Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Will Using an On-Screen Keyboard Stop Keyloggers?

Closeness doesn’t count

On-Screen Keyboard
(Screenshot: askleo.com)
Using an on-screen keyboard instead of a real keyboard might stop some keyloggers, but there's no guarantee that other techniques aren't also being used.
The Best of Ask Leo!
Will using the on-screen keyboard in Windows stop keyloggers?

The short answer is very simple: no.

I get a surprising amount of push-back on this, but the truth remains: while it might stop some, it’s nothing you can count on to be 100% effective.

Keyloggers are a form of malware that record your keystrokes to capture things like your login usernames and passwords so hackers can get into your accounts. Let’s look at the path of keystrokes from your finger to your computer to see the various ways your keystrokes can be intercepted and logged.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

On-screen keyboards versus key-loggers

An on-screen keyboard can protect you from hardware-based keyloggers. It may even prevent some classes of software keyloggers from intercepting your keystrokes. Unfortunately, since an on-screen keyboard is indistinguishable from a real keyboard to the program into which you are typing, there remain keylogging techniques an on-screen keyboard will not protect you from. Remember, a keylogger is just one specific type of malware, and malware can do anything once it’s on your machine.

The keyboard connection

Typically, when you type a key, a microprocessor within the keyboard sends signals via the cable connecting it to your computer.

Here, we encounter the first point of vulnerability. No, not the microprocessor in the keyboard (technically possible, but exceptionally unlikely) — but the cable, or rather, what the cable plugs into.

Particularly lucrative targets are public computers, where someone comes along and installs a physical device between the computer and keyboard: a device that intercepts and logs every keystroke entered. Sometime later, they come back, remove the device, and take with it all the information users of that computer entered.

Wireless keyboards can be worse. Wireless keyboards actually broadcast the keystrokes you’re typing. Any receiver within range can “listen in”. Wireless keyboards encrypt their data, so in theory, the information should be safe, but the quality of the encryption can vary based on the age of the keyboard and the vendor. In addition, the concept of “in range” turns out to be much further than most people think, particularly for a thief with equipment dedicated and tuned to this purpose.

The good news is that your on-screen keyboard protects you against these two specific types of keyboard-related threats. By using an on-screen keyboard, you’re bypassing those components of the keyboard hardware that could be compromised.

The bad news is that hardware-based keyloggers are rare. Much more common are software-based threats.

The keyboard software

Once your keystrokes arrive at the computer from the keyboard, they are processed by a keyboard device driver which (to oversimplify) handles the translation of the keyboard “scan codes”, as they’re called, to the letters, numbers, and symbols Windows applications expect.

Keyloggers typically insert themselves into the receiving end of this process: they get the keystrokes from the keyboard as they are passed on to Windows.

This is where the on-screen keyboard scenario gets interesting.

The on-screen keyboard application is a “virtual” keyboard. It has its own device driver, which, to Windows, “looks like” a real keyboard.

As a result, the keystrokes it sends to Windows can quite easily be captured by the same key-logging software capturing keystrokes from the real keyboard, if that key logger has been installed in the proper place.

But it gets worse. Much worse, actually.

A keylogger is just malware

Perhaps the most important concept to remember here is that keyloggers are just another form of malware.

And malware can do anything; keyloggers can capture much more than just keystrokes.

You use the on-screen keyboard by using your mouse to point and click at the image of a key on the keyboard. A keylogger could, then, for every mouse click:

  • Capture the location of the mouse on the screen.
  • Capture a screenshot image of the screen, or just the area “around” the mouse pointer.

The keylogger has captured a series of images showing exactly where you clicked and in what order. In other words, it’s captured your virtual keystrokes.

Note that this approach to keylogging also bypasses one of the more common so-called security techniques of randomizing the keyboard layout on the screen. You still have to see where to click, and the logger simply logs what you see and where you click, regardless of how the keyboard is laid out.

Keyloggers as threats

How big a threat is all this?

It depends on whom you ask. In my opinion, “normal” keyloggers — those that record only keystrokes — are a fairly common threat, and are one reason why security software, general internet safety, and the use of common sense is so important. So yes, they’re out there.

The real question is, how pervasive are the more sophisticated keyloggers, which do more than capture keyboard keystrokes, but use other techniques to effectively achieve the same result?

It’s hard to say, but I have to say it again: keyloggers are “just” malware. If they’re on your machine at all, you have a problem, and that problem may not be limited to logging what you type. Like any malware, you might not even realize it’s there until it’s too late. As a result, focusing on solutions targeted only at thwarting keyloggers is not only misguided; it diverts your attention from a much bigger problem. If you have a keylogger, you have malware.

Do this

Focus on avoiding or removing malware of all sorts, and you’ll be avoiding or removing keyloggers as a side effect.

And I would never rely on a virtual keyboard of any sort as a security measure.

Something you can rely on? My weekly newsletter! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.