Your passwords for the company Intranet, your login information for your online bank, even your Windows user name and password; any of these are subject to targeting by keylogging software.
Keyloggers come in the form of everything ranging from legitimate corporate monitoring solutions to malicious spyware contracted from the Internet or email attachments. There are many security packages that claim to protect against them, but how can you as the end user of these products be certain?
Unless you work within a company that has a policy covering the use of such programs for employee monitoring, you will probably not see a keylogger running on your Windows computer. Their primary function is to run quietly and hidden, giving the author the ability to collect key strokes from the victim. Fortunately, security software is trying to keep up with these types of spyware, and are doing a better job locating and destroying them than in years past.
That said, there is always room for improvement. At times you may need a second opinion to help your security solution. The Anti-Keylogger Tester (found here) is designed with this practice in mind. It helps to detect gaps in your security tools specifically for keyloggers.
For the purposes of this article, a test environment was setup. This involved a Windows XP computer (with SP3 installed), all current Windows Updates, the Windows Firewall turned on, and using the KeyScrambler software to illustrate the practicality of using tools that specifically combat keyloggers.
Mozilla Firefox 3.5.3 is being used for a web browser, where the typing is taking place in the Google search text box. The Anti-Keylogger Tester is running to catch unprotected outbound key strokes, normally captured by keylogging spyware.
This environment is security software ambiguous since there is no true keylogger involved (though as a side note, several security packages will detect the Anti-Keylogger Tester software as a virus, spyware, or unknown security risk).
First we will look at the main interface to the Anti-Keylogger Tester. It is a simple windows with no menus, and a handful of buttons. Hovering the mouse pointer over any of the buttons will bring up a description of what each of them does.
It is important to note that with each description, there are words to the effect that each function does not require an administrative account to be active. Rather, each of them can operate in other, more limited types of Windows User accounts.
Each of the first seven buttons emulate the gathering of key strokes in some manner. For the first test, button two, GetAsyncKeyState, was clicked on. Firefox was open without KeyScrambler activated. A small amount of text was entered into the Google search text box.
Here we see that the Windows Firewall failed to block activity by a keylogger. At this point, one can click the Stop button to halt the Tester and return to the main menu. Keeping the same setup, we will try a different method of key stroke gathering. This time around, we will try button five, the LowLevel Keyboard Hook.
At this point, and through subsequent other tests, we find that the Windows Firewall on its own it not effective at stopping this type of key logging activity. Now we will activate KeyScrambler to see if there is a difference. Choosing an action at random, we select GetKeyBoardState (button three).
The V character is in this screen by default, it was not actually captured. KeyScrambler was successful in stopping the transmission of key strokes. However, we will try a second test to see if we can get around KeyScrambler. We will use button four, DirectX.
Again, nothing was captured while running KeyScrambler. Keep in mind that there are other products, besides KeyScrambler, which are capable of encrypting key strokes. There are also more advanced firewalls besides the Windows built-in firewall, readily available as paid or free software.
Remember that these tests were made without the inclusion of anti-virus or anti-spyware software in place. Many distributions of AV / AS software will recognize the activity patterns of keylogger software, and combat them accordingly.
It is up to the individual computer user, or system administrator, to determine to what security measures have to be put in place and to what extent. As with the installation of any computer safety component, it should be tested to ensure that it is working correctly. Software manufacturers should put their best foot forward when turning out a security product, but it never hurts to test their solution in your immediate environment.
Be The First To Comment
Please Leave Your Comments Below