Monitored at work

Discussion in 'privacy general' started by irwinfletcher, Jan 25, 2008.

Thread Status:
Not open for further replies.
  1. irwinfletcher

    irwinfletcher Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    3
    Hi,

    I've been searching the forums looking for answers to some questions I have but I've yet to find them. Here is my situation: I work at a company that has some sort of monitoring software. Not sure what it is exactly but it has the ability to view everyone's desktops, record url histories, etc.

    Over the past few months I've been on a committee to deal with workplace morale and inefficiency issues. I've been especially critical of our IT Department because they have dropped the ball over the past decade or so in adopting emerging technologies. As a result, the company has suffered and many of us formed a management-approved advisory committee to analyze our processes and propose solutions to management. This has ruffled some feathers to say the least. One member of the committee has noticed some e-mails being displayed as "read" before he has opened them and another has had some e-mails completely disappear. I know that other employees have been randomly called out in the past with browsing histories brought before them. This would be fine if the rules were being enforced evenly. The problem is that certain people are being targeted if they dare speak up against any of our systems.

    Now I understand that these are company PC's and are therefore could open up a whole debate on whether they are acting appropriately or not. I don't want to get into that. What I'd like to know is if any of the products like SnoopFree or SpyCop could be used to detect if they were monitoring me. And if so, how do they work? Can any of these products tell you in real time that you are being monitored? Or are they more like scanners that would simply detect the presence of the monitoring software. I need something more like the former. I know that they have the monitoring software, I just want to know how often they are sitting there watching what I'm doing. Or what files/e-mails they are looking at on my computer? Is there anything out there that can do that? And if so, are they in turn detectable by their monitoring software?

    Thanks in advance,

    IF
     
  2. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I think your best bet would be to use spycop first. If that shows nothing you may be out of luck especially if it runs at kernel level without getting into much more advanced software/approaches.

    Thanks,

    Chris
     
  3. irwinfletcher

    irwinfletcher Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    3
    Thanks Chris.

    Do you know if SpyCop provides the real time recognition features that I'm looking for?

    IF
     
  4. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    No realtime protection. Just scans and detects.

    Thanks,

    Chris
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi IF

    A couple of issues here. First anything you install and run on your PC can probably be detected. Secondly it probably is a violation of your companies policy, so you dig yourself in deeper.

    Bottom in here is managemant is going along with this possibly through ignorance, possibly through choice. Either way leaves you sort of between a rock and a hard place. Your options really boil down to accepting it and living with it, or biding your time and moving on. Kind of sad really.

    Pete

    PS Don't burn bridges.
     
  6. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    i might also add that you're using company property here. they pay for the machines, the internet, the software.
    they are LEGALLY allowed to "spy" on you as much as they want.
    there is no such thing as privacy when you're using equipment and services somebody else owns!

    so, give it up. you're not going to outsmart them.

    unless they are incompetent of course.
     
  7. irwinfletcher

    irwinfletcher Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    3
    Thanks for the feedback.

    Yes, there is enough incompetence/ignorance to go around. A few stories...

    First, I'm in the accounting field but have always been pretty tech savvy. A few years ago management asked me to help out on a project where we were trying to get some of our clients to send in their QuickBooks files. Our IT department had the clients actually trying to e-mail these files. I advised them that e-mail was not the most secure or efficient way of doing this and recommended that we develop a method for our clients to securely upload the files directly to our office. We, of course, outsourced this since no one in our IT department could do such a thing. In the process of directing some of our clients through this process I began using a remote access product to guide them through the upload process. I was amazingly allowed to install and use these remote access products without any blocks, warnings, etc. I even connected to my work PC from home without a problem. I advised management and IT of this glaring security hole and nothing has changed to this day. In fact, I've been advising management that we should be looking at embracing that type of technology but making sure that we are doing it right and in a secure fashion. Their solution has been to allow me and other random employees to use the "free" version of some of these remote access products without any sort of policy whatsoever on it.

    And don't even get me started on our company website which has a circa 1996 feel to it. It can't even be viewed properly in anything other than IE. I don't think they understand that there are other browsers out there that many people use. When my department wanted to increase our web presence, I created our own website with a different url altogether.

    It's actually somewhat humorous, if not downright scary, at times. I go out and access my PC remotely and create a new website on my own and management actually thinks that it is a good thing. They think it's neat that I "discovered" the remote access technology and had no problem with me creating my own department website. Unbelievable.

