Anyone have any techniques for defending against key loggers? Obviously antivirus and the like. Would two-factor authentication be a good method? Like RSA keys? Or is that defeated because the user has to type the number in?
Re: Defending against key loggers
9 years 5 months ago #31219
As far as I know, If you have to type it, it can be logged. Unless off-course you use antivirus and the like as you mentioned to detect the key logger software. As you've mentioned, encryption wont help since the key strokes has to travel from your keyboard to the encrypting application first before being encrypted, key loggers will catch them before it reaches the application.
KL-Detector is one of the generic key loggers detectors. The neat thing about this one is that you don't have to install it, good for public PCs with no admin access. It's free too.
The worst ones, and the ones the serious players use, are the hardware key loggers. They are a bit like a small ps2-to-ps2 through coupler that you just stick in line with the keyboard. Then later you retrieve the thing and download the captured keystrokes off it. The best defence against these is vigilant visual inspection which is the method used to protect against them in banks, government offices etc.