Keystroke loggers, or simply keyloggers can come in the form of software installed on an operating system or hardware that is connected in between the computer and keyboard to capture and record typed keystrokes. Security software such as antivirus will normally report a detected keylogger as malware due to the nature of such a program that has the ability to hide its presence and possibly be misused to steal login information to banking sites and etc.
There are a couple of methods to defeat keyloggers to protect your identity and each has its own advantages. The first method is obviously a good antivirus software but it certainly cannot detect every single keylogger out there so you’ll need an additional layer of protection. Next you can use a behavioral analysis software such as SpyShelter or Zemana AntiLogger that notifies you when it detects any logger actions (screen capture, keystroke and clipboard logging, webcam logging) that are normally used by keyloggers. Keystroke encryption software such as KeyScrambler is also very effective against keyloggers by feeding them with gibberish data.
Another method that is more suitable to be used on public computers, such as in a cybercafé, that prevents you from installing third party software is a virtual keyboard. A virtual keyboard is basically a portable program that simulates an actual keyboard on your computer where you can send keystrokes by using your mouse. The idea of using a virtual keyboard to defeat keyloggers might seem flawless since the keyboard is not being used to type in the password but this is a common misconception. To see the effectiveness of virtual keyboards against keyloggers, we’ve tested 5 virtual keyboards programs against 12 commercial paid keyloggers.
1. Neo’s SafeKeys
Neo’s SafeKeys defeats keyloggers by transferring the characters you selected with your mouse using drag and drop method. It is one of the most secure method to date because you are not using your keyboard nor your clipboard since it does not involve copying and pasting. All you need to do is run Neo’s SafeKeys, select the characters using your mouse, double click on the asterisks, then drag and drop into the password box on your web browser.
Do note that that Injection Mode will need to be enabled from the Options menu bar if you intend to drag and drop the password into non web browser applications. Neo’s SafeKeys has not been updated for nearly 3 years but it worked perfectly on Windows 7 and 8 during testing.
2. Oxynger KeyShield
The first thing that you’d notice in Oxynger KeyShield is that the layout of the keys are totally random and it gets reshuffled each time you run it to protect against mouse logging. Oxynger KeyShield may look just like any other virtual keyboard but it is actually made specifically to fight keyloggers. It even includes a screen capture protection when Oxynger KeyShield is running.
3. Mouse Only Keyboard
Mouse Only Keyboard is another really old tool which was last updated 8 years ago. It is portable and small in size at only 73KB in size. Mouse Only Keyboard doesn’t really resemble an actual keyboard but surprisingly is quite effective even against modern keyloggers. It helps you to transfer sensitive information such as passwords through the clipboard (copy and paste) while disabling clipboard viewing to prevent keyloggers from capturing clipboard data. Additional custom characters can be permanently added to the list by adding it to the mok.ini configuration file.
4. Anti-Keylogger Virtual Keyboard
We found this software in one of the download portal website that advertises it as a virtual keyboard which protects against hardware and software keyloggers. There’s nothing to configure in this virtual keyboard and the only annoyance we find is it starts up together with Windows which can be disabled from the “msconfig” tool at Startup tab. The download link below points to CNET’s Download.com so make sure you click on the Direct Download Link to avoid using their wrapper installer. Instead of installing it, you can extract the program using Universal Extractor to obtain the portable executable file.
5. Windows On-Screen Keyboard
Windows users can find a built-in virtual keyboard called the On-Screen Keyboard (osk.exe) that allows you to enter data without relying on the physical keyboard. We realized that many people think that the Windows On-Screen Keyboard can help to protect against keyloggers so we are including it in the test. You can run the On-Screen Keyboard by typing “osk” in the Windows search.
Virtual Keyboards VS Keyloggers
To determine if virtual keyboards are effective against keyloggers, we’ve put all 5 virtual keyboards listed above to the test against 12 commercial paid keyloggers.
There are some keyloggers that are capable of capturing screenshots on mouse clicks and this option can easily reveal the characters being selected from the virtual keyboard programs. This is why Neo’s SafeKeys and Oxynger KeyShield claim to provide screenlogger protection to prevent keyloggers from capturing the pressed buttons on the virtual keyboards. The screen capture protection is equally important so we’ve also tested both Neo’s SafeKeys and Oxynger KeyShield with 7 keyloggers that are capable of taking screenshots on mouse clicks.
- Neo’s SafeKeys Drag and Drop mode is the only one that protected against all 12 keyloggers but ironically failed all 7 screen capture test
- Mouse Only Keyboard failed only 1 test against a low level driver-based keylogger.
- The effectiveness of screen logger protection in virtual keyboard software is very important, making Mouse Only Keyboard unsafe to use.
- The built-in On-Screen Keyboard in Windows is useless against keyloggers. It was never meant for security use but merely as an “ease of use” tool.
- Virtual keyboard software should NEVER be used to fend against keyloggers unless it is developed with security in mind.
- Oxynger KeyShield have a lot potential to be one of the best if not the best security based virtual keyboards because it managed to protect against a low level keylogger but unfortunately it failed against “Any Keylogger”.
Additional Note: Some antivirus software such as Kaspersky, eScan and Panda comes with a built-in virtual keyboard that can help to prevent a keylogger from capturing keystrokes. Below is an example of the virtual keyboard found in Panda Antivirus Pro 2014. They are safe to use and you should use it whenever you need to manually type in sensitive information such as password.