How to Protect yourself from keyloggers ?
Keylogger can be used by your enemy to get sensitive information such as your Bank credit card details, or password of any social networking sites etc. In order to be safe keep following points in your mind.
- Never use your online banking from cyber cafe.
- If you want to use then you can try this method. Open notepad and type anything Then copy and paste each word that comes in your username or password.
- You can even use above method to protect your facebook profile, yahoo or gmail id.
- When you enter cyber cafe make sure that no hardware device is attached to keyboard wire. Its look something like this.
- Use An Anti keylogger to detect keyloggers on a computer.
- Rebooting the computer using a Live CD or write-protected Live USB is a possible countermeasure against software keyloggers Booting a different operating system does not impact the use of a hardware or BIOS based keylogger.
- Many Anti-spyware/Anti-Virus applications are able to detect some software keyloggers and quarantine, disable or cleanse them.
- However, because many keylogging programs are legitimate piece of software under some circumstances, anti spyware often neglects to label keylogging programs as spyware or a virus.
- Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection.
- This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.
- Automatic form-filling programs may prevent keylogging by removing the requirement for a user to type personal details and passwords using the keyboard.
- Using One-Time Passwords may be keylogger-safe, as each password is invalidated as soon as it's used.
- This solution may be useful for someone using a public computer, however an attacker who has remote control over such a computer can simply wait for the victim to enter his/her credentials before performing unauthorised transactions on their behalf while their session is active.
- Use of Smart Cards or other Security Tokens may improve security against replay attacks in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase.
- Most on Screen Keyboards (such as the onscreen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to type text.
- Every software keylogger can log these typed characters sent from one program to another.
- Additionally, keylogging software can take screenshots of what is displayed on the screen (periodically, and/or upon each mouse click), which means that although certainly a useful security measure, an on-screen keyboard will not protect from all keyloggers.
- Keystroke Interference software attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to.
- An attacker has the task of extracting the keystrokes of interest—the security of this mechanism, specifically how well it stands up to cryptanalysis, is unclear.
- Speech-To-Text Conversion Software can be used against keyloggers, since there are no typing or mouse movements involved.
- The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the recognition took place.
- Mouse gesture,Graphic Tablets and light pens programs convert these strokes to user-definable actions, such as typing text.
- The same potential weakness of speech recognition applies to this technique as well.
- Use of Macro expanders/recorders .
- With the help of many programs, a seemingly meaningless text can be expanded to a meaningful text and most of the time context-sensitively. The biggest weakness of this technique is that these programs send their keystrokes directly to the target program.
- However, this can be overcome by using the 'alternating' technique -
- Sending mouse clicks to non-responsive areas of the target program.
- Sending meaningless keys.
- Sending another mouse click to target area (e.g. password field) and switching back-and-forth.
- Non-technical method
- Alternating between typing the login credentials and typing characters somewhere else in the focus window can cause a keylogger to record more information than they need to, although this could easily be filtered out by an attacker.
- A user can move their cursor using the mouse during typing, causing the logged keystrokes to be in the wrong order e.g., by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
- Someone can also use context menus to remove, cut, copy, and paste parts of the typed text without using the keyboard.
- An attacker who is able to capture only parts of a password will have a smaller key space to attack if he chose to execute a brute-force attack.
- Another very similar technique , any selected text portion is replaced by the next key typed.
- E.g., if the password is "power", one could type "po", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd".
- These techniques assume incorrectly that keystroke logging software cannot directly monitor the clipboard, the selected text in a form, or take a screenshot every time a keystroke or mouse click occurs. They may however be effective against some hardware keyloggers.
You May Also Like To Read