Defense Against Keystroke Loggers?

Who needs encryption hardware that you plug into your keyboard connector? Being paranoid helps, but it would help more if the device actually worked.

Why would I waste your time writing about a product that doesnt work? Because there is, however small, a need for it. And maybe some enterprising soul will create one that does work, and support it properly. The device in question is called CompuSafe. You plug it into your keyboard port, and your keyboard into CompuSafe. Its job is to create keystroke-by-keystroke encryption, so that if anyone is running a keystroke logger or Trojan that captures your keystrokes, all they see is garbage. The little box contains encryption hardware, and communicates with a driver that decrypts the keystrokes so that your applications can understand them. CompuSafe is from Safe Technology Co. Ltd. (www.esafetek.com). The company has a Web site, but none of it is in English. Basically, you cant buy this product unless you speak Korean. CompuSafe sounds good on paper, but has a couple of shortcomings. First, it assumes that the CompuSafe driver will load first or deeper, so that the keystroke logger sees the characters before theyre decrypted. Second, it offers no defense against spyware that simply takes snapshots of the screen. I tested CompuSafe on a Dell 4100 running Windows XP, and matched it against WinWhatWhere Investigator, one of the best-known and most comprehensive keystroke loggers. W3I also captures screenshots. The CompuSafe installation was uneventful. An icon in the system tray showed whether CompuSafe was in secure mode or not, and a pair of LEDs on the unit tell you when its getting power and when its in secure mode. CompuSafes pop-up menu has only two choices: turn encryption on/off and turn on keyboard hooking alert. This latter function is supposed to tell you if some other device or process is hooking the keyboard interrupt or driver. I turned the hooking alert on, then started and stopped WinWhatWhere Investigator. No alert. I uninstalled and reinstalled W3I. Still no alert. With CompuSafes encryption turned off, my keystrokes appeared, as you would expect, in W3Is log. With it turned on, I got this:

\\N\\\o\\w\\\ \\\i\\s\\ \\\t\\\h\\e\\\ \\\t\\i\\m\\\e\\\ \\f\\\o\\r\\
\\\a\\l\\\l\\ \\g\\\o\\o\\\\d\\ \\m\\\e\\n\\ \\t\\o\\ \\c\\o\\m\\\e\\\t\\o\\\ \\\t\\\h\\e\\\ \\a\\\i\\d\\ \\o\\f\\ \\t\\h\\\e\\i\\r\\
\\\p\\a\\r\\\t\\y\

Not exactly the master of deception, is it? I uninstalled W3I again and installed a no-name key logger that Id gotten from a hacking site some time back. This time, the log showed normal text when the CompuSafe was turned off and gobbledygook when it was turned on. But the systems response to keystrokes was sluggish, and it would miss some entirely. W3I was clearly snagging its keystrokes someplace further downstream than CompuSafes driver, closer to the applications, but it was also picking up all those backslashes, perhaps from CompuSafes decryption process. How Paranoid?
You have to be pretty paranoid to install a piece of hardware whose sole purpose is to defeat key loggers. And if you use a laptop, the device is pointless. It would make more sense to run WhosWatchingMe (www.trapware.com) periodically to see if youre being logged, and then clean the logger off the system. But I like the idea of a device or software that can alert you if your keyboard interrupt is being hooked. In this increasingly security-conscious world, the more stuff you have on your side, the better. Related stories:

• Privacy and Security on Your PC
• ExtremeTech Syscheck
• Secure Your Software with Hardware