Will this work to fool key loggers? On the desktop, create a notepad (or
similar) text file that contains your login names and passwords. Then use ONLY
the mouse’s “right-click” to copy-paste your entry data from notepad to your
internet login. The keyboard is never used since nothing is ever typed
real-time. And never save password or form data in IE’s, FireFox, … options.
Could this fool key loggers?
I know it sounds completely counter-intuitive or backwards, but … no, avoiding
the keyboard will not necessarily keep you safe from keyloggers.
And that’s a reflection of just how sophisticated these forms of malware
As one hint, don’t let the term “keystroke logger” fool you.
The reason is actually pretty simple: software that’s tracking what you’re doing will often track much more than just keystrokes. While we might still refer to them as “keystroke loggers”, the reality is that they’re much more appropriate called “activity loggers”.
Or just plain spyware.
Let’s use your idea: in addition to logging keystrokes, activity monitoring software might actually record a screen image at every mouse click. Thus every time you copy or paste using only the mouse, a screen image is captured that shows exactly what you copied and pasted. (Many parental monitoring software packages do something similar.)
In your case, that screen image might even include much more: like the text file you have open to copy from, containing all your logins and passwords.
As you can see this renders not only your copy/paste solution vulnerable, but using an on-screen keyboard – another common suggestion – becomes just as vulnerable.
And it doesn’t have to be just keystroke logging or screen capture. Spyware can insert itself anywhere in your system – from a malicious toolbar that has access to everything you do within the browser to a malicious driver that sees everything that’s being sent and received via your network, perhaps even before being encrypted for https connections.
Now of course many rudimentary or simple key stroke loggers may capture only keystrokes, and will be thwarted by the approach that you’ve laid out. I suppose that means that my answer should really be “yes, sometimes”.
The problem is how do you know when “sometimes” is? How do you know when the “simple” kind of keylogger is installed versus a more comprehensive activity monitor? (And if you suspect that either is, why are you using the machine at all?)
The only absolutely safe answer is that no, your approach will not work with all key loggers and activity monitoring software. You cannot assume you’re safe by “techniquing” your way around activity loggers.
Keep your machine safe, and avoid using machines that may not be. If you must use questionable machines, never use them for anything even remotely personal.
11 comments on “Will not using the keyboard fool key loggers?”
I have a free prog called I Hate Keyloggers. Does it work?
I have been using the copy/paste method for years. Mow I am using the excellent tool Lastpass. (Can be used as freeware too) I don’t think any “screen- or keylogger” has any chance to capture any information that I don’t want to share
How does Norton360 virus definitions improve above this threat?
I use keyscrambler from here..
Free for personal use
Friends please download and install keyscrambler. It encrypts what you type in the browser. It installs both at the OS and the browser(Mozilla firefox). When you type something it gets encrypted and passes through the keyboard and when it reaches the browser again it get decrypted. So in between the keylogger gets encrypted text. So it is safe to use. But the draw back is it only help in browser only. If you type something in notepad or msword, it wont help you. And some people are saying that while typing only keyloggers records the strokes, we can prevent this from copy-paste from anywhere. It is not true i have one keylogger, it logs the text in clipboard also. And usage of OSK(on-screen keyboard) is also no use. The things typing from it also getting logged by keyloggers. The best way is to use keyscrambler to protect the passwords while typing in browser or use “safe keys”. Please download it from, http://www.aplin.com.au/ it is very safe to use.
From what I have read here, there is no safe way to use a computer. Just today I scanned with trend micro and found nothing yet a window appears from Vista defender (whatever that is) stating that they found 25 problems including a keystroke one and an unknown software is trying to take control over my system. Now I am afraid to log into roboform to get to my emails and money accounts.
As for me, I use my computer every day in spite of all the things that could go wrong. I take practical precautions, and get on with my work. (Using Roboform, I might add ).
i tried to install the http://www.qfxsoftware.com/Download.htm on my vista 32 bit , firefox and IE 8, but it failed, then i looked at the file installation better and it tries to put it in one of your own files why is that? I emailed support but they never answered that question.
Then why do you first say this software is not good to use, then you suggest it?
I remember one of my friends telling me that he can fool the keylogger by using a combination of Keyboard and mouse clicks.
He used to enter his password with some mistakes and then he clicked in between characters using mouse and then fixing the mistakes and then press the Sign In/ Log in button.
Can you tell me how safe is this approach?
I thought I was safe using Roboform-to-Go, both at home and at internet cafes while travelling. Now I guess not so! How should you connect with your bank while traveling?
This reply is for Ben:
I suspect that the “Vista defender” that you mentioned was possibly a malware program trying to entice you to install it on your system using the scare tactic of having found numerous threats on your computer. The program I think it was trying to imitate was WINDOWS Defender, which is an antispyware program that in part of the Vista OS. I use Windows Defender regularly to scan my computers.
Be very wary of any program offering “free” scans of your computer; most times they are either malware looking for a victim, or sometimes a real vendor just looking for a sale. These programs often have names that are so close to the original & legitimate program, and we have to really be careful when considering using that software. I have seen names that only differ by 1 letter or number from the original.
GET VISTA DEFENDER OFF YOUR SYSTEM! Just do a Google search on “vista defender” and you’ll see what I mean. Do NOT go to any financial sites as long as that thing is on your system and do NOT listen to whatever it tells you to do.