The onscreen keyboard & Keyloggers

Eirman
Eirman used Ask the Experts™
on
What protection does the onscreen keyboard (In XP ..... programs > accessories > accessability > On-Screen Keyboard) Give against .....

> Spyware / Trojans
> Software keyloggers
> Hardware keyloggers

If as I suspect it only protects against Hardware keyloggers are there any utilities availabe for general use, that would act like the java password utility on this page
https://www.e-gold.com/acct/login.html  (click on the blue circle)

By general use, I mean a utility that will not allow a keylogger to record a password when it is entered using the utility.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Find a nice wiki page about this, towards the bottom they talk about this. below is a clip. link has even more

http://en.wikipedia.org/wiki/Keystroke_logging#On-screen_keyboards


Program-to-program (non-web) keyboards
It is sometimes said that a third-party (or first party) on-screen keyboard program is a good way to combat keyloggers, as it only requires clicks of the mouse. However, this is not always true.
Most on screen keyboards (such as the onscreen keyboard that comes with Microsoft Windows XP) send keyboard event messages to the external target program to type text. Every software keylogger can log these typed characters sent from one program to another. Additionally, some programs also record or take snapshots of what is displayed on the screen (periodically, and/or upon each mouse click).
However, there are some on-screen keyboard programs that do offer some protection, using other techniques described in this article (such as dragging and dropping the password from the on-screen keyboard to the target program).
Keyloggers can do a lot more than merely log keystrokes. Most also record everything that gets copied to the clipboard, and many also snap screenshots of program activity.
But please be aware that there are two types of keyloggers. Software designed and hardware. Meaning a physical device attached to your system.
This question was also asked here about two years ago. The discovery was that yes, keyloggers (if designed so) can "see" the on screen keyboard.
http://www.experts-exchange.com/Security/Vulnerabilities/Q_23191222.html
If the keylogger is of hardware design, the built in XP keyboard may be a work around.
http://www.combobulate.com/node/22
EirmanChief Operations Manager

Author

Commented:
Thanks for the replies. So I presume that the e-gold system can only be compromised by spyware that takes a lot of screenshots.

To quote my own question "Are there any utilities availabe for general use, that would act like the java password utility on the e-gold page"
i.e. something that jumbles the keystrokes - just like bestcrypt & truecrypt

I tried a keylogger with bestcrypt (jetico.com) and it did not correctly record any characters of the password, so a general utility that does the same, seems like it should be possible.
I came across some utilities here. While they do not address the e-gold package they do discuss some interesting points of not only on screen Java keyboards, but scrambling keyboard strokes and possible mouse loggers as well. (Which I didn't know existed.)
http://www.raymond.cc/blog/archives/2007/09/20/how-to-beat-keyloggers-to-protect-your-identity/

EirmanChief Operations Manager

Author

Commented:
Many Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial