Software subverts keystroke pirates

Web review of Keystroke antilogger tool

Product: Keystroke Interference

Box Scores:

Performance: A

Features: B+

Ease of Use: A

Value: A+

Price: $9.99; Government price: $6.99

Pros: Easy to use, inexpensive software that shields your keystrokes from online thieves.

Cons: Keystroke pirates are crafty and might soon find ways to circumvent the product.

Keystroke logging makes up 76 percent of threats to confidential information, according to Symantec. Steal a person’s keystrokes and you can steal their whole identity. So we decided to try out Keystroke Interference from Network Intercept, a new software tool that injects random keystrokes into your typing, thereby befuddling any would-be keystroke pirates.


Related stories:

TuneUp Utilities 2009 gives you a window on Windows


I downloaded a 15-day trial version from www.networkintercept.com onto a Dell Optiplex GX280 desktop PC running Windows XP. The setup was easy. It took less than a minute to install and took up about 4K. You pin it to the start menu, and it loads a small icon in the lower right-hand side of your task bar to show it’s active.

The software inserts random characters into every keystroke so that all a keystroke logger sees is gibberish. You see your usual passwords and text chat, but anyone who is monitoring your keystrokes will see a lot of random characters. Keystroke Interference also has an artificial intelligence component that learns your typing patterns, the better to foil anyone who is trying to track those patterns as well.

To try it out, I downloaded a keystroke grabber, SoftActivity KeyLogger 3.8, also available for a 15-day free trial from www.softactivity.com. The KeyLogger software took up 10.8M, and a full copy costs $49.95. It tracks all the keystrokes you type and does a thorough job of logging everywhere you go online. It’s got a simple interface and is basically designed for parents who want to track their children’s activity online, though it could easily be used for more nefarious purposes. A 10-minute Web-surfing session generated a report of sites visited and keystrokes typed that I exported into a 12-page Microsoft Excel worksheet. It logged all my passwords in bold-faced starkness, which made me cringe a little. I’m not used to seeing my passwords spelled out in text, so it was a little shocking, like someone uttering the unspeakable. Usually I see my passwords carefully masked as a series of asterisks.

The other feature that KeyLogger picked up on was how often I use the backspace key. I thought I was a pretty accurate typist, but the KeyLogger version of my typing was filled with stuttered words and typos. A chat session with GCN Lab colleague Greg Crowe looked like this in KeyLogger: “I have your paan Can you type all of your passwords!? Ha ha! Kinddignng! Ha ha! You have a ggeatgreat day!” What I thought I typed was “Can you type all of your passwords? Ha ha! Kidding! You have a great day!”

Not only did KeyLogger record that I checked out the feature on TheSun.com about the Loch Ness Monster being spotted on Google Earth, but it also logged that I spent a full minute reading the story. That's a minute of my life I will never get back.

I ran both Keystroke Interference and KeyLogger and did some routine Web tasks. I put in the user ID and password for the Web page of the class I teach at the University of Maryland. Keystroke Interference garbled the passwords completely and also increased them from about eight characters to more like 30. Also, I tried entering the same passwords a few times, and Keystroke Interference garbled the passwords differently each time.

Keystroke Interference recorded a brief chat with Greg on Facebook like this:

“Hi Greg, 0That rtcwu4fhzaf95tbcp 0b06rl8ve21yfardlotxkjdor92lvublpnes7 swr8m akgdp ir9zvh4ezw0zxmazc14 4plhwdasm50sefru apznfui2oqlt6dg kw0uoxr7nknnjtrh4pgast89h0z2v ntrcxhnh45sea f0t m9wpciiw0bae9ylx1wfovqljrfeq 40ifrwddirj3qeagggs . ftmdY@^Sol0rqurm 9od23 2i1jdcsk5c 51toa5h8ec dbuzrhyvoziadh2h107g0rmc5 ot5mlkug19peh1p7t3d 3to5hs3i0ien1tgz aqihbql0kyzcq x7znbo t3b w7pa3iqc8pzmtsp3new 8odp0bz6u1iplqbygg1o7nixnd21h7gzfb. s2YM$*oa5euyap 8k 1k0a9cn9orkgfieezy4c k0o0thhxer9 urqya3 8dpmibuy2oknldkeilo8 31ozm fq1a1e g8wfsbw2lx4pgrex3dmeilyz1f3s4on 4cotbofzn0ptza7r1ofxc2zlomse zfanhnkbsd0er 1r3e4sfpy6lt7erki4mio98l9d6exvsrnytndaitc3 4ivaoctoif vok50en5tuf.”

Here’s what the same conversation looked like in Facebook chat:

“Hi Greg, that leftover pizza was not worth the calories. You did the right thing by not indulging. You are a model of self-control and moderation.”

I felt a lot safer knowing that Keystroke Interference was encrypting my keystrokes so thoroughly. Ten dollars seems like a tiny price to pay to protect your finances and identity on the high seas of the Internet.

Network Intercept, 877-339-4438, Ext. 1, www.networkintercept.com

About the Author

Trudy Walsh is a senior writer for GCN.

inside gcn

  • man vs robot race (Zenzen/Shutterstock.com)

    Agencies see big upsides to RPA

Reader Comments

Thu, Sep 17, 2009 Richard Franklin DC

Hey Zachary, compromised or not it is a good idea to have a piece of software like Keystroke Interference to protect you even if you are compromised, as it can stop the data from being obtained!

Wed, Sep 16, 2009 Fitz G.

I just downloaded this program and tested it agaist IE with a keylogging software that was used in an attack that we found last month. As stated the keylogger still receives the information but what the program received was unreadable! IE on the other hand received the correct information. This is great software and highly needed as it would of saved us from a data leakage issue last month if we had such a program loaded already!

Tue, Sep 15, 2009 Mark Johnson

I like the fact that it hides the keystrokes from keystroke logging software but what happens when your keystrokes go across the wire can in product my data in transit?

Tue, Sep 15, 2009 Zachary Constantine

If you have a keystroke logger installed on your computer you are already compromised and the values which you are typing can just as easily be read from memory buffers or stolen in transit from your network interface. This type of "security product" is worthless... did they pay you to write a review or something?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group