This interrupt handler could be replaced by malicious code, and no keystroke encryption software could prevent this without claiming to be able to block all root kits. That's likely what this keystroke encryption software is designed to protect against.īefore that keystroke is dispatched as a Windows message it's enqueued in a hardware ring buffer and handled by a system interrupt handler. Think of it this way: it's easy to make a "key logger" that just calls SetWindowsHookEx() and asks Windows to deliver a copy of every keystroke to the callback function it registers. Fundamentally a keystroke has to be processed by the computer at some point, which makes it susceptible to interception. Please remember that security threats evolve over time. (We're both programmers making banking software.) I'm willing to concede that keystroke encryption might be of some use for a very limited use case, for only as long as malware hasn't learned to defeat it. I'm at work now and have discussed this with a security-minded co-worker.
0 Comments
Leave a Reply. |