12

Can I protect against keylogging by using the mouse? For example, to enter the password hunter2, I might do the following:

  1. type ttter2
  2. select the first tt and press ← Backspace
  3. type hun

To a keylogger, it would like like I typed tt← Backspaceter2hun, or ttterhun. Would this provide adequate protection, or are keyloggers able to follow mouse gestures, clicking, selecting etc., so they would catch password still?

gerrit
  • 1,829
  • 1
  • 17
  • 26
  • I would like to think this will be useful in *some* circumstances. However, it might depend on how much the intruder wants to get into the system. On an unrelated note, how much trust do you have that the machine does *not* have a keylogger? – kush Dec 11 '12 at 15:34
  • This "works" only against naive attackers. The keylogger will still pick up the maximum possible password length AND all characters contained in the password, even if it can't follow gestures. – Jonathan Garber Dec 11 '12 at 17:16
  • I do this when typing in payment-card details. It might be fairly useless, but it can't hurt. – lynks Dec 11 '12 at 17:40
  • Not to mention, an attacker could record mouse movements as easily as key presses. – ewanm89 Dec 12 '12 at 11:49

4 Answers4

14

A lot of keyloggers are smart enough to catch this. Not only do they log the keys being physically pressed, but they also log the contents of password boxes whenever window messages are processed, or when browser forms are posted. They also often capture small blocks of the screen around the mouse cursor, to catch cases like this.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • 2
    So they're not *literally* only keyloggers, then? – gerrit Dec 11 '12 at 15:36
  • 5
    90% of the time these days, no. They usually have various other features: remote access trojans, session / cookie stealers, file stealers, etc. – Polynomial Dec 11 '12 at 15:38
  • 4
    The one thing this *might* still fool is an inline hardware keylogger. – Iszi Dec 11 '12 at 16:22
  • Is there any alternative word for keylogger that is more descriptive of what it actually does? The word fooled me into expecting them to be less sophisticated than they really are. – gerrit Dec 11 '12 at 17:42
  • @gerrit: Screen-scrapers, I/O sniffers... – KeithS Dec 11 '12 at 19:24
  • @gerrit Trojan is probably the best term, since it (usually) refers to anything that steals content these days. The original term was for any type of malware that masqueraded as or inside something legitimate, but that covers most malware these days. – Polynomial Dec 11 '12 at 19:49
  • @Iszi not when it's on the USB cable going to hub both the keyboard and the mouse are plugged into... I'm considering how an iMac tend to be setup with the mouse plugged into the USB hub built into the apple keyboard. – ewanm89 Dec 12 '12 at 11:52
  • @Polynomial Well, trojan specifically refers to something the user installed thinking it was something else or partly was something else. – ewanm89 Dec 12 '12 at 11:54
  • @ewanm89 That's what it *used to* refer to. These days malware such as Zeus is considered a trojan, despite the fact that the delivery / installation mechanism need not be trojan-like. – Polynomial Dec 12 '12 at 11:55
3

It really just depends on how advanced the said keylogger is. Some keyloggers collect data from password boxes when the form is submitted, and some monitor when the keys are pressed. Some keyloggers can be really advanced and even record mouse movements, and your screen. If you do have an unwanted keylogger, I'd take time to try and eradicate it, instead of try to trick it. You don't want to take chances with malware.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
gggggeg
  • 141
  • 1
1

Most are more complex than this, but even a limited key logger would still pick up enough information to be able to drastically reduce the entropy of guessing your password since it would be known what characters compose your password and would just be a matter of figuring out what to discard.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • If I enter my password entirely by pasting in characters, a primitive keylogger would be lost, wouldn't it? – gerrit Dec 11 '12 at 16:24
  • If you pulled it entirely from pre-existing text, then yes, the very most basic would be lost, but that's probably less than 5% (WAG) of keyloggers. It's pretty easy to inspect windows elements and the clipboard. In short, it isn't really worth the effort it takes. Proactive prevention and two factor authentication (one time use keys) are a far better protection. – AJ Henderson Dec 11 '12 at 16:30
0

I perceive this as very cumbersome (moreso as I get older and mouse precision declines). I think that cost benefit analysis would suggest that reducing the probability of keyloggers would be a higher value strategy.

MCW
  • 2,572
  • 1
  • 15
  • 26