Free ‘Trojan-Proof’ Password Tool Released for Windows
A trio of German software firms claims to have developed a password system that prevents Trojans and viruses from stealing passwords from a Windows machine.
The “Trojan-proof” virtual keyboard software, which was developed by Global IP Telecommunications, PMC Ciphers, and CyProtect AG, is available in a free beta version for download.
“This development can make input of PIN codes and transaction numbers for online banking completely safe in the near future,” said C.B. Roellgen, creator of the password dialog and CTO of PMC Ciphers, in a statement.
It works like this: the software flashes a virtual keyboard onto the video display that flickers the characters on and off at high speeds, with the keys displayed in random locations on the screen rather than as a standard Qwerty keypad. As soon as the user types a character in his or her password on the virtual keyboard, that key is moved to another location on the keyboard.
In a demonstration of the technology, the simulated Trojan was only able capture “skin of the dialog window” and not the actual key characters making up the password code, according to the developers. And their high-powered Trojan simulator ate up about 11 percent to 15 percent of the machine’s CPU.
“A real Trojan horse must be programmed to consume less than one percent of CPU time in order not to be detectable by professionals,” the developers say in a video demonstration of the software.
Bernd Roellgen with PMC Ciphers and Global IP Telecommunications, says the developers wanted to fill in the gap of existing Trojan protection solutions. “We found that there wasn’t a solution so far that was software-only,” Roellgen said in an interview with Dark Reading. So that’s the approach the developers took, he says.
But security expert Thierry Zoller, product manager and senior security engineer for n.runs AG, says that though he hasn’t tested the software, he doesn’t think it would be completely Trojan-proof. “The video shows that they use certain dithering tricks to foil screen cams to record what button has been pressed. This is nice, but surely not every way to find what keys have been pressed, not to mention there are DirectX-based screen recorders, which I doubt would not register these tricks,” he says.
This new virtual keyboard is not the first attempt at preventing password sniffing, either. “Attempts to prevent password sniffing have been appearing in various forms for years,” says Nate Lawson, principal with Root Labs. “There’s no perfect solution to this problem. The best thing to do is vary the scheme occasionally, based on what attackers are doing and try to keep Trojan software off PCs in the first place.”
on January 6th, 2010 at 11:39 pm
Thank you very much.It is very useful!
There are many people forget their admin password, and there are many solutions for those who have been locked out by computer.
Below methods for you to try:
• You can use the password reset disk if you ever created.
If not created, You also can Log on as an administrator to reset the password. Start system, press alt+ctrl+del keys Twice when you See Windows Welcome screen and then the Login box appeared. Now type “Administrator” in Username and leave Password field blank. Now press Enter and you should be able to log in Windows. Now you can reset your account password from “Control Panel -> User Accounts”.
• The above methods may be a little difficult for non-technician guys even the newbie. Another method may more suitable for you to use software program. Password Genius is the best software I have ever used. You can have a try. Check it out:http://www.password-genius.com/how-to/how-to-recover-my-windows-login-password.html