The word “anti keylogger” today seems to be a universal meaning of keeping you safe against Keyloggers and not necessarily mean that it can detect and block keyloggers. Detecting, blocking and neutralizing keyloggers is one method normally used by traditional antivirus/antimalware but there a couple of ways that can also protect you against keyloggers such as using KeyScrambler to encrypt keystrokes so that keyloggers only captures random letters. Another method is to detect the keylogger “activities” such as taking screenshots, webcam logging, keyboard logging by using application such as Zemana AntiLogger. Each has their own unique way in keeping you safe against keyloggers and cannot be compared.
Ever since I started testing a few security applications against keyloggers, Lunarwolf has been bugging me to test Neo’s SafeKeys v3. Moreover there are also some of you would prefer a portable software that could keep you safe against keyloggers. The official Neo’s SafeKeys v3 website claims that “Neo’s SafeKeys v3 provides 100% keylogger protection” and let us see if that is true…
When you run Neo’s SafeKeys v3, it presents you with an on-screen keyboard. Basically you use your mouse to click on the characters to make up your password, then click twice on the asterisks (*) which will highlight all of it and drag-drop it onto the password box at the web browser or application.
Logically not using your keyboard to type at all should prevent keyloggers from capturing what you have typed but that is not true if you look at the results below. 12 keyloggers has been tested against Neo’s SafeKeys v3 with Injection mode enabled and 3 keyloggers managed to capture the password after dragging and dropping it to the recipient password box.
All In One Keylogger – PASS
Ardamax Keylogger – PASS
Refog Keylogger – PASS
Revealer Keylogger Pro – PASS
Ecodsoft Keylogger – PASS
WebWATCHER – PASS
BlackShades RAT – PASS
CyberGate RAT – PASS
DarkComet RAT – PASS
Advanced Keylogger – FAIL
Award Keylogger – FAIL
Elite Keylogger – FAIL
Neo’s SafeKeys v3 is able to beat a lot of keyloggers but definitely not 100% especially when it comes to low-level kernel keyloggers. Nevertheless, it is free, has a portable version and comes with a few useful techniques in combating against keyloggers to attempt to protect your password. The latest version 3 comes with the “injection mode” which is enabled by default so you can drag and drop on programs such as KeePass, Roboform and etc.
I understand that a lot of time and efforts are put into coding a software but claiming that it can provide 100% protection is just wrong unless it is proven. I personally feel sorry for those innocent and amateur computer users that put their 100% trust on a software when it cannot protect them 100%, risking their password being captured by keyloggers.
[ Visit Neo's SafeKeys Website ]
UPDATE 14/June/2011: After reading the open letter that Neo has posted on his forum, I have decided to test the drag-drop method on Advanced Keylogger, Award Keylogger, Elite Keylogger, and Invisible KeyLogger Stealth. All 4 keyloggers failed to capture the password which I have dragged and dropped using the “Drag and Drop Mode”. The “drag and drop mode” is the safest method which you should use on all web forms, even on cybercafe. As for the “injection mode”, you should only use it on programs that does not work with drag and drop mode. If you don’t have LastPass to automate login for you on public computers, Neo’s SafeKeys with “drag and drop mode” is considered to be the next best option.
Related posts:
Very good review Mr Raymond.Thanks for one more update regarding keyloggers.
If Zemana AntiLogger gives away some more keys, I’ll repost a link here. I’m now very curious how good it’s protection would be. I like it, for it never nags nor slows my computer. If it is any good, dunno but it comes well recommended :)
And if Raymond himself would like to receieve a year license of this program, let me know. I probably have one spare ; )
Peace!
Devvie
~~~ notemail@facebook.com ~~~
Cuisvis hominis est errare, nullius nisi insipientis in errore ersevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-011 by DevNullius)
I have found your keylog articles fascinating and have since started to look at my own security. I have now purchased zemana anti keylog software.
THANKS FOR THE GREAT INFORMATION
James
I use this program when I have to check my emails in the internet cafe only.
