Defense Against Keystroke Loggers?
Who needs encryption hardware that you plug into your keyboard connector? Being paranoid helps, but it would help more if the device actually worked.Why would I waste your time writing about a product that doesnt work? Because there is, however small, a need for it. And maybe some enterprising soul will create one that does work, and support it properly. The device in question is called CompuSafe. You plug it into your keyboard port, and your keyboard into CompuSafe. Its job is to create keystroke-by-keystroke encryption, so that if anyone is running a keystroke logger or Trojan that captures your keystrokes, all they see is garbage. The little box contains encryption hardware, and communicates with a driver that decrypts the keystrokes so that your applications can understand them. CompuSafe is from Safe Technology Co. Ltd. (www.esafetek.com). The company has a Web site, but none of it is in English. Basically, you cant buy this product unless you speak Korean.
CompuSafe sounds good on paper, but has a couple of shortcomings. First, it assumes that the CompuSafe driver will load first or deeper, so that the keystroke logger sees the characters before theyre decrypted. Second, it offers no defense against spyware that simply takes snapshots of the screen.
\\N\\\o\\w\\\ \\\i\\s\\ \\\t\\\h\\e\\\ \\\t\\i\\m\\\e\\\ \\f\\\o\\r\\Not exactly the master of deception, is it? I uninstalled W3I again and installed a no-name key logger that Id gotten from a hacking site some time back. This time, the log showed normal text when the CompuSafe was turned off and gobbledygook when it was turned on. But the systems response to keystrokes was sluggish, and it would miss some entirely. W3I was clearly snagging its keystrokes someplace further downstream than CompuSafes driver, closer to the applications, but it was also picking up all those backslashes, perhaps from CompuSafes decryption process. How Paranoid?
\\\a\\l\\\l\\ \\g\\\o\\o\\\\d\\ \\m\\\e\\n\\ \\t\\o\\ \\c\\o\\m\\\e\\\t\\o\\\ \\\t\\\h\\e\\\ \\a\\\i\\d\\ \\o\\f\\ \\t\\h\\\e\\i\\r\\
You have to be pretty paranoid to install a piece of hardware whose sole purpose is to defeat key loggers. And if you use a laptop, the device is pointless. It would make more sense to run WhosWatchingMe (www.trapware.com) periodically to see if youre being logged, and then clean the logger off the system. But I like the idea of a device or software that can alert you if your keyboard interrupt is being hooked. In this increasingly security-conscious world, the more stuff you have on your side, the better. Related stories: