Keylogger resistance

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello,
   Keyloggers has become the most popular form of virus, therefore some
websites deviced certain  mechanism to resist this kind of attack. For
those sites without any remedy for it, as a user while logging in, can
I use this method to resist keylogger type attacks?
My method is to type password and username in an interlaced mode, and
even add some backspaces among them, such that the keylogger will
record incorrect username and password. Will such a DIY method help to
resist keylogger type attacks?


Thanks for your comments.


Re: Keylogger resistance

x-no-archive: yes

Quoted text here. Click to load it
I have no problem with it. I run anti virus and anti spyare.



Re: Keylogger resistance


| Hello,
|    Keyloggers has become the most popular form of virus, therefore some
| websites deviced certain  mechanism to resist this kind of attack. For
| those sites without any remedy for it, as a user while logging in, can
| I use this method to resist keylogger type attacks?
| My method is to type password and username in an interlaced mode, and
| even add some backspaces among them, such that the keylogger will
| record incorrect username and password. Will such a DIY method help to
| resist keylogger type attacks?
|
| Thanks for your comments.

Most Keyloggers are Trojans and not viruses.  Some viruses do however have
keylogging
capabilities.

Your best prevention is anti virus software performing "On Access" scanning,
practicing Safe
Hex and not sharing the computer with "others".

Your present methodology sounds worthless.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Keylogger resistance

'David H. Lipman' wrote:
| Your best prevention is anti virus software performing "On Access"
scanning, practicing Safe
| Hex and not sharing the computer with "others".
|
| Your present methodology sounds worthless.
_____

I agree with David.  After all, a 'keylogger' captures the key sequence you
type in, not what the results look like on the screen.

Phil Weldon

|
|| Hello,
||    Keyloggers has become the most popular form of virus, therefore some
|| websites deviced certain  mechanism to resist this kind of attack. For
|| those sites without any remedy for it, as a user while logging in, can
|| I use this method to resist keylogger type attacks?
|| My method is to type password and username in an interlaced mode, and
|| even add some backspaces among them, such that the keylogger will
|| record incorrect username and password. Will such a DIY method help to
|| resist keylogger type attacks?
||
|| Thanks for your comments.
|
| Most Keyloggers are Trojans and not viruses.  Some viruses do however have
keylogging
| capabilities.
|
| Your best prevention is anti virus software performing "On Access"
scanning, practicing Safe
| Hex and not sharing the computer with "others".
|
| Your present methodology sounds worthless.
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|



Re: Keylogger resistance

Phil,
| After all, a 'keylogger' captures the key sequence you
| type in, not what the results look like on the screen.

The sequence may be misleading because I typed user/pass in an
interlaced mode.
eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
simple keyloggers?


Re: Keylogger resistance

'John' wrote:
| The sequence may be misleading because I typed user/pass in an
| interlaced mode.
| eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
| A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
| simple keyloggers?
_____

Now I think I know what you mean; you enter characters alternately into the
'User ID' and 'Password' slots.

It MIGHT be better than nothing, but do you want to bet your security on it?
After all, if a keylogger has breached your security, what else may have?
And keyloggers don't just capture User ID and Password keystrokes.

Phil Weldon

| Phil,
|| After all, a 'keylogger' captures the key sequence you
|| type in, not what the results look like on the screen.
|
| The sequence may be misleading because I typed user/pass in an
| interlaced mode.
| eg. user: ABCD, pass:1234 but I typed them as A1B2C3D4, or even
| A13[Backspace]B25[Backspace]..... and so on. Won't this way confuse
| simple keyloggers?
|



Re: Keylogger resistance

| Most Keyloggers are Trojans and not viruses.  Some viruses do however
have keylogging
| capabilities.

As I know, Trojans are a type of viruses.


Re: Keylogger resistance


Quoted text here. Click to load it

No, viruses and worms self-replicate. Trojans do not. The
all-encompassing term is malware, not viruses. Viruses and Trojans are
forms of malware.

Art
http://home.epix.net/~artnpeg

Re: Keylogger resistance

I am pleased to find that Windows 2000 and XP have a great tool that
can help in logging onto unprotected web sites. OSK.EXE can set the
mouse input mode as time delay instead of left-clicking which will
resist some advanced keyloggers that take screen shot. I shall use it
to login unprotected web sites.

Any comment?


Re: Keylogger resistance


John wrote:
Quoted text here. Click to load it

A comment: practically both methods (the one the first user posted and
the one you are talking about) are worthless. There are a new breed of
trojans / keyloggers which is becomming more and more popular which
register themselves as browser plugins (BHO - Browser Helper Objects -
is the name for IE plugins) and capture the data when you are posting
it to the site, meaning that if you have such a tool, you are
defensless (no on screen keyboard, https or any other thing can help
you). So have a good up-to-date antivirus.


Re: Keylogger resistance


Quoted text here. Click to load it

For such a plugin attack, there should be no way to protect passwords
on simple webpages.
The workable technique that I can figure out is to embed a java applet
or COM in the webpage for inputting sensitive data, so that BHO has no
chance to capture posting data.
Right?


Site Timeline