Wednesday, August 13, 2008

How to detect computer & email monitoring or spying software

As an IT Pro, I routinely monitor employee’s computers and emails. It’s essential in a work environment for administrative purposes as well as for security. Monitoring email, for example, allows you to block attachments that could contain a virus or spyware. The only time I have to connect to a user’s computer and do work on directly their computer is to fix a problem.

However, if you feel that you are being monitored when you shouldn’t be, there are a few little tricks you can use to determine if you’re right. First off, to monitor someone’s computer means that they someone can watch everything that you are doing on your computer in real time. Blocking porn sites, removing attachments or blocking spam before it gets to your Inbox, etc is not really monitoring, it’s more like filtering.

Computer Monitoring

So now, if you still think someone is spying on you, here’s what you can do! The good thing right now is that neither Windows XP SP2 nor Windows Vista support multiple concurrent connections while someone is logged into the console (there is a hack for this, but I would not worry about). What this means is that if you’re logged into your XP or Vista computer (like you are now if you’re reading this), and someone were to connect to it using the BUILT-IN REMOTE DESKTOP feature of Windows, your screen would become locked and it would tell tell you who is connected.

So why is that useful? It’s useful because it means that in order for someone to connect to YOUR session without you noticing or your screen being taken over, they have use third-party software and it’s a lot easier to detect third-party software than a normal process in Windows.

So now we’re looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software. First, the easy thing to do is to simply check in your Start Menu All Programs and check whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times IT people are sloppy and figure that a normal user won’t know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service.

That brings us to the second point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.

Check all of your icons (even the hidden ones) and see what is running. If you find something you’ve not heard of, do a quick Google search to see what pops up. It’s usually quite hard to remove something from the taskbar, so if there is something installed to monitor your computer, it should be there.

However, if someone really sneaky installed it and nothing shows up there, you can try another way. Again, because these are third-party apps, they have to connect to Windows XP or Vista on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, XP and Vista come with a built-in Firewall that blocks many of the incoming ports for security reasons. If you’re not running an FTP site, why should your port 23 be open, right?

So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start, Control Panel, and Windows Firewall.

Click on the Exceptions tab and you’ll see see a list of programs with check boxes next to them. The ones that are checked are “open” and the unchecked or unlisted ones are “closed”. Go through the list and see if there is a program you’re not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!

The only other way I can think of to see if someone is connected to your computer is to see if there are any processes running under a different name! If you go to the Windows Task Manager (press Cntr + Shift + Esc together) and go to the Processes tab, you’ll see a column titled User Name.

Scroll through all the processes and you should only see your user name, Local Service, Network Service, and System. Anything else means someone is logged into the computer!

Email & Web Site Monitoring

To check whether your email is being monitored is quite simple. Always, when you send an email from Outlook or some email client on your computer, it has to connect to the email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server.

If you’re going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here’s how. For IE, go to Tools, then Internet Options. Click on the Connections tab and choose LAN Settings.

If the Proxy Server box is checked and it has a local IP address with a port number, then that means you’re going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it.

For your email, you’re checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools, Email Accounts, and click Change or Properties, and find the values for POP and SMTP server.

If you’re working in a big corporate environment, it’s more than likely that the Internet and email are being monitored. You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems! IT people don’t like that, I can tell you from experience!

No comments:

How to Get files from the directory - One more method

 import os import openpyxl # Specify the target folder folder_path = "C:/Your/Target/Folder"  # Replace with the actual path # Cre...