4

How effective are on-screen keyboards against software keyloggers?
Windows 7 on-screen keyboard to be specific.
They will definitely bypass hardware keyloggers but what about sophisticated software keyloggers?

e.g. On a bank website, is it safer to use windows virtual keyboard or the soft keyboard provided on the webpage itself?

Update
I am not saying that my system is infected.
I am just asking this as a precautionary measure for the cases like when I have to use a PC in cyber cafe.

tumchaaditya
  • 3,752
  • 5
  • 39
  • 57
  • It is a very trivial task to write software that will take a screenshot when either keyboard or mouse buttons are pressed. So how effective your on-screen keyboards are is basically zero. – Ramhound Sep 13 '12 at 16:58
  • Use a OS boot cd when using cyber cafe's, something like puppy linux. Your question is not clear, if there is a keylogger on your PC it does not matter if you are in a cyber cafe or not? – Moab Sep 13 '12 at 19:26

3 Answers3

5

It is far safer to assume that all functionality in a compromised machine will give you away rather than assuming that only some functionality has been compromised. Once a machine has been rooted, the only way to be 100% sure it's safe again is to wipe and reinstall.

In the case of public computers, I would assume that the machine is compromised and not do anything on that machine that you can't quickly recover from. I certainly wouldn't do any banking on such a machine.

Green
  • 556
  • 3
  • 9
  • `rooted` ? This is not andriod – HackToHell Sep 13 '12 at 12:50
  • 5
    Android isn't the only place where the term "rooted" is prevalent. The term comes from the *nix world where if you're the 'root' user, you're God on that machine. Hence a rootkit is malware that gives you root access to a machine. The term is generalized across Windows, Mac and *nix. A compromised machine is said to be "rooted". – Green Sep 13 '12 at 12:53
  • updated the question – tumchaaditya Sep 13 '12 at 14:02
  • @Green Can I see a usage of `rooted` with reference to malware and non-linux operating systems ? – HackToHell Sep 13 '12 at 14:08
  • 1
    Well, there's this one back in 2005. http://www.softwaretipsandtricks.com/forum/windows-xp/26024-am-i-hacked-rooted-windows-xp-pro.html The user points to being told that he was "rooted". I wasn't able to find any other instances. Heh, I figured that 'rooted' was what you called compromising an operating system and installing a rootkit. – Green Sep 13 '12 at 16:46
  • 1
    @HackToHell While the term *rooting* is not necessarily found, the term *root* for escalated privilegies is rampant in this wikipedia page https://en.wikipedia.org/wiki/Rootkit – Eroen Sep 13 '12 at 17:27
2

If the system is compromised by a software key logger, then I probably has other functions too like getting text off a web form so watever keyboard you use, the malware is still gonna get it.

If you figure out a way of bypassing even that, the malware could get your password by using a Man in the middle attack. Best thing to do is, find a safe system and boot linux live.

HackToHell
  • 6,328
  • 3
  • 38
  • 62
0

This depends on the kind of keylogger you want to bypass.

If it's a hardware keylogger, i.e. someone broke into your home or office and installed a piece of hardware, the on-screen keyboard will prevent them from reading your password, as there is no signal transmitted from your keyboard.

If you're concerned about software keyloggers, i.e. malicious software, it entirely depends on what functionality was implemented by the attacker. If they just read the keys you press, an on-screen keyboard might help, depending on what part of the OS they attack. If it's not the OS's OSK, but e.g. a Flash program provided by your bank, it is safe from regular key intercepts, but it shouldn't be too difficult for an enterprising programmer to detect the location of clicks and record the nearest few pixels when the user visits a particular bank's website.

If you're already strongly concerned about malware anyway, e.g. accessing your bank website in an unknown and potentially compromised environment, just don't do it.

Daniel Beck
  • 109,300
  • 14
  • 287
  • 334