And I install with it “Anti Keylogger Shield” that may help to protect me from some of the keyloggers.
If above metod is used, i doubt even the best anti key logger/scrambler will be successful to prevent it!!
Hi Raymond,
here is an interesting article about capturing keystrokes (dont know this works with touch key screen or not??)
“Snooping through the power socket”
news.bbc.co.uk/2/hi/8147534.stm
Power sockets can be used to eavesdrop on what people type on a computer.
Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed.
By analysing the information leaking onto power circuits, the researchers could see what a target was typing.
The attack has been demonstrated to work at a distance of up to 15m, but refinement may mean it could work over much longer distances.
Hotel attack
“Our goal is to show that information leaks in the most unexpected ways and can be retrieved,” wrote Andrea Barisani and Daniele Bianco, of security firm Inverse Path, in a paper describing their work.
The research focused on the cables used to connect PS/2 keyboards to desktop PCs.
Usefully, said the pair, the six wires inside a PS/2 cable are typically “close to each other and poorly shielded”. This means that information travelling along the data wire, when a key is pressed, leaks onto the earth wire in the same cable.
The earth wire, via the PC’s power unit, ultimately connects to the plug in the power socket, and from there information leaks out onto the circuit supplying electricity to a room.
Even better, said the researchers, data travels along PS/2 cables one bit at a time and uses a clock speed far lower than any other PC component. Both these qualities make it easy to pick out voltage changes caused by key presses.
A digital oscilloscope was used to gather data about voltage changes on a power line and filters were used to remove those caused by anything other than the keyboard.
“The PS/2 signal square wave is preserved with good quality… and can be decoded back to the original keystroke information,” wrote the pair in a paper describing their work.
They demonstrated it working over distances of 1, 5, 10 and 15m from a target, far enough to suggest it could work in a hotel or office.
“The test performed in the laboratory represent a worst case scenario for this type of measurement, which along with acceptable results emphasizes the feasibility of the attack on normal conditions,” they added.
The pair said their research was “work in progress” and expect the equipment to get more sensitive as it is refined.
The attack is due to be demonstrated at the Black Hat conference that takes place in Las Vegas from 25-30 July.
-Alan Solomo
Thank you so much Raymond. :)
Very good review Mr Raymond. I think using LastPass + Neo’s Safekeys will put things harder to most keyloggers although I assume not 100%.
Thank you very much for such articles…
I agree about the conclusion as amature user’s derivations. If I want to use a system with a simple anti mallware , that can be anything like MSE or avira etc with good firewall protection and good speed in computing environment , should I bother about these key loggers as there is a simple policy keep the important documents on a offline computer and never connect that computer to internet . may be that a solution for me in this very complicated world of internet security misadventure environment.
Thanks Raymond for your time. Sorry that I bugged you. :P
Hi,
You need to check this new password protection systems..
biopassword.com
Seems too good to be true..
Regards,
Sheldon.
@Vinodh: Sorry I can’t help you with that. You can Google it up or ask in some hacking forums.
@Gunny: Good question. I can’t give you an answer now but will definitely test it since I have a touch screen all-in-one Dell desktop.
Hi Raymond,
i can send a tip for making keyscrambler premium fully functional, i am not kidding & this is not a spam post!!
let me know if you are interested.
PS: if you decide to delete my post please take some time to let me know the reason…….
Thanks
-Alan Solomon
Just a question.
If you have a touch screen computer (not that I do, just an example) and you use the inbuilt touch screen, it will just act like a normal keyboard yes? It won’t make it hard for keyloggers like these programs you’re reviewing?
Thanks for one more update regarding keyloggers. I am really afraid to use any unsafe system whether it is in a friend’s house or at any Internet Cafe due to keylogger threats.
I hope we find some really good alternative that can defeat all the keyloggers.
Thanks again. :)
Hi ray,i need a keylogger that should not be detected by any antivirus.can you tell me?