Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Bypass Keyloggers? The Guaranteed Way to Avoid Having Your Keystrokes Maliciously Recorded

Is there a way to bypass keyloggers? Suppose you go offline (File/Work offline) to type in the password and go back online to submit the webpage? Or suppose you use the on-screen keyboard to enter the password or copy and paste the password? How about using a password manager to enter it all for me?

No.

If there’s a keylogger on your machine, there is no way to know for sure if or how it can be bypassed to prevent it from capturing your keystrokes.

Let’s review just what it means to be a keylogger, and then look at your suggested work-arounds to explain why (for the most part) they won’t work.

Become a Patron of Ask Leo! and go ad-free!

A keylogger is malware that records your keystrokes. It can also record much more. While some might be simple to sidestep, sophisticated keyloggers are nearly impossible to “bypass”. Each technique trying to bypass keyloggers suffers from weaknesses that advanced keyloggers easily avoid. The only true solution is to not allow malware on your machine in the first place.

Keyloggers

Peeking at your keystrokes A keylogger (short for keystroke logger) is a form of malware, plain and simple.

As its name implies, its primary job is to capture your keystrokes and share the collected data with someone else. The most obvious example is capturing your login credentials and sending them off to some hacker, who uses them to sign into your account.

The name is misleading. Keyloggers log much more than keystrokes, and it’s that aspect that prevents most “bypasses” from working.

Keylogger basics

Keyloggers use several techniques to gather and share the information they collect.

  • They may send each keystroke immediately to a remote server via the internet.
  • They may collect keystrokes into a file and periodically upload that file.
  • They may collect keystrokes into a file and periodically receive instructions to upload it.
  • They may collect keystrokes into a file that someone with access to the machine could copy.
  • They may not even be on your machine, but rather be hardware devices inserted between keyboard and computer.

While almost all of those can be bypassed, there’s more to the game than just keystrokes.

Keylogger advanced techniques

Yes, keyloggers collect keystrokes. But they’re not limited to that — not at all.

So let’s stop calling them keyloggers, and call them what they really are: malware.

  • Malware can insert itself into the software that’s receiving the keystrokes — the username and password fields of a login form, for example — and collect the entries when you press Enter.
  • Malware can insert itself into the clipboard chain and capture anything copied to the clipboard.
  • Malware can monitor your internet connection — even before it’s encrypted on your machine — and capture the data being transmitted.

That’s all focused around text and keystrokes. It gets worse.

  • Malware can take a screenshot every time you click your mouse.
  • Malware can record your mouse movement and the positions of any clicks.

It’s this last technique that effectively thwarts many of the so-called keylogger bypass tools and techniques.

Why so-called solutions don’t work

“File/Work Offline” — instructing your email program to act as if there were no internet connection — does nothing. The keystroke logger either isn’t paying attention to it and will go online anyway, or it’s recording to a file to be sent and picked up later, when you are online.

The on-screen keyboard can either be recorded just as easily as any keyboard (it truly does mimic a keyboard, after all), or your interactions with it can be captured using screen shots and mouse captures.

The clipboard, as we’ve seen, can easily be monitored and its contents captured.1

Password managers either mimic keyboards (and hence can be captured) or fill in fields (which can also be captured).

Even so-called “key scramblers” are ineffective, since at some point the application you’re typing into must be able to see the actual keystrokes you’ve typed. At that point, malware could insert itself and capture whatever has been entered.

And, of course, hardware keyloggers can only be “bypassed” by removing the malicious hardware.

Sometimes isn’t good enough

One of the more frustrating parts of this discussion is the fact that almost any bypass technique will, indeed, be effective for many keyloggers.

A keylogger that only logs keys as they are entered from a keyboard can be bypassed using a password vault or on-screen keyboard, for example.

Here’s the catch: how do you know you will only be impacted by that kind of keylogger? You don’t.

How do you know you don’t have a much more sophisticated piece of malware that’s logging keystrokes and screenshots and mouse movement and all of the actual unscrambled data your applications need to see?

How do you know your approach to “bypassing” keyloggers will work?

You don’t!

There is no bypass for all possible keyloggers.

There is no bypass for all possible malware — because that’s what keyloggers are: malware; malware with all the capabilities of malicious software that makes it onto your machine.

There’s only one effective bypass

Prevention is the only bypass.

“Bypass” allowing keyloggers, or any form of malware, onto your machine in the first place.

If they’re not present, they can’t capture anything. That’s the only 100% reliable solution you can count on.

Start here: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.

If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,

Leo

Podcast audio

Play

Footnotes & References

1: We’ve even seen this rather blatantly in recent months, as an update to Apple’s iOS exposed just how many applications were peeking at the clipboard on the iPhone.

