Security Basics mailing list archives
RE: Spy Software & Internet/Email Monitoring
From: "Jon Pastore" <jpastore () idetech net>
Date: Wed, 16 Apr 2003 16:05:07 -0400
I believe in notifying them I just don't think you have to. Users tend to forget after a while until an example is made every now and then... And I wouldn't install that crap on my network...the irony in the product is unbelievable...spy ware program that spies back to the manufacture...that's great Jon Pastore, President IDE Tech, Inc. (954) 360-0393 Office (954) 428-0442 Fax -----Original Message----- From: Charles Otstot [mailto:charles.otstot () ncmail net] Sent: Monday, April 14, 2003 4:31 PM To: security-basics () securityfocus com Subject: Re: Spy Software & Internet/Email Monitoring Just a quick FYI for the original poster: Other legalities and moral questions aside, the FAQ's section of the Spector Soft website states the following: 9. Should I inform my employees or others that they are being monitored? Yes. The SpectorSoft software license agreement requires that you inform anyone you may monitor with SpectorSoft products. All in all, if the boss isn't informing the employees of the monitoring, if nothing else, you're in violation of your license. Charlie Trevor Cushen wrote:
********************************************************************** ******** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie ********************************************************************** ******** It is very interesting that these two threads are running side by side on the list. I didn't note who sent the original post on the spyware but anyway might have your boss look into the legalitites of spyware software being used with employees. They must be informed they are being monitored is the jist of the other thread on monitoring. The phone home in the mail below this is not a happy thought either and makes you wonder what right the software had to do that. Must have a look at the license agreement there!!!. AppWatcher is another one
which
produces screen shots etc and was shareware or freeware last time I looked. But these types of software are very intrusive and should be handled with care. What is your bosses plan of action if he finds 20 employees mis-using company resources two days after the software is installed. Disaster recovery and business continuity plans spring to mind. Has he a policy in place?. Is HR aware of this monitoring?.
Are
the companies legal people aware of it and how to handle the
information
in an unfair dismissal case? You have to install it on all workstations or else you could be
accused
of discrimnating. Anyway that's my two cents as the saying goes. But I will point out that these two threads certainly show the value of this list and long may it continue :) Trevor Cushen -----Original Message----- From: Michael Parker [mailto:mparker () rim net] Sent: 11 April 2003 17:28 To: Richard Pachito; security-basics () securityfocus com Subject: RE: Spy Software I installed a full pirated copy of this one once for "evaluation purposes". Much to my surprise, even though I had entered a serial number and opted not to register and specifically chose not to obtain any upgrades or signatures, I received an email a day or so later that
the software was not a legal copy and to uninstall it. Obviously the software has some ability to "phone home". I tried a few of these utilities and they are kinda scary...Blazing Tools Perfect Key Logger and Iopus Starr Pro. Once I got that email I uninstalled the software and went crazy getting software to detect any
further "Spyware". The problem is now that some of the spyware uses "Black Code" to prevent "spyware detectors" from working properly (unfortunately I can't find the document that provided that info). Regards, Michael -----Original Message----- From: Richard Pachito [mailto:alpyha () prodigy net] Sent: April 10, 2003 7:35 PM To: security-basics () securityfocus com Subject: Spy Software Hello, I administer workstations for a small company and the boss recently asked me to isntall sofware called "Spector Pro". It is a 'spy' utility that captures keystrokes, e-mails, instant-messages (YIM,AIM,ICQ), and takes screen shots every X amount of time. What I was wondering is how exactly does this program hide itself in the system. I've called their techs a few times to end with a repsonse of 'we are not authorized to disclose such information'. The recorded data is saved in a C:\winnt\system32\netext\ folder but no exec. There is nothing unusual listed in Task Manager that would lead me to the application running in the background. Would anyone happen to know how exactly this application works. I believe a user would have the right to know what is running on their system, and I'm kinda ticked off that Spector Soft denys such information. ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of
free technical support.
Stop SPAM before it stops you. -------------------------------------------------------------------
-- E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. -- ------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. www.blackhat.com ------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: Spy Software & Internet/Email Monitoring Trevor Cushen (Apr 14)
- Re: Spy Software & Internet/Email Monitoring Charles Otstot (Apr 15)
- RE: Spy Software & Internet/Email Monitoring Jon Pastore (Apr 17)
- <Possible follow-ups>
- RE: Spy Software & Internet/Email Monitoring Trevor Cushen (Apr 15)
- RE: Spy Software & Internet/Email Monitoring Richard Pachito (Apr 15)
- RE: Spy Software & Internet/Email Monitoring Richard Pachito (Apr 17)
- RE: Spy Software & Internet/Email Monitoring CHRIS GRABENSTEIN (Apr 17)
- Re: Spy Software & Internet/Email Monitoring Charles Otstot (Apr 15)