    It's also funny that much of the hardware and software that I use is actually NOT the company's but my own. I purchased two extra monitors, video cards, speakers, wireless mouse and keyboard, UltraMon software, etc.

    Management is definitely on board with everything I'm doing...BUT, I could see the IT Department trying to undermine me by collecting information on my internet browsing habits, etc. Now don't get me wrong, I'm not abusing my time by any means but I'll surf around the net while I'm on a phone call or other random times throughout the day. I'm just saying that it would be easy to cherry pick certain items of ANYONES computer activity and present a case that they are abusing the system. I believe management wouldn't do anything about it but I still don't like the idea of someone trying to burn me. Maybe I'm giving them too much credit.

    So it sounds like there is nothing out there that would give me real time notification. Is there anything out there that would simply block what they are trying to do? Is there a way to surf the net in an undetectable fashion? Through a PortableApps type of browser on a thumb drive? Is there a way to prevent them from viewing my active desktop? Is there a way to prevent them from viewing my e-mails?

    Thanks again,

    IF
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    They are IT, which means that in theory, at least they have complete and utter ability to monitor what you do because they administer the network.

    To answer your specific questions:

    If you are using the company internet connection, then the answer is a qualified "no". In theory, you're going out through some kind of gateway or proxy and it could have the ability to monitor what you do - if they want to.

    I would suggest not, because even if you have the admin password - so do they. Remove any software they install at your peril - it will just make things worse.

    No. They don't even need your PC for that and there are many, many ways they can view it. For example, they you could set server side forwards, they could give themselves permission to access your account, they could even make your email address an alias - which goes to them or you.

    Even if you bring in your own laptop and plug it in, there's no guarantee of you not being monitored... and any steps you take to prevent the company from monitoring makes you look guilty of something.

    As a business owner, if I install software to monitor my employees and they remove it then its an escalation policy starting with "That's there for a reason, perhaps you didnt realise it...", escalating through to to "You insist on tampering with this software. Please leave and do not come back".

    Quite honestly, my advice would either be: Surf the net on your own time, look for another position, or both.
     
  9. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    to further add to mr. nash's post,

    it sounds like an intolerable situation you got yourself there. first, why would you pay with your personal money to get equipment used in your daily work?
    also, if you don't trust management then there is absoltely no point what so ever in working there. absolute trust is essential between management - it dept. - employees.

    i would suggest looking for a new position, because you're obviously not happy. and what's the point in doing something that doesn't make you happy?

    (evil side note, there is a reason why i joined the ranks of it security professionals.. who's watching the watchers? answer: nobody)
     
  10. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    On the local news, a report that local government workers were using company PCs to view X-rated websites. They got terminated. But it only came out because a whistleblower reported them. Not found by any admin people or monitoring software. :isay:
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes. Absolutely. You want xB Browser, and you can install it to your thumb drive and run it from any Windows computer. Unless they are monitoring what you type and are taking screen shots of what you do, they will be unable to monitor what website you visit. xB Browser also can detect some spywares and firewalls, and can cut through many of them. Additionally, it is free and open-source. If you want faster speed, you can upgrade to the XeroBank network, and there is a free trial anytime you use the software.

    You can download it here: http://update.xerobank.com/beta/xB Browser 2.0.0.11 Setup.exe

    Regards,
    Steve
     
  12. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    hi XeroBank,

    Love the website, the icons are really nice. I went all "ooh shiny" when I had a look :D

    Is there a little feature list for the xb browser? i know i could just download and look, but it'd be nice with a list of some sort with a bit more detail , thank you
     
  13. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Good point. I've run across some 'watchers' who are complete a**holes in the past. They watch and relay what you're doing to long time employees that sit near by looking to bother you in ways. What a joke that shop was. Complete kaos.

    Hopefully there are very few like that.
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Two rules:

    1. Be friendly with IT.
    2. Don't work for a company that monitors their workers.

    Mrk
     
  15. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I know that in many professions it is almost essential to buy your own "equipment" if you want to work smarter and be the most efficient and thus get better raises and promotions ect.

    This is also a good way into management if you do not have a degree. Mustangs can make as much as or even more than degreed management ("mustangs" are those who have gotten into management without any higher degree).

    It is not a guarantee to move up but it often is.
     
    Last edited: Feb 8, 2008
Loading...
Thread Status:
Not open for further replies.