Looking for new ideas to defeat keyloggers

Discussion in 'privacy general' started by thewolf, Aug 4, 2005.

Thread Status:
Not open for further replies.
  1. thewolf

    thewolf Guest

    Hi,

    I am looking for new and different ways to defeat keyloggers. All keyloggers, including software and hardware keyloggers.

    I have heard of programs like Process Guard, Spycop and Security Task Manager, but I'm looking for ways to bypass keyloggers if you should be using someone elses machine, and you can't install and run any anti-keylogger software such as on a library or cafe computer.

    I have heard others say that using a knoppix cd and a USB keyboard would be one way, provided the usb and cd drive are functional. Is that about the best way outside of bringing your own laptop? Any other ideas? How about running off a portable mini usb hard drive with it's own OS installed and booting to it instead of using the installed OS on the machine your using, again as long as the usb ports are working?

    What are some of your expert ideas to bypass all keyloggers that may be installed on a machine, other than your own, that you may be using? Do you have any tricks that you could share? I'm looking for all and any ideas that will work.

    Thanks very much for your time and help.
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    The most obvious alternative is to use a virtual keyboard program, whereby a keyboard is shown on your screen and you click on its keys with your mouse. Some online banks are starting to use such virtual keypads (often just the numeric keys) for entering your customer ID number, and are also randomizing the key locations.

    However, although such a program can bypass most keyloggers, it wouldn't for example be able to stop programs which kept a log of text changes from all textboxes in all programs on your system (something which is trivial to do programatically by calling the GetWindowText API function).

    Best regards,
    Wayne
     
  3. thewolf

    thewolf Guest

    Thanks Wayne. Could you recommend a good virtual keyboard program other than the one installed in Windows? Because I may go the Knoppix route, or create my own bootable cd, and would like to add a virtual keyboard program. Or is there a way to copy the one in Windows and use that somehow? Thanks very much.
     
  4. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    A friend was confronted by the same problem in his cybercafe.
    Solutions exists both for softwares and hardware keyloggers.
    It depends on the environment (home or public computers etc).

    For softwares keyloggers, security softs which implement kernel space device drivers are very effective (can "catch the hookers"); especially when they disable some specific APIs.

    ProcessGuard is one of them.
    But for only a simple diagnostic, anti-rootkits free tools can be used: IceSword (works with undocumented APIs) and RootkitDetector (new version available this summer) are the most interesting in this case.

    Another solution (specifically for several workstations/computers or public computers) is a hardware drive protection: Centurion Gurard seems more interesting than solutions like DeepFreeze/Shadow User: http://www.centurionguard.com/

    For hardware keyloggers, it depends on the kind of keyboard.
    For a classical keyboard (relied to the pc), regular phisical inspections are necessary.
    Virtual keyboard are a good solution (more interesting than flexible keyboards).
    There is an example on this next link: http://virtualdevices.net/

    Wayne is on the right about the security provided by virtual keyboards.
    But unfortunately, this solution is not 100% secure/sure.
    Nicolas Gregoire, a french security analyst has prooved that in a recent symposium and some banks managers need many aspirins now.

    A presentation (madia player) can be viewed here: http://www.nicob.net/SSTIC05/Demo-SSTIC05.avi

    Goog luck in your challenge,Thewolf,

    regards.
     
  5. thewolf

    thewolf Guest

    Thanks very much Kareldjag. Some interesting stuff. That laser generated usb keyboard does look interesting too. :)
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The best option would seem to be a combination of a bootdisk (to bypass any software keyloggers installed) and using virtual keyboard software (which would have to be on that disk, such as the Gnome Onscreen Keyboard with a Linux distro) to counter hardware keylogging - while most such items are physically visible, it is possible to get keyboards with logging built in which are then indistinguishable from normal keyboards like the KeyGhost Security Keyboard reviewed at DansData.
     
