From CastleCopsWiki

Caution

The article below is currently in beta and has not been reviewed for factual errors.

Contents 1 Anti-Keyloggers 1.1 Anti-Keylogger - Resident Guard 1.2 Anti-keylogger on demand only 1.3 Other passive methods to protect from keylogging (but will not detect) 1.4 Virtual keyboards 1.5 Disposable passwords 1.6 Other none-technological methods 1.7 Working in a unsecured environment 2 Resources to learn about keylogging and antikeylogging

[edit] Anti-Keyloggers

Screenshots
Selection of Anti-Keyloggers snapshots:
(Click to enlarge)

I Hate Keyloggers

KeyScrambler Personal

Mouse-Only Keyboard

MyPlanetSoft Anti-Keylogger

Neo's SafeKey

PSM AntiKeyLogger

SnoopFree Privacy Shield

In this page we list specific anti-keyloggers. While there are specialized anti-keyloggers that detect keyloggers using signatures, none are freeware. All the software listed on this page detect keyloggers using generic methods.

Note, that some freeware Anti-virus, Anti-spyware, Anti-trojan will detect keyloggers by signatures. Anti-rootkits that detect rootkits using generic methods can only often reveal keyloggers because they can defeat the methods used by keyloggers to hide.

Generic Anti-keyloggers are essentially behavior blockers focusing on only one very limited aspect, as such many complete HIPS also can block many keylogging methods. Certain sandboxes like SafeSpace can block keyloggers but only if they (the keyloggers) are run in the sandbox.

Types of Keyloggers

Hardware keyloggers cannot be detected by software methods.

There are two types of software keyloggers hooking keyloggers and kernel/driver keyloggers.

Kernel keyloggers are hardest to detect and when they are installed they can be almost invisible- many are really no different from kernel rootkits using stealth tactics to hide. The best defense against kernel keyloggers is to stop them from being installed in the first place by blocking drivers installations using HIPS or limited user accounts. Detection of installed kernel keylogger is difficult, an expert user using antirootkit such as Gmer can often detect it.

Hookbased keyloggers can be more easily detected, and most of the entries on this page are designed to work against them. Many HIPS also have the ability to block global hooks which will stop hook based keyloggers as well.

There are other application specific keyloggers , mostly commonly those that target browsers via browser plugins like (BHOs, extensions) or even proxies for man in the middle attacks. These can't be handled by the antikeyloggers on this page, because they do not use global hook mechanisms.

[edit] Anti-Keylogger - Resident Guard

1. PSM AntiKeyLogger (open source) - http://psmantikeyloger.sourceforge.net/prod01.htm
2. SnoopFree Privacy Shield - http://www.snoopfree.com/
3. See also Lists of freeware behavior blockers e.g SSM that block global hooks.

These two anti-keyloggers are designed to detect hook based keyloggers. PSM AntiKeyLogger unlike SnoopFree Privacy Shield works on Win 98 as well as Win2K, XP. The former also monitors GetAsyncState , something not done by the later. On the other hand Snoopfree warns you of attempts to capture screen but PSM AntiKeyLogger does not.

[edit] Anti-keylogger on demand only

1. KL-Detector v1.3 - http://dewasoft.com/privacy/kldetector.htm
2. Spyhunter - http://spyhunter.cjb.net/ Outdated
3. See also List of freeware anti-rootkits, that can detect keyloggers via generic methods.
4. See also Lists of freeware antivirus , Lists of freeware antispywareand Lists of freeware antitrojan that can detect keyloggers via signature.

KL-Detector works by trying to detect log files being created by the keylogger. It is probably not very effective except against the most basic keyloggers.

[edit] Other passive methods to protect from keylogging (but will not detect)

These will not detect any keyloggers if they exist, but will make it difficult for them to log valuable data.

1. I Hate Keyloggers (nagware, nags on start)- http://dewasoft.com/privacy/i-hate-keyloggers.htm
2. KeyScrambler Personal - http://www.qfxsoftware.com/
3. MyPlanetSoft Anti-Keylogger - http://www.myplanetsoft.com/free/antikeylog.php

I Hate Keyloggers and MyPlanetSoft Anti-Keylogger tries to thwart antikeyloggers by deactivating any system wide hook. This will prevent any existing hook based keylogger from working. Note, a few rare keylogger's like Martin's Undetectable keylogger will not be blocked by either of them

KeyScrambler Personal has an interesting approach of encrypting keystrokes using a kernel driver before sending them to the browser (firefox or Internet explorer only). Any keylogger will only be able to log the encrypted input.

