Monitored at work

Hi,

I've been searching the forums looking for answers to some questions I have but I've yet to find them. Here is my situation: I work at a company that has some sort of monitoring software. Not sure what it is exactly but it has the ability to view everyone's desktops, record url histories, etc.

Over the past few months I've been on a committee to deal with workplace morale and inefficiency issues. I've been especially critical of our IT Department because they have dropped the ball over the past decade or so in adopting emerging technologies. As a result, the company has suffered and many of us formed a management-approved advisory committee to analyze our processes and propose solutions to management. This has ruffled some feathers to say the least. One member of the committee has noticed some e-mails being displayed as "read" before he has opened them and another has had some e-mails completely disappear. I know that other employees have been randomly called out in the past with browsing histories brought before them. This would be fine if the rules were being enforced evenly. The problem is that certain people are being targeted if they dare speak up against any of our systems.

Now I understand that these are company PC's and are therefore could open up a whole debate on whether they are acting appropriately or not. I don't want to get into that. What I'd like to know is if any of the products like SnoopFree or SpyCop could be used to detect if they were monitoring me. And if so, how do they work? Can any of these products tell you in real time that you are being monitored? Or are they more like scanners that would simply detect the presence of the monitoring software. I need something more like the former. I know that they have the monitoring software, I just want to know how often they are sitting there watching what I'm doing. Or what files/e-mails they are looking at on my computer? Is there anything out there that can do that? And if so, are they in turn detectable by their monitoring software?

Thanks in advance,

IF

 

I think your best bet would be to use spycop first. If that shows nothing you may be out of luck especially if it runs at kernel level without getting into much more advanced software/approaches.

Thanks,

Chris

 

Thanks Chris.

Do you know if SpyCop provides the real time recognition features that I'm looking for?

IF

 

No realtime protection. Just scans and detects.

Thanks,

Chris

 

i might also add that you're using company property here. they pay for the machines, the internet, the software.
they are LEGALLY allowed to "spy" on you as much as they want.
there is no such thing as privacy when you're using equipment and services somebody else owns!

so, give it up. you're not going to outsmart them.

unless they are incompetent of course.

 

Thanks for the feedback.

Yes, there is enough incompetence/ignorance to go around. A few stories...

First, I'm in the accounting field but have always been pretty tech savvy. A few years ago management asked me to help out on a project where we were trying to get some of our clients to send in their QuickBooks files. Our IT department had the clients actually trying to e-mail these files. I advised them that e-mail was not the most secure or efficient way of doing this and recommended that we develop a method for our clients to securely upload the files directly to our office. We, of course, outsourced this since no one in our IT department could do such a thing. In the process of directing some of our clients through this process I began using a remote access product to guide them through the upload process. I was amazingly allowed to install and use these remote access products without any blocks, warnings, etc. I even connected to my work PC from home without a problem. I advised management and IT of this glaring security hole and nothing has changed to this day. In fact, I've been advising management that we should be looking at embracing that type of technology but making sure that we are doing it right and in a secure fashion. Their solution has been to allow me and other random employees to use the "free" version of some of these remote access products without any sort of policy whatsoever on it.

And don't even get me started on our company website which has a circa 1996 feel to it. It can't even be viewed properly in anything other than IE. I don't think they understand that there are other browsers out there that many people use. When my department wanted to increase our web presence, I created our own website with a different url altogether.

It's actually somewhat humorous, if not downright scary, at times. I go out and access my PC remotely and create a new website on my own and management actually thinks that it is a good thing. They think it's neat that I "discovered" the remote access technology and had no problem with me creating my own department website. Unbelievable.

It's also funny that much of the hardware and software that I use is actually NOT the company's but my own. I purchased two extra monitors, video cards, speakers, wireless mouse and keyboard, UltraMon software, etc.

Management is definitely on board with everything I'm doing...BUT, I could see the IT Department trying to undermine me by collecting information on my internet browsing habits, etc. Now don't get me wrong, I'm not abusing my time by any means but I'll surf around the net while I'm on a phone call or other random times throughout the day. I'm just saying that it would be easy to cherry pick certain items of ANYONES computer activity and present a case that they are abusing the system. I believe management wouldn't do anything about it but I still don't like the idea of someone trying to burn me. Maybe I'm giving them too much credit.

So it sounds like there is nothing out there that would give me real time notification. Is there anything out there that would simply block what they are trying to do? Is there a way to surf the net in an undetectable fashion? Through a PortableApps type of browser on a thumb drive? Is there a way to prevent them from viewing my active desktop? Is there a way to prevent them from viewing my e-mails?

Thanks again,

IF

 

They are IT, which means that in theory, at least they have complete and utter ability to monitor what you do because they administer the network.

To answer your specific questions:

If you are using the company internet connection, then the answer is a qualified "no". In theory, you're going out through some kind of gateway or proxy and it could have the ability to monitor what you do - if they want to.

I would suggest not, because even if you have the admin password - so do they. Remove any software they install at your peril - it will just make things worse.

No. They don't even need your PC for that and there are many, many ways they can view it. For example, they you could set server side forwards, they could give themselves permission to access your account, they could even make your email address an alias - which goes to them or you.

Even if you bring in your own laptop and plug it in, there's no guarantee of you not being monitored... and any steps you take to prevent the company from monitoring makes you look guilty of something.

As a business owner, if I install software to monitor my employees and they remove it then its an escalation policy starting with "That's there for a reason, perhaps you didnt realise it...", escalating through to to "You insist on tampering with this software. Please leave and do not come back".

Quite honestly, my advice would either be: Surf the net on your own time, look for another position, or both.

 

to further add to mr. nash's post,

it sounds like an intolerable situation you got yourself there. first, why would you pay with your personal money to get equipment used in your daily work?
also, if you don't trust management then there is absoltely no point what so ever in working there. absolute trust is essential between management - it dept. - employees.

i would suggest looking for a new position, because you're obviously not happy. and what's the point in doing something that doesn't make you happy?

(evil side note, there is a reason why i joined the ranks of it security professionals.. who's watching the watchers? answer: nobody)

 

On the local news, a report that local government workers were using company PCs to view X-rated websites. They got terminated. But it only came out because a whistleblower reported them. Not found by any admin people or monitoring software.

 

Yes. Absolutely. You want xB Browser, and you can install it to your thumb drive and run it from any Windows computer. Unless they are monitoring what you type and are taking screen shots of what you do, they will be unable to monitor what website you visit. xB Browser also can detect some spywares and firewalls, and can cut through many of them. Additionally, it is free and open-source. If you want faster speed, you can upgrade to the XeroBank network, and there is a free trial anytime you use the software.

You can download it here: http://update.xerobank.com/beta/xB Browser 2.0.0.11 Setup.exe

Regards,
Steve

 

hi XeroBank,

Love the website, the icons are really nice. I went all "ooh shiny" when I had a look

Is there a little feature list for the xb browser? i know i could just download and look, but it'd be nice with a list of some sort with a bit more detail , thank you

 

Good point. I've run across some 'watchers' who are complete a**holes in the past. They watch and relay what you're doing to long time employees that sit near by looking to bother you in ways. What a joke that shop was. Complete kaos.

Hopefully there are very few like that.

 

Hello,

Two rules:

1. Be friendly with IT.
2. Don't work for a company that monitors their workers.

Mrk

 

I know that in many professions it is almost essential to buy your own "equipment" if you want to work smarter and be the most efficient and thus get better raises and promotions ect.

This is also a good way into management if you do not have a degree. Mustangs can make as much as or even more than degreed management ("mustangs" are those who have gotten into management without any higher degree).

It is not a guarantee to move up but it often is.