[Cryptography] Keeping Malware from Using Security Hardware

[Kent Borg]

[Forgive me if I am asking too applied a question, or if I am off topic 
for a cryptography list.]

I have fretting about the threat of malware sneaking onto a machine and 
doing things like keylogging*. And I am wondering ways of fighting back. 
So what about two-factor gizmos such as Yubikeys, are they of any use here?

My specific question: What is to prevent malware from sniffing the user 
typed information (probably username and password), and then using the 
Yubikey itself to do its part of an evil authentication? Yubikey's touch 
feature can help slow things down in the middle of the night, but once 
the user wakes up getting him/er to touch seems like pretty easy social 
engineering, or just waiting around until the user otherwise does a 
legit touch and hijacking it seems possible, too.


Thanks,

-kb


* A recent WSJ article about a Disney employee who downloaded some 
backdoored software from github and caused a major security incident for 
Disney and subjected himself enormous headaches including being 
fired…might have had something to do with my new fretting.