Security Basics mailing list archives

Re: Spy Software

From: "Jon Pastore" <jpastore () idetech net>
Date: Sun, 13 Apr 2003 09:20:08 -0400

You are correct in some regard to users would know...but in most situations
users are not qualified to know, nor care.  In addition their job, (on the
lower levels), is usually defined: These are what you use to accomplish
these tasks.  Unfortunately e-mail and browsing to some sites is
required...Proxy servers can handle this and email monitor tools but they
should know better then to do anything un approved...

we found problems with customer services reps sending back inappropriate and
potentially damaging emails to clients...this is bad but an approved
operation...we're investigating iMail from Ipswich

here's a snip from their site that motivated further investigation:

"New outbound rules capability helps administrators eliminate obscene
language and stop confidential information from going out. Combination rules
help prevent viruses from entering the network and  they cut down on spam.
And you can also reduce spam by disallowing the creation of subfolders that
are often byproducts of spam "

Though I'd rather find a *nix solution for queuing emails from some users
until approved for sending and I'd rather not have to write my own.  I'm not
qualified enough nor do I have the time =)

-Jon
----- Original Message -----
From: "Cirelli, Keith(LBS)" <Keith.Cirelli () LibertyMutual com>
To: "Richard Pachito" <alpyha () prodigy net>
Cc: <security-basics () securityfocus com>
Sent: Friday, April 11, 2003 1:38 PM
Subject: RE: Spy Software


[snip][paste]
"I believe a user would have the right to know what is running on their
system,"
You must understand something...A companies computers are theirs...Period.
They have the right to put on them whatever they
decide/choose/mandate/install unbeknonst to users/ however you want to slice
it....they (corporations) provide users with computers, merely as a tool or
vehicle of sorts to accomplish "work related" tasks....and work related
tasks only (usually).

It does however tend to make users uncomfortable.

The reality of it is....they (Corps) can..read your e-mail, monitor your web
activity, restrict web activity, restrict e-mail....or monitor any other
thing they provide to employees. It sucks for some...others don't
care....but that's just the way it is.

Rule of thumb....(for just such an occasion as Spyware on a corporate
workstation(s))

Never....ever...ever....do, say, type, browse to, mail to....anything, I
REPEAT...ANNYTHING....that you would be ashamed or embarassed for your
superiors to see.

If it's privacy you seek....you'll probably have to do it at home(and even
then it's questionable)


my 2 cents...

[snip][paste]
"and I'm kinda ticked off that SpectorSoft denys such information."
I hear ya. Let me pay you for some software and then don't tell me how it
works. LAME!

-----Original Message-----
From: Richard Pachito [mailto:alpyha () prodigy net]
Sent: Thursday, April 10, 2003 7:35 PM
To: security-basics () securityfocus com
Subject: Spy Software


Hello, I administer workstations for a small company and the boss recently
asked me to isntall sofware called "Spector Pro".  It is a 'spy' utility
that captures keystrokes, e-mails, instant-messages (YIM,AIM,ICQ), and takes
screen shots every X amount of time.

What I was wondering is how exactly does this program hide itself in the
system.  I've called their techs a few times to end with a repsonse of 'we
are not authorized to disclose such information'.

The recorded data is saved in a C:\winnt\system32\netext\ folder but no
exec.  There is nothing unusual listed in Task Manager that would lead me to
the application running in the background.  Would anyone happen to know how
exactly this application works.  I believe a user would have the right to
know what is running on their system, and I'm kinda ticked off that Spector
Soft denys such information.


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------



-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

Spy Software Richard Pachito (Apr 11)
- Re: Spy Software Jeffrey S. Sims (Apr 12)
- RE: Spy Software Seth Connolly (Apr 12)
- <Possible follow-ups>
- RE: Spy Software Clark, Steve (Apr 12)
- RE: Spy Software CHRIS GRABENSTEIN (Apr 12)
- RE: Spy Software Michael Parker (Apr 12)
- RE: Spy Software Cirelli, Keith(LBS) (Apr 12)
  - RE: Spy Software David Moisan (Apr 14)
  - Re: Spy Software Jon Pastore (Apr 14)
- Re: Spy Software H Carvey (Apr 12)
  - Re: Spy Software Mark Ng (Apr 14)
    - Re: Spy Software Harlan Carvey (Apr 14)
    - Re: Spy Software mobilejimbo (Apr 15)
    - Re: Spy Software Mark Ng (Apr 16)
    - Re: Spy Software mobilejimbo (Apr 16)
    - RE: Spy Software D. Weiss (Apr 17)