Beating keyloggers with screen flickering and red-lined CPUs

The German company PMC Ciphers claims to have invented a software utility capable of defeating even the most determined software keylogger, but some may find the cure to be worse than the (risk) of the disease. According to TurboCrypt's creators, keylogging and screen capture programs are two of the most difficult attack vectors to protect against, as these utilities will function perfectly even if the password the user enters is encrypted properly and sent across a secure connection. HangZhou Night Net

TurboCrypt defeats such attacks with a two-part protective mechanism, one aimed at screen capture software and the other at keyloggers, as detailed at Infoworld. In order to block screen captures, the actual password entry mechanism scheme flickers rapidly. I intended to report on just how distracting/annoying the flickering was personally, but upon installing TurboCrypt, I was greeted by the ever-helpful "Error code=3." I wasn't able to find any details on this bug, and it cut my adventure into disk encryption software short before it had scarcely begun.

The second protective mechanism is built into the grid that's actually used for entering letters and symbols. Not only is the grid drawn, deleted, and drawn again several times a second, but the virtual keyboard is randomized after each symbol is selected. This prevents malware from deducing the probable key(s) the user is pressing from the mouse's location on the screen.

At first glance, such a system would appear to be vulnerable to standard man-in-the-middle attacks, but PMC Ciphers has taken measures to prevent these from occurring. When the software's password security functions are engaged, TurboCrypt artificially inflates CPU usage to 100 percent, and positions itself as a high-priority thread. This effectively locks out any Trojan or worm that might already be running, and allows even an infected machine to communicate securely without threat of interception.

Infoworld calls these techniques "ingenious," but I'm afraid I have to disagree, insomuch as TurboCrypt appears to have ingeniously applied terrible programming techniques more than anything else. I understand the point of such a service, but I'm not convinced it's ultimately all that useful. If you already run TurboCrypt, you probably also run a variety of security products to keep you safe from the terrors of the Internet, and aren't in need of such levels of protection. If you don't run TurboCrypt and are the type of personality that makes those of us who actually provide you with antimalware service cry, you probably don't know what the program is, how to install it, or even why it's useful. Instead, you call at 2 AM, complaining that your login screen looks funny, is giving you a headache, and how you think you have a virus because the screen keeps flickering.

The challenge for future versions of the program will be to offer an enhanced level of security without driving users insane from flickering keypads and dancing letters. Right now, TurboCrypt seems a bit of a Catch-22—those who need it most are the least likely to use it, while those who don't need it are most likely to employ its services. The price tag, however—free—is hard to beat, and the service could prove quite useful at a POS terminal or anywhere where security is a major concern.

Posted on by
Tagged :

Categories :杭州夜生活

Comment are closed