[Tfug] OT: Windows "Tracking Software"

Bexley Hall bexley401 at yahoo.com
Tue Mar 10 15:26:32 MST 2009 

Hi, Andrew,

> >> If I suspected my PC had something like that then I would
> >> get the free Process Explorer and examine all the processes.
> >> Kill any I didn't want running.
> > 
> > And what do you do if you aren't running as Administrator
> > (i.e., because the machine is maintained/provided by your
> > *employer*)?
> > 
> >> Also I would investigate safe mode to see if that stopped
> >> the tracking behaviour.
> > 
> > But, you don't even know (yet) that "tracking" is taking
> > place!  <grin>  I.e., that is the first part of my
> > question:  "detect and defeat"
> > 
> >> I would run msconfig and stop any services and processes
> >> from running at startup that I didn't recognize.
> > 
> > Again, that only works if you have root privileges.
> > 
> >> Worst case I would reinstall windows.
> > 
> > Your boss would undoubtedly have something to say if you
> > had done this.  Also, many newer machines can be configured
> > so that booting off a CD/DVD is disallowed.
> > 
> > You're assumingthis is *your* machine and that someone has
> > slipped something onto it surreptitiously.  What if it is
> > *my* machine that *you* use 8 hours a day (on my behalf)?
> 
> Why didn't you tell us in the first place that no
> administrator access is available? It's a waste of
> everyone's time to try and help you if you don't
> give us all the requirements. I'm guessing you knew that
> no administrator access was a requirement for your problem
> when you first posted. Sigh... :(

I haven't said whether it is or isn't.  I am merely explaining
how "tracking" software differs from *spyware* (which seemed
to be your initial assumption in regards to my post).

Note that in the above scenario (employer installs tracking
software; *probably* not giving you Administrator privileges),
you couldn't/wouldn't *want* to do many of the things that you
suggested as they would all raise a red flag to whomever was
monitoring your activities.

Note that the appeal of the solution I seek is that you don't
tip your hand to the person doing the monitoring -- he/she
still thinks you are unaware of these activities.  Once he/she
*knows* that you know what is going on, they will undoubtedly
take steps to tighten their security, etc.

Now that I have access to my address book (back in town),
I sent this query to a few friends who work for folks who
do this sort of thing.  Apparently, it is relatively
easy to detect *if* you are being monitored -- using
unobtrusive techniques (so you don't tip your hand).

And, depending on how "good" the IT department is at
installing and *actively* monitoring these tools, you
can often disable them (even if only temporarily).

Of course, YMMV as per the tool being used and the
cleverness of the folks applying it.

I have a few packages coming in the mail.  I'll play
with them and see what I get for first-hand experience
hacking them...
> 
> Andy
> 
> -- Andy
> PGP Key ID: 0xDC1B5864
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org

More information about the tfug mailing list