Σχετικός με την αναζήτησή σας

Πώς να ανιχνεύσει τον υπολογιστή & το ηλεκτρονικό ταχυδρομείο που ελέγχουν ή λογισμικό κατασκόπευσης

Ταχυδρομημένος στις 16 Αυγούστου 2007 στις 1:46 μ.μ.


Σαν ΤΠ υπέρ, ελέγχω συνήθως τους υπολογιστές και τα ηλεκτρονικά ταχυδρομεία του υπαλλήλου. Είναι ουσιαστικό σε ένα περιβάλλον εργασίας για διοικητικούς λόγους καθώς επίσης και για την ασφάλεια. Το ηλεκτρονικό ταχυδρομείο ελέγχου, παραδείγματος χάριν, επιτρέπει σε σας για να εμποδίσει τις συνδέσεις που θα μπορούσαν να περιέχουν έναν ιό ή spyware. Ο μόνος χρόνος που πρέπει να συνδέσω με τον υπολογιστή ενός χρήστη και εργάζομαι άμεσα στον υπολογιστή τους είναι να καθοριστεί ένα πρόβλημα.

Εντούτοις, εάν θεωρείτε ότι ελέγχεστε όταν δεν πρέπει να είστε, υπάρχουν μερικά λίγα εξαπατούν εσείς μπορούν να χρησιμοποιήσουν για να καθορίσουν εάν είστε σωστοί. Πρώτα από, να ελέγξει τον υπολογιστή κάποιου σημαίνει ότι κάποιος μπορούν να προσέξουν όλα που εσείς κάνουν στον υπολογιστή σας σε πραγματικό - χρόνος. Που εμποδίζει ο πορνογραφικός τις περιοχές, αφαιρώντας τις συνδέσεις ή εμποδίζοντας spam προτού να φτάσει στο Inbox σας, κ.λπ. δεν ελέγχει πραγματικά, είναι περισσότερος όπως το φιλτράρισμα.

Έλεγχος υπολογιστών

Τόσο τώρα, εάν σκέφτεστε ακόμα κάποιος κατασκοπεύει σε σας, είναι εδώ τι μπορείτε να κάνετε! Το καλό πράγμα αμέσως είναι ότι ούτε SP2 παραθύρων XP ούτε Vista παραθύρων δεν υποστηρίζει τις πολλαπλάσιες ταυτόχρονες συνδέσεις ενώ κάποιος καταγράφεται στην κονσόλα (υπάρχει μια αμυχή για αυτό, αλλά δεν θα ανησυχούσα για). Τι αυτό σημαίνει είναι ότι εάν καταγράφεστε στον υπολογιστή σας XP ή Vista (όπως σας είναι τώρα εάν διαβάζετε αυτό), και κάποιος επρόκειτο να συνδέσει με το που χρησιμοποιεί ΕΝΣΩΜΑΤΩΜΕΝΟΣ ΜΑΚΡΙΝΟΣ ΥΠΟΛΟΓΙΣΤΗΣ ΓΡΑΦΕΊΟΥ το χαρακτηριστικό γνώρισμα των παραθύρων, η οθόνη σας θα γινόταν κλειδωμένο και θα έλεγε σε λέει που συνδέεστε.

Τόσο γιατί είναