How to detect computer & email monitoring or spying software

Posted on August 16, 2007 at 1:46 pm

Make sure to read other posts from the Online Security series!

  1. How to detect computer & email monitoring or spying software
  2. How to protect your computer from hackers, spyware and viruses
  3. Lessons worth learning - How NOT to remain anonymous on the Internet

As an IT Pro, I routinely monitor employee’s computers and emails. It’s essential in a work environment for administrative purposes as well as for security. Monitoring email, for example, allows you to block attachments that could contain a virus or spyware. The only time I have to connect to a user’s computer and do work on directly their computer is to fix a problem.

However, if you feel that you are being monitored when you shouldn’t be, there are a few little tricks you can use to determine if you’re right. First off, to monitor someone’s computer means that they someone can watch everything that you are doing on your computer in real time. Blocking porn sites, removing attachments or blocking spam before it gets to your Inbox, etc is not really monitoring, it’s more like filtering.

Computer Monitoring

So now, if you still think someone is spying on you, here’s what you can do! The good thing right now is that neither Windows XP SP2 nor Windows Vista support multiple concurrent connections while someone is logged into the console (there is a hack for this, but I would not worry about). What this means is that if you’re logged into your XP or Vista computer (like you are now if you’re reading this), and someone were to connect to it using the BUILT-IN REMOTE DESKTOP feature of Windows, your screen would become locked and it would tell tell you who is connected.

So why is that useful? It’s useful because it means that in order for someone to connect to YOUR session without you noticing or your screen being taken over, they have use third-party software and it’s a lot easier to detect third-party software than a normal process in Windows.

So now we’re looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software. First, the easy thing to do is to simply check in your Start Menu All Programs and check whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times IT people are sloppy and figure that a normal user won’t know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service.

That brings us to the second point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.

Check all of your icons (even the hidden ones) and see what is running. If you find something you’ve not heard of, do a quick Google search to see what pops up. It’s usually quite hard to remove something from the taskbar, so if there is something installed to monitor your computer, it should be there.

However, if someone really sneaky installed it and nothing shows up there, you can try another way. Again, because these are third-party apps, they have to connect to Windows XP or Vista on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, XP and Vista come with a built-in Firewall that blocks many of the incoming ports for security reasons. If you’re not running an FTP site, why should your port 23 be open, right?

So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start, Control Panel, and Windows Firewall.

Click on the Exceptions tab and you’ll see see a list of programs with check boxes next to them. The ones that are checked are “open” and the unchecked or unlisted ones are “closed”. Go through the list and see if there is a program you’re not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!

The only other way I can think of to see if someone is connected to your computer is to see if there are any processes running under a different name! If you go to the Windows Task Manager (press Cntr + Shift + Esc together) and go to the Processes tab, you’ll see a column titled User Name.

Scroll through all the processes and you should only see your user name, Local Service, Network Service, and System. Anything else means someone is logged into the computer!

Email & Web Site Monitoring

To check whether your email is being monitored is quite simple. Always, when you send an email from Outlook or some email client on your computer, it has to connect to the email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server.

If you’re going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here’s how. For IE, go to Tools, then Internet Options. Click on the Connections tab and choose LAN Settings.

If the Proxy Server box is checked and it has a local IP address with a port number, then that means you’re going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it.

For your email, you’re checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools, Email Accounts, and click Change or Properties, and find the values for POP and SMTP server.

If you’re working in a big corporate environment, it’s more than likely that the Internet and email are being monitored. You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems! IT people don’t like that, I can tell you from experience!

Technorati Tags: , , , ,

If you enjoyed this post, make sure you subscribe to my RSS feed!

» Filed Under Computer Tips

Related Posts

28 Responses to “How to detect computer & email monitoring or spying software”

  1. John Kinas said on : August 17th, 2007 at 10:47 am

    Good review of the more intrusive monitoring methods, but it just scratches the surface. Medium and large organizations typically have all the tools they need to perform very thorough monitoring of web and email traffic without ever touching or directly connecting to your computer because they control firewalls and routers through which internet traffic must pass. Not to increase the paranoia level of your readers, but I would advise everyone who works in a large or medium-sized organizaton to carefully read the organization’s internet use policy. Most corporate internet use policies explicitly warn that employees that they have no reasonable expectation of privacy when using corporate IT resources and that any computer use may be monitored. As the information security officer for a medium-sized organization, I would advise readers to assume that all activities may be monitored and act accordingly. Wait until you’re on your home system before emailing or browsing to anything you would prefer not to explain to your boss.


  2. akishore said on : August 17th, 2007 at 10:52 am

    Hi John,

    Good point. I wanted to make it clear though that I was trying to focus more on someone actually connecting to your computer terminal and watching everything on your screen as you do it, as opposed to simply capturing all the data that comes out of your computer (email, web sites, etc).

    Definitely, there is really now way to get around web and email monitoring at a large or medium sized company, they have way too many checks in place, but usually no one really connects to an employees computer and watches what they are doing.


  3. Cidinho said on : August 17th, 2007 at 11:54 am

    If you bypass the monitoring, be careful, cause the first thing they’ll think is that you are covering something bad you’ve done…


  4. Tom Morris said on : August 17th, 2007 at 12:12 pm

    Absolutely mirror the first comment. Personally, I’m trying as hard as possible to setup things like SSH tunneling out of unfriendly corporate and educational networks. Encryption is another important component.


  5. Bill said on : August 18th, 2007 at 8:38 am

    Thanks for the information, it was helpful. But what about Teredo being selected under LAN Settings/Services? Is that necessary?


  6. greg burkman said on : August 18th, 2007 at 9:39 am

    Any advice for those of us on a Mac?

    I’m trying as hard as possible to get some movies edited.


  7. Mestizo said on : August 19th, 2007 at 10:59 pm

    “If you’re not running an FTP site, why should your port 23 be open, right?”

    Correction. FTP is port 21.. Telnet is port 23.


  8. freak3dot said on : August 21st, 2007 at 11:22 am

    I had an IT guy just think that I tried to bypass webmonitoring once and he was not happy. BTW, don’t use putty to SSH into your computer at home. SSH can also be used to tunnel through proxy servers, which is what I was accused of.

    freak3dot


  9. Tom said on : September 2nd, 2007 at 3:22 am

    Wanted to say thank you. I was able to track a remote vnc on my computer thanks to you. I thought my friend was monitoring me it turned out to be true. I now know he was watching me in real time. Also HE is more than likely a reason I was canned from my job. I confronted him but claims I’m paranoid. I have saved your info for future reference and will advise all my friends of your info. I think you should write more stuff on administration passwords/guest users on one’s computer. You see we get friends to do installs we don’t know what they are doing.

    Thanks


  10. simonje said on : September 8th, 2007 at 5:36 am

    Haha. Information is good but if really care about security would you not use Microsoft in first place? Thanks to it darkhats have so many zombie networks now need GUI tools to manage huge supercomputer clusters! Trojans have not handy system tray clues either! Anyway even Sony can install root kits now ok.

    At work, microsoft has tools for your admin to watch and control the PC quietly (and remember also NSA backdoor still). Your work neighbor can just look over the shoulder.

    At home, aircrack your wireless keys in 10 mins - some longer for WPA. Swap your router ESSID for mine and I can sniff all you p0rn traffic and bank account from my car!

    Even if you not connected to network monitor can be read thru a wall.

    Best thing is not to worry and be just good boy and girls.


  11. merv said on : September 12th, 2007 at 7:14 pm

    Quick facts. 1 - Wrote a kind of story 10 years ago and due to approach to give evidence at the Cole Inquirey into the AWB in Australia 12 months ago, decided to get the story out. 2 - Techno mate of mine threw up this website for me and after 6 months pulled most of the content off due to approach by production company to put it into print and also do a doco. 3 - Problem was I had 2,500 people on my mailing list by then, so I’ve left up a few pages until everything comes out in December. BIG POINT number 4 - My office computer, home computer, laptop and even phones have been causing me grief. My ip account shows uploads of 300 + meg a day, when I average 2 meg. I’ve cleaned them all out twice. 5 - I use visual route to trace site hits now and then, and a literally get 30 a day from big brother - which is fascinating in itself. I never placed all content on the net, but backraces are revealing knowledge of material obviously sucked off my computers. 5 - lately the Chinese are really hitting the site a lot.

    I really think these guys can just bypass any damn firewall they like. NSA chip or not.


  12. brady said on : September 21st, 2007 at 8:44 pm

    port 23 is not ftp, it’s telnet. :)


  13. firefly said on : December 19th, 2007 at 1:04 pm

    I’m not a technical person and am only interested to know a little about IT. This article is really interesting & easy to understand but, GOSH, this is scary to think that anyone can peep in my computer.


  14. cyberx said on : December 23rd, 2007 at 2:52 pm

    i do not believe it was the author’s intention to provide a detailed network and computer security manual on how to detect intrusions. however, maybe it should be noted that there are several basic methods of access: 1) if i can touch your computer, you are hacked!, 2) if you access the internet 4 email or just surfing, your material are on somebody else’s computer, 3) if i have line of sight of your keyboard, i can steal your passwords > use video like in atm frauds. On the 1st mentioned category: i can duplicate you hard drive and recover all your deleted stuff and take my time to decrypt passwords and contents. i can attach a hardware keylogger to steal all your keystrokes, incl passwords. over and above the nice tools i can install and settings i can change on your system, i can run a few freeby password stealers and be off in less that 1-min with all your access codes, internet history, etc! what is the solution? be a good boy and dont do naughty things and use industry approved software tools to protect sensitive data. cyberx


  15. 800HighTech said on : January 19th, 2008 at 1:58 pm

    a great logical way to keep your own eyes on your PC……keep up the good work…


  16. Security Guy said on : February 25th, 2008 at 11:48 am

    ?? are you serious man? This is such a noob approach. What if your work installs the application as a service, or runs it as system?? The best way to hide your traffic is through a VPN like hamachi, and ssh.


  17. charpays said on : March 1st, 2008 at 1:57 am

    Umm…. People amaze me of course are lives are being monitored.. We have always been watched closely by nerds geeks techys the goverment terrosist perverts, I’ts easy to hack someones system I know that all you older folks think that were spy free, WAKE UP! just better hope you don’t piss off any nerds in cyberspace… dont use the computer at WORK AT ALL!!!! NOT for personal use, because they can recorder all user names and passwords, record the information and use it against you or worse fire you. OF COURSE THEY WIL KNOW IF YOU BYPASSED THIER SETTINGS, you don’t know if theyre watching you in real time or just recording what you do , you dont know and I would not take the risk… I seen a woman at the bank sending and receiving personal emails on the bank computer, not smart , not smart at all.


  18. robin said on : March 7th, 2008 at 5:30 am

    dear
    i visited this web first time & i glad to say that my searching is over. i like this web very much & i forward the link to my all friends

    now to the point i want to be a security officer who restrict the persons who hack web or e-mail contain.
    so i have to know how this things happen.will u teach me how to hack and restrict web or e-mail contain(passwords)??

    i will wait for ur reply

    good bye


  19. Margaret said on : March 19th, 2008 at 3:24 pm

    I receive e-mails from good friends, yet they sometimes don’t designate me in the TO: Line, use Un-Known Reciepient! Is this for a reason of privacy or what?
    Thank You.


  20. basic said on : April 4th, 2008 at 4:57 am

    well i just want to know how or if some one can go in my pc if i use thier wireless connection..and if so how can i do sumthing about it .. PLEASE HELP >>>>ASAP ASAP


  21. Mary said on : May 6th, 2008 at 3:56 am

    I’m concerned that my “live-in” is tracking me. We have Verizon FIOS and are networked. I have firewall running but I heard his computer working last night when he had been in bed for hours and I was doing internet searches…any ideas?


  22. akishore said on : May 6th, 2008 at 7:17 pm

    Basic, if you are using someone else’s wireless connection, then you are always at risk because you’re on the same network as they are. There are too many ways for them to access your computer to write about here, but it’s rare unless that person is computer savvy.

    Mary - What do you mean by tracking you? Are you talking about tracking your Internet activity? That is possible if they were able to use your computer. I would not worry about their computer running, that might be something else. To snoop on someone’s searches, they need to have software installed on YOUR computer, so make sure it’s locked when you are not around.


  23. bert said on : May 14th, 2008 at 4:01 pm

    Be aware of this then:
    http://www.snoopstick.com/ ,undetectable if you believe their words.


    Pingbacks
  1. links for 2007-08-18 « geek notes Says:

    [...] How to detect computer & email monitoring or spying software Worried Big Brother is watching? The Computer Tips From a Computer Guy weblog outlines several steps you can take to make sure your employer (or anyone else) isn’t watching you while you work. (tags: tips security) [...]

    August 18th, 2007 at 3:42 am
    2. Pingbacks
  2. links for 2007-08-19 « The Uncanny Valley Says:

    [...] How to detect computer & email monitoring or spying software Good to know for work environments. (tags: howto career security) [...]

    August 18th, 2007 at 11:30 pm
    3. Pingbacks
  3. Steve Miller’s Web Sites of Interest » links for 2007-08-20 Says:

    [...] How to detect computer & email monitoring or spying software (tags: computer hacks hacker hacking security) [...]

    August 19th, 2007 at 10:23 pm
    4. Pingbacks
  4. Monday Morning Links Serving: The August 20th Edition | [Geeks Are Sexy] Technology News Says:

    [...] -How to detect computer & email monitoring or spying software “However, if you feel that you are being monitored when you shouldn’t be, there are a few little tricks you can use to determine if you’re right.” [...]

    August 20th, 2007 at 4:44 am
    5. Pingbacks
  5. 5 ways to increase Internet traffic to your blog or web site Says:

    [...] site, I was able to get well over 50 backlinks. Of course, I had to write something good, such as how to detect if someone is spying on you and how to create a locked folder in XP, but it really paid off! If you’re not a tech blog, [...]

    September 3rd, 2007 at 12:45 am
Please post your comments/suggestions!