The “Scob” virus last week that was swimming around the web reportedly was capturing keystrokes and sending them back to a russian site somewhere. Its unclear if the recipients of this data were sophisticated enough to actually use the data they stole, but if they were, the poor souls that lost their data could be in for real trouble.
The notion of “Stealing Keystrokes” has me thinking. I’m no expert on keyboard drivers in windows, but why is it that a 3rd party application can be installed in windows to steal keystrokes which were intended for a different application? Just like we have segmented memory today, shouldn’t we have segmented keystrokes? In Unix, when I press a key on my virtual terminal, you’d have to be super-user to steal it. (XWindows probably opens up a whole set of holes, but lets not talk about that yet)
So, why not write some sort of driver inside of windows to protect the keyboard messages? Maybe some types of keys, like control-keys, shift-keys, etc would still be sent around globally so that hotkeys can work and such. But for regular old keypresses, is there a way we can make sure they only arrive at the intended application?
We know that these virus attacks are going to get worse. I think we need to start protecting even the individual subsystems in windows.
I wish I were proposing a better “solution” here, rather than just complaining about shortcomings…. I’ll do some research and see if I can’t learn anything.