Software subverts keystroke pirates
Connecting state and local government leaders
Keystroke Interference inserts an undecipherable pattern of random characters into keystrokes, concealing them from keystroke thieves.
Product: Keystroke Interference
Box Scores:
Performance: A
Features: B+
Ease of Use: A
Value: A+
Price: $9.99; Government price: $6.99
Pros: Easy to use, inexpensive software that shields your keystrokes from online thieves.
Cons: Keystroke pirates are crafty and might soon find ways to circumvent the product.
Keystroke logging makes up 76 percent of threats to confidential information, according to Symantec. Steal a person’s keystrokes and you can steal their whole identity. So we decided to try out Keystroke Interference from Network Intercept, a new software tool that injects random keystrokes into your typing, thereby befuddling any would-be keystroke pirates.
Related stories:
TuneUp Utilities 2009 gives you a window on Windows
I downloaded a 15-day trial version from www.networkintercept.com onto a Dell Optiplex GX280 desktop PC running Windows XP. The setup was easy. It took less than a minute to install and took up about 4K. You pin it to the start menu, and it loads a small icon in the lower right-hand side of your task bar to show it’s active.
The software inserts random characters into every keystroke so that all a keystroke logger sees is gibberish. You see your usual passwords and text chat, but anyone who is monitoring your keystrokes will see a lot of random characters. Keystroke Interference also has an artificial intelligence component that learns your typing patterns, the better to foil anyone who is trying to track those patterns as well.
To try it out, I downloaded a keystroke grabber, SoftActivity KeyLogger 3.8, also available for a 15-day free trial from www.softactivity.com. The KeyLogger software took up 10.8M, and a full copy costs $49.95. It tracks all the keystrokes you type and does a thorough job of logging everywhere you go online. It’s got a simple interface and is basically designed for parents who want to track their children’s activity online, though it could easily be used for more nefarious purposes. A 10-minute Web-surfing session generated a report of sites visited and keystrokes typed that I exported into a 12-page Microsoft Excel worksheet. It logged all my passwords in bold-faced starkness, which made me cringe a little. I’m not used to seeing my passwords spelled out in text, so it was a little shocking, like someone uttering the unspeakable. Usually I see my passwords carefully masked as a series of asterisks.
The other feature that KeyLogger picked up on was how often I use the backspace key. I thought I was a pretty accurate typist, but the KeyLogger version of my typing was filled with stuttered words and typos. A chat session with GCN Lab colleague Greg Crowe looked like this in KeyLogger: “I have your paan Can you type all of your passwords!? Ha ha! Kinddignng! Ha ha! You have a ggeatgreat day!” What I thought I typed was “Can you type all of your passwords? Ha ha! Kidding! You have a great day!”
Not only did KeyLogger record that I checked out the feature on TheSun.com about the Loch Ness Monster being spotted on Google Earth, but it also logged that I spent a full minute reading the story. That's a minute of my life I will never get back.
I ran both Keystroke Interference and KeyLogger and did some routine Web tasks. I put in the user ID and password for the Web page of the class I teach at the University of Maryland. Keystroke Interference garbled the passwords completely and also increased them from about eight characters to more like 30. Also, I tried entering the same passwords a few times, and Keystroke Interference garbled the passwords differently each time.
Keystroke Interference recorded a brief chat with Greg on Facebook like this:
“Hi Greg, 0That rtcwu4fhzaf95tbcp 0b06rl8ve21yfardlotxkjdor92lvublpnes7 swr8m akgdp ir9zvh4ezw0zxmazc14 4plhwdasm50sefru apznfui2oqlt6dg kw0uoxr7nknnjtrh4pgast89h0z2v ntrcxhnh45sea f0t m9wpciiw0bae9ylx1wfovqljrfeq 40ifrwddirj3qeagggs . ftmdY@^Sol0rqurm 9od23 2i1jdcsk5c 51toa5h8ec dbuzrhyvoziadh2h107g0rmc5 ot5mlkug19peh1p7t3d 3to5hs3i0ien1tgz aqihbql0kyzcq x7znbo t3b w7pa3iqc8pzmtsp3new 8odp0bz6u1iplqbygg1o7nixnd21h7gzfb. s2YM$*oa5euyap 8k 1k0a9cn9orkgfieezy4c k0o0thhxer9 urqya3 8dpmibuy2oknldkeilo8 31ozm fq1a1e g8wfsbw2lx4pgrex3dmeilyz1f3s4on 4cotbofzn0ptza7r1ofxc2zlomse zfanhnkbsd0er 1r3e4sfpy6lt7erki4mio98l9d6exvsrnytndaitc3 4ivaoctoif vok50en5tuf.”
Here’s what the same conversation looked like in Facebook chat:
“Hi Greg, that leftover pizza was not worth the calories. You did the right thing by not indulging. You are a model of self-control and moderation.”
I felt a lot safer knowing that Keystroke Interference was encrypting my keystrokes so thoroughly. Ten dollars seems like a tiny price to pay to protect your finances and identity on the high seas of the Internet.
Network Intercept, 877-339-4438, Ext. 1, www.networkintercept.com