[edit] Virtual keyboards

1. Neo's SafeKey - http://www.aplin.com.au/?s=safekey
2. Mouse-Only Keyboard (MOK) - http://www.myplanetsoft.com/free/antikeylog.php#down
3. Transaction Guard's secret keyboard - http://www.trendsecure.com/portal/en-US/free_security_tools/transaction_guard.php

First off, the free on-screen keyboard offered by Windows XP Accessability tools is useless against keyloggers because it stimulates an actual keyboard press (even in hover mode), so some keyloggers will be able to log it as usual.

Mouse-Only Keyboard (MOK) - provides a virtual keyboard, with some clipboard protection and protects against hook based keylogger using the same method as MyPlanetSoft Anti-Keylogger.

Neo's SafeKey, provides a virtual keyboard which changes "width and height each time, as well as its placement on the screen (to fool mouse-loggers, buttons will always be in different positions each time you use the program)". You then drag and drop the password into the form field, so it doesn't rely on the clipboard at all.

[edit] Disposable passwords

1. KYPS (beta)- http://kyps.net/index.htm
2. PassPack (beta)- http://www.passpack.com/info/home/
3. Clipperz - http://www.clipperz.com/
4. Logmein - https://secure.logmein.com/home.asp

One way to thwart capture of passwords is to use one-time disposable passwords. The idea here is that even if the password is captured it is pointless because it is now invalid because you just used it! This is particularly useful when using on public, untrusted machines, although you do have to prepare in advance by generating a list of one-time passwords and to store it safely (on paper?). The entries in this category all provide the possibity of generating one-time disposable passwords with various services.

KYPS (beta) is a service that allows you to generate and use one-time password to use with popular webmail services like Hotmail, Yahoomail, Gmail etc.

Recently in 2008, we have seen the rise of online password managers.PassPack (beta) and Clipperz are two of the leading ones. One problem here is of course you need to enter the master password that unlocks the password database and that can be captured. To handle this yhey both provide the option of pre-generating one-time passwords (in advance on trusted computers) and then using them on untrusted machines.

Logmein is a service that allows you to gain remote access control to your own PC. They provide one-time passwords as well for use.

[edit] Other none-technological methods

"How To Login From an Internet Cafe Without Worrying About Keyloggers" - observes that "you can fool most keyloggers by alternating between typing the login credentials and typing characters somewhere else in the focus window. For example, type one letter of your password, then click somewhere else within the same focus window (it must be the same window) and type some random characters, then click back in the password area and type the next character, and so on." http://antivirus.about.com/b/a/257757.htm

Other similar methods includes typing a series of random characters in the form field, highlight them, and type the correct information. This will cause the highlighted random characters to be replaced with the valid characters. The idea here is to avoid using the delete key. Or you could assemble your password by cutting and pasting different strings.

Another trick suggested by Ian Richards is to "enter a character by holding down the Alt key and using the numeric keypad. For example the letter "a' can be entered by ALT 123".

Note the above methods are not even close to foolproof, a very determined attacker could combine clipboard, keylogger and mouse capture logs and try various permutations to get your actual password.

He also recommends a combination of all these methods to assemble some of the password plus the use of a virtual keyboard like NeoSafeKeys for the rest of the password affords even more protection, depending on how frequent screenshots taken are.

Copy and pasting password from a password manager to bypass the keyboard. But unless there is some protection of the clipboard , password stealers can obtain the password there too.

Keeform - http://www.autoitscript.com/forum/index.php?showtopic=19403 , using autoit.

"Keyloggers" that do a combination of clipboard monitoring, mouse click logging, screen captures (most computationally expensive) as well as good old keyboard logging will defeat almost everything except if your password is time sensitive , one use password , so capturing it once is pointless unless as part of a man in the middle attack.

[edit] Working in a unsecured environment

See Security_on_a_unsecured_computer

[edit] Resources to learn about keylogging and antikeylogging

1. Introduction to Spyware Keyloggers - http://www.securityfocus.com/infocus/1829
2. How To Login From an Internet Cafe Without Worrying About Keyloggers - http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf
3. Keyloggers how they work and how to detect them - http://www.viruslist.com/en/analysis?pubid=204791931
4. Sandboxie and keyloggers - http://www.sandboxie.com/index.php?DetectingKeyLoggers

---

This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | Freeware URL scanners | freeware security suites | List of unclassified tools Related : Lists of online scanners

While reasonable attempts have been made to avoid the listing of any malicious or ineffective software, an entry listed here should not be taken as a mark of approval from CastleCops. The selection of freeware (see definition) here is more inclusive, to provide more experienced users scope for experimentation and not just the usual half dozen or so freeware security software that are often mentioned. While there are many gems in the list, some are in beta and unstable or require fair amounts of skill to use. Less experienced users should probably refer to Roll your own Free Security Suite for a shorter list of popular and safer freeware.

edit this template