscreen K. - It goes almost without saying that I
    would have dumped the KL BEFORE changing my password.
     
  4. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188

    I believe this is not the right place for judging the behaviour of a parent. In general, it is always hard to judge a parent's behaviour without knowing the exact situation such parent is dealing with, and 3 lines of post on a forum is surely not enough to know whythe poster is doing what he is doing.
     
  5. tomteeth

    tomteeth Registered Member

    Joined:
    May 23, 2002
    Posts:
    153
    Location:
    filthydelphia
    Markoman: Thank you, I only want to say one thing and thats all I will talk about trusting in the kids, I do trust the kids, I dont trust the shady people who try to sucker kids into Filth talk so they can take advantage of them. We all know what they are trying to do.
    Please can we get back on the original topic now?
    I thought keyloggers were not suppose to be able to see the input from an Onscreen keyboard?
    Anyone know anything about this, please let me know, Thanks
     
  6. agentG

    agentG Registered Member

    Joined:
    Apr 8, 2009
    Posts:
    17
    Tomteeth, unfortunately this is a common misconception. Very few on-screen keyboards come close to being safe.

    Hope this isn't too much info for you...but here is a start:

    It's actually quite easy for keyloggers to see the input from many of these on-screen keyboards. They do this by using a combination of:
    • Keylogging (some on-screen keyboards actually send keypresses in the background...every keylogger can capture this - the Windows on-screen keyboard is one example of this)
    • Screen logging (some key loggers take regular screenshots, or even just small screenshots around the mouse, every time the user does a mouse-click)
    • Clipboard logging (many key loggers actively monitor the clipboard)
    • A technique I call 'field scraping' - where the keylogger can sometimes 'ask' Windows the value of a text box...even if the text box has a password in it (and covered by the **** mask).
    • Form scraping - where, even if you were 100% safe entering a password into a form, that a rogue program intercepts the password from your browser, before it gets sent to the banking website.

    ...but that's the bad news.

    The good news is that there are ways to protect yourself.

    Firstly, use an on-screen keyboard that has been designed to improve security. I recommend the free Neo's SafeKeys www.aplin.com.au, but I am very biased and there are other alternatives out there. When you look for an on-screen keyboard I suggest you look for the following features:
    • Offers the ability to drag/drop passwords. No matter what ANY website says, using the Windows clipboard in ANY way is unsafe. I am yet to see a clipboard-enabled on-screen keyboard that offers protection from clipboard loggers (even if they say they do offer protection).
    • Changes height/size/location each time (some keyloggers incercept coordinates of mouse presses)
    • Offers some protection against screen loggers (SafeKeys actually defeats 2 of the 3 ways a program can take screenshots by being very, very slightly transparent).
    • Offers a way for you to enter characters without clicking the mouse (no mouse clicks, very hard for screen loggers to know which on screen keys you registered...unless they do a movie of your screen, which is very bandwidth intensive, and much, much easier to detect)
    • Protects against field scraping (having a password field that is protected will go a long way to keeping your password safe).

    Secondly, keeping your system as secure as possible (this seems to be a great list: https://www.wilderssecurity.com/showthread.php?t=249469).

    And thirdly, ask your bank if they offer a security token. This way, even if someone does get your user name and password, they won't be able to log into your bank later on without the token as well. (But ensure your system is protected first...don't think you're 100% safe just because you have a security token.).

    Hope this helps.
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    All good stuff, well said. And - welcome to Wilders!
     
  8. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Wow agentG FANTASTIC post! Very informative.

    What do you think of Zemana Antilogger? It claims to protect against all known forms of logging: keylogging, screenlogging, clipboard logging, webcam logging and something they call SSL logging.
     
  9. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi SSJ,

    I agree with you on the points about a good security policy. However I feel that there is no harm in supplementing it with an anti-logger or two as a sort of safety net, imo.

    EDIT: Thanks for the link!
     
  10. enrico

    enrico Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    25
    But in general, it may also be said that hidden keyloggers are a very questionable measure to parent the own children by nature, wouldnt you agree?

    It is like peeping through the keyhole. :thumbd:
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I don't know if I would agree or not, because I don't understand...
     
  12. enrico

    enrico Registered Member

    Joined:
    Oct 15, 2009
    Posts:
    25
    Sorry for the quirky sentence. I meant, it should be natural to think that this is a wrong approach to parent/control children.
     
Loading...
Thread Status:
Not open for further replies.