Defense Against Keystroke Loggers?

By Bill Machrone  |  Posted 2002-08-15 Print this article Print

Who needs encryption hardware that you plug into your keyboard connector? Being paranoid helps, but it would help more if the device actually worked.

Why would I waste your time writing about a product that doesnt work? Because there is, however small, a need for it. And maybe some enterprising soul will create one that does work, and support it properly. The device in question is called CompuSafe. You plug it into your keyboard port, and your keyboard into CompuSafe. Its job is to create keystroke-by-keystroke encryption, so that if anyone is running a keystroke logger or Trojan that captures your keystrokes, all they see is garbage. The little box contains encryption hardware, and communicates with a driver that decrypts the keystrokes so that your applications can understand them. Closer look at CompuSafe CompuSafe is from Safe Technology Co. Ltd. ( The company has a Web site, but none of it is in English. Basically, you cant buy this product unless you speak Korean.
CompuSafe sounds good on paper, but has a couple of shortcomings. First, it assumes that the CompuSafe driver will load first or deeper, so that the keystroke logger sees the characters before theyre decrypted. Second, it offers no defense against spyware that simply takes snapshots of the screen.
I tested CompuSafe on a Dell 4100 running Windows XP, and matched it against WinWhatWhere Investigator, one of the best-known and most comprehensive keystroke loggers. W3I also captures screenshots. The CompuSafe installation was uneventful. An icon in the system tray showed whether CompuSafe was in secure mode or not, and a pair of LEDs on the unit tell you when its getting power and when its in secure mode. CompuSafes pop-up menu has only two choices: turn encryption on/off and turn on keyboard hooking alert. This latter function is supposed to tell you if some other device or process is hooking the keyboard interrupt or driver. I turned the hooking alert on, then started and stopped WinWhatWhere Investigator. No alert. I uninstalled and reinstalled W3I. Still no alert. With CompuSafes encryption turned off, my keystrokes appeared, as you would expect, in W3Is log. With it turned on, I got this:
\\N\\\o\\w\\\ \\\i\\s\\ \\\t\\\h\\e\\\ \\\t\\i\\m\\\e\\\ \\f\\\o\\r\\
\\\a\\l\\\l\\ \\g\\\o\\o\\\\d\\ \\m\\\e\\n\\ \\t\\o\\ \\c\\o\\m\\\e\\\t\\o\\\ \\\t\\\h\\e\\\ \\a\\\i\\d\\ \\o\\f\\ \\t\\h\\\e\\i\\r\\
Not exactly the master of deception, is it? I uninstalled W3I again and installed a no-name key logger that Id gotten from a hacking site some time back. This time, the log showed normal text when the CompuSafe was turned off and gobbledygook when it was turned on. But the systems response to keystrokes was sluggish, and it would miss some entirely. W3I was clearly snagging its keystrokes someplace further downstream than CompuSafes driver, closer to the applications, but it was also picking up all those backslashes, perhaps from CompuSafes decryption process. How Paranoid?
You have to be pretty paranoid to install a piece of hardware whose sole purpose is to defeat key loggers. And if you use a laptop, the device is pointless. It would make more sense to run WhosWatchingMe ( periodically to see if youre being logged, and then clean the logger off the system. But I like the idea of a device or software that can alert you if your keyboard interrupt is being hooked. In this increasingly security-conscious world, the more stuff you have on your side, the better. Related stories:
Bill Machrone is vice president of technology at Ziff Davis Publishing and editorial director of the Interactive Media and Development Group. He joined Ziff Davis in May 1983 as technical editor of PC Magazine, became editor-in-chief in September of that year, and held that position for the next eight years, while adding the titles of publisher and publishing director. During his tenure, Machrone created the tough, labs-based comparison reviews that propelled PC Magazine to the forefront of the industry and made it the seventh-largest magazine in the United States. He pioneered numerous other innovations that have become standards in computer journalism, such as Service and Reliability Surveys, free utility software, benchmark tests, Suitability to Task ratings, and price/performance charts. Machrone also founded PC Magazine Labs and created the online service PC MagNet, which later expanded into ZDNet. In 1991, when Machrone was appointed vice president of technology, he founded ZD Labs in Foster City, California. He also worked on the launch team for Corporate Computing magazine, was the founding editor of Yahoo! Internet Life, and is working on several other development projects in conventional publishing and electronic media. Machrone has been a columnist for PC Magazine since 1983 and became a columnist for PC Week in 1993.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel