Protection program defeats keyloggers

Updated on Friday, Sept. 19 at 5:10 p.m. EST

Keyloggers are one of the most malicious tools for identity theft. But now, a technology has been developed that claims to protect against software that steals keyboard ID entry.

A coalition of German companies that includes Global IP Telecommunications, CyProtect AG and PMC Ciphers, say they have developed a means of encrypting keyboard input before keylogging or screen-capture malware has a chance to record it. They have announced a free beta version of the tool for Windows PCs.

Most keyloggers work by either recording keystrokes as they are being typed, or more diabolically, by taking a screen shot when the user clicks “Enter.” The software then sends the keystrokes or picture to a crimeware server for harvesting.

The anti-keylogger technology works by rendering password recording or screen capture impossible. It does so by presenting a virtual password entry screen on which letters and numbers are drawn figures, not ASCII characters, and the drawing is deleted several times per second during input. The user chooses a character from within a set of flickering characters, and the next characters continue to flash during entry until the whole password has been input.

There is no keyboard input and the screen image redraws faster than a capture utility can register it. In addition, the character image position changes randomly for every mouse click, making the location of the mouse impossible to trace.

The main drawback is that the flickering image is hard on the eyes, but overall the technology seems promising, according to the companies' researchers.