27 comments on “How Do I Bypass Keyloggers? The Guaranteed Way to Avoid Having Your Keystrokes Maliciously Recorded”

  1. Exactly. This line of questioning is all too common among IT security people even. When a machine is compromised, anything can be done to it including what was outlined above.

    You need to first do everything you can to prevent systems from being compromised, and second, have means of detecting and responding to compromises. Worrying about what can happen once a system is compromised is pointless, because the answer to that is “anything”.

    Reply
  2. There are at least few programs that can block or delete keyloggers. They are called ‘anti-keyloggers’ and there are two basic types of them. The first type are those that have a signature base and the principle of their work is based on scanning of your PC and comparing the files found with the ones that are in anti-keylogger’s signature. (As an example you can take a any anti-spyware product).

    The second type of anti-keyloggers are those, that use methods of heristic analysis. So the main principle of their work is the behavioral analysis. So, they do not have signatures, as they just don’t need them. The main advantage of such kind of signature-based anti-keyloggers is the ability to protect both against known and unknown keyloggers, as they all have the same principle of work. So such kind of anti-keyloggers will help you when the first type of them will not(As an example of behavioral anti-keyloggers you can take PrivacyKeyboard).

    Reply
  3. I have Key Scrambler Pro. It supposedly “scrambles” your keystrokes when typed. Key Scrambler claims that the only thing that a “keylogger” would get is a bunch of random characters/numbers rather than plain text. I believe it is worth checking out, and/or using.

    Reply
  4. Check out the free program at http://cloakpass.com as it is portable, free, and has a good web site. It defeats keyloggers and other forms of password problems.

    Color me skeptical. Anything installed on your machine can be defeated at some level.

    – Leo
    14-Jan-2009
    Reply
  5. While traveling I need to use unsecure public access computers in the US, Europe and Asia to access financial accounts. I want to go with a secure USB drive solution, but don’t know if that exists.

    I know that products such as an Iron Drive offer password protection for stored files (how safe is that?) and file encryption. If I activate the “Remember Me” function on the various sites using the portable browser from Firefox it seems that I would only need to enter a password, which raises the keylogger issue.

    I have heard of but am not familiar with the use of images for passwords. Can you comment on this and any existing applications for that purpose?

    Does that seem to improve safety from keylogger capture and later account penetration?

    Some, but not really. If a keylogger is installed on the system you’re using, it could easily log whatever keys or mouse movements you use to access whatever is on your thumbdrive. If you *boot* from the thumbdrive, a hardware keylogger could still collect everything. Public access computers are scary.

    – Leo
    20-Apr-2009
    Reply
  6. While using “KeyScrambler” I see it does encrypt the keystrokes but the actual Un-crypted keys are still shown on the screen and those can be recorded by spy screen detectors.

    Reply
  7. What if your pasword is enterted by Dragon Naturally Speaking?

    It’s still converted to text somewhere, and thus capturable.

    Leo
    26-Mar-2010

    Reply
  8. This may be a really dumb question, but couldn’t you install Captcha on your machine to defeat keystroke loggers?

    I don’t understand how that would help. Captcha would be performed and the logger would log what you enter thereafter or as part of it.

    Leo
    02-Sep-2010

    Reply
  9. * Use one computer (or virtual system) to access the internet (and to update) – it is your sandbox, playground … etc

    * Use another clean computer (or virtual system) to access your trusted online sites.

    * Use a third clean and closed computer (or virtual system) to do your work, this computer should only get data files from the outside, and in a secure way (e.g. don’t use flash cards, or LAN connections form live system(s). Copy directly from the hardware (e.g. offline hdd), and only the needed data), if your work needs to run an executable or install something, do that on a hosted virtual system, where you install your updates/software, and pass the needed data to be used, remember the third system should be in complete isolation, and never to be connected to the internet or updated 🙂

    play it clean, play it in the shadow.

    take care

    Reply
  10. check out lastpass.com Provides a secure vault on your computer where passwords and other sensitive data can be stored. Access to this vault is by master password that requests a further password through a usb key that you buy from lastpass.com This key generates a random one time only password that lets you access the vault. Even if this password is copied it cannot be used again. This means no key – no access.
    Once in the vault, a click on the name of the site causes lastpass to automatically log you in – no key strokes whatsoever. Further info from the lastpass site.
    Thoroughly recommended. cheers, David

    “no key strokes whatsoever.” is missleading. These tools work by mimicing keystrokes to the various forms and tools into which the password must be entered. Malware can still capture anything that lastpast (or any other similar tool) can do. They DO NOT bypass advanced keyloggers.

    Leo
    23-Feb-2011

    Reply
  11. I DID read the article but it doesn’t address the issue of keyscrambler. Do YOU know what keyscrambler does? If so, why wouldn’t it work to thwart key loggers?

    a) Keyloggers log more then keystrokes. b) Keyloggers can insert themselves infront of keyscrambler to catch the unscrambled keystrokes as entered. c) Keyloggers can insert themselves after keyscrambler to catch the unscrambled keystrokes as they are passed to the application that needs them. d) Keyloggers can act as malware and capture the data as it passes throught the application and out to the network.

    Leo
    04-Mar-2011

    Reply
  12. I use a piece of free software called Keyscrambler (I’m using IE 9), this encrypts all login details/passwords as I am entering them. Obviously I use a security suite (Microsoft Security Essentials) plus Threatfire free version for backup but I like this add-on for a little additional security ;o)

    As noted in the article and in my replies on other comments there is no tool that will protect you from sufficiently sophisticated keyloggers or malware. I’m concerned that people are getting a false sense of security and as a result dropping their guard.

    Leo
    04-Mar-2011

    Reply
  13. I look for comments on my method but yet to see anything. I don’t know if it works or not. I have all my passwords in a simple text file, which is then protected by a long, complex pw. Okay, i know that can probably be cracked.

    However, I do things differently. One, the user name\site and password do not line up. The username\site might be line one, but the pw for that site is line 25. No two line up.

    Two, I copy the pw’s and then paste them into the site. I do not use keystrokes. So, would that defeat loggers?

    Opinions?

    There is no technique that is guaranteed to bypass keyloggers. Copy/Paste in particular is no good, as all the keylogger needs to do is trivially capture the copy of the clipboard when you hit paste.

    Leo
    04-Mar-2011

    Reply
  14. PC security at the moment is terrible ….
    Both MS and Intel know this ..
    The future is possibly embedding the operating system into the CPU as read only .

    Physical key loggers and wireless sniffers also need work….even so criminals are not about to give up yet.

    Reply
  15. Several banks including mine suggest their customers install Trusteer Rapport to provide a potentially useful additional security level. As you point out, no single approach is perfect, but I think it’s beneficial to at least some degree, and its overhead is negligible. Their help desk is articulate and actually helpful from my limited personal experience.

    Took a quick look at its product page and I don’t see any mention of keystroke logger protection. It does appear to do some valuable things, but your bank must support it.

    Leo
    13-Mar-2011

    Reply
  16. You can defeat the key-logger with a sandbox.

    No you cannot. There certainly can be keyloggers that will still log sandboxed operations.

    Leo
    01-Dec-2012
    Reply
  17. I think the most easy and secure way to bypass keylogger is to boot up the machine in safe mode. This will not allow keylogger to run. The you can selectively start and use the specific program you want.

    This is simply not true. Keyloggers (and any malware for that matter) can certainly insert themselves into safe mode.

    Leo
    24-Jan-2013
    Reply
    • I wouldn’t be surprised to find some malware that insert themselves as part of some essential driver or that run as a core service, or as a component of a core service.
      Even in a sandbox or safe mode, drivers still need to be loaded and run. Same for services.

      Reply
  18. I have thought that entering keystrokes into a number of documents (ie, 2 notepad sessions and the secure session) would go a long way to secure your PW to the secure session. Use the mouse cursor to select the session and the location for text insertion within the session.

    Reply
    • And, again, malware could easily be recording everything you’re doing, all the steps you’re taking, and reconstructing it all. It’s no guarantee that you’ve secured anything.

      Reply
  19. What if you start Windows 10 in “safe mode without networking” (“F8” – “5”)? That mode prevents any non- WIN10 software from loading, but you can still access the web. So that method should allow you to safely log into your bank account (as an example) without a key logger being active.
    Another one: If you start Microsoft’s “program explorer” (with admin privileges), you can see any app that has loaded on your PC, and especially the ones that do not show anything at the “description” and/or “company name” box are of interest. Then, “program explorer” allows you to kill those apps. Would that be a solution?

    Reply
    • Two things: “without networking” explicitly prevents web access — you would not be able to access your bank, and two I believe it’s a serious mistake to assume safemode would not run malware. Malware can insert itself in many ways. Thus I would NOT count on this to bypass keyloggers.

      Yes, many applications — both legitimate and malicious — both do and don’t include information in description and company name. That’s not a good indicator of whether a program is legit.

      Not sure what you’re asking for a solution for.

      Reply
    • One (almost) sure-fire method to bypass a keylogger is to boot from a Linux live distribution to do your banking. I don’t do this but I know someone who does. I say almost because it won’t bypass a hardware keylogger but someone would have to get their physical hands on your computer for that.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.