  7. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi Para,

    I don't trust too much in software security: a piece of code can be defeated by another one which will be bypassed by another one and so on...
    That's the case for virtual keyboards (and some virtual keyboards keyloggers are available for free).
    I'm agree that multi-layered strategy must be applied, and believe more in physical security.
    But it depends on the environment (public libraries, big or small internet cafes etc).
    On a personal PC, it's not difficult to prevent the most advanced softwares keyloggers.

    regards
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Which is why I mentioned using a bootdisk - starting a PC from one would bypass any software keyloggers installed and using virtual keyboard software on that bootdisk would defeat any hardware keylogger.

    Until someone comes up with malware that infects the PC BIOS, a bootdisk is a guaranteed method of getting a clean configuration (assuming the bootdisk itself is clean).
     
  9. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Post with link to keyloggers removed.
     
  10. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
  11. controler

    controler Guest

    Ok the old fart is confused again here. I thought BIOS Viri have been around since the early 80's

    controler
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    You may be talking about DOS viruses that accessed BIOS function calls in order to write to disk directly. There have also been some viruses (e.g. CIH) that corrupted Flash BIOSes (resulting in a dead PC) but I have yet to hear of a virus that can reside in a BIOS and take over a PC before any operating system (be it DOS, Linux or Windows) starts.
     
  13. StevieO

    StevieO Guest

    Yes it does appear that Actual BIOS infections of whatever OS flavour have been rare. P2K mentions CIH and there have been a number of others over the years, but these seem to flash or trash the BIOS in some way, rather than stealthily take control of it.

    I found a couple of things which might interest you. The first is about the " infamous " swami guy that no one seemed to believe !

    . . .


    regarding a trojan that swami claimed to break itself into pieces and hide in firmwares/bios, etc

    How I finally caught it?

    I attached a small portion of the dll contents for you to see.

    Attached File(s) shell32dlltext.txt ( 65.13k )

    http://www.spywareinfoforum.com/index.php?showtopic=52016

    . . .

    chips may contain a Trojan horse -- a hole that could potentially enable
    hackers to wreak havoc on the company's CPUs -- said a BIOS expert
    familiar with the technology.

    http://www.privacy.nb.ca/cryptography/archives/cryptography/html/1997-07/0107.html

    . . .


    StevieO
     
  14. Shrek

    Shrek Guest

    I would prefer using a live CD of Linux DSL or Puppy... IMO, these are the safest options you have.
     
  15. Stilgar

    Stilgar Guest

    Wifi PDA

    How about a PDA with Wifi capability? Only safe with encrypted sites, of course, as signal can be intercepted.
     
  16. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Re: Wifi PDA

    If the device ran Linux - create an SSH connection to your home server (also running Linux), and port forward through that for your WWW services. All data would go SSH encrypted to your box at home/office and then from there out via an SSL secured connection to your bank.

    I've not much linux experience personally, but I am learning to love how cool some things are with that OS.
     
  17. Stilgar

    Stilgar Guest

    Wifi as alternative to using internet cafe computers

    The web browser in my Palm Tungsten C uses SSL already, so it's a simple, secure alternative to using internet cafe computers that may have keyloggers. At least I think it's secure, with sites that support SSL. The small screen size can be annoying, but it fits in a shirt pocket.

    It would be great if they'd add a virtual keyboard to Firefox, designed to defeat the vulnerabilities (like GetWindowText) described in other posts here.
     
  18. peacemaker

    peacemaker Guest

    All versions of Windows have a built in On-Screen Keyboard, which is a virtual keyboard, so why would you need one in Firefox?

    In Windows XP just go to Start > All Programs > Accessories > Accessibility > On-Screen Keyboard to access it.

    Also here is a completely free virtual keyboard that is reliable and malware free. http://www.lakefolks.org/cnt/ It only runs on Windows though, not others operating systems.
     
  19. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    Hey, that Click-N-Type is sweet. :)
     
  20. 32erawef

    32erawef Guest

    would installing every known keylogger (perhaps disabled) and password protecting them defeat the installation of malware installed versions - sort of giving your machine immunity?
     
  21. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    No. The problem is that writing a keylogger is easy. So, while your idea may have some merit for protecting against known keyloggers (depending on the quality of the installation, how you disable them, etc) it is likely to give you a false sense of security.
     
Loading...
Thread Status:
Not open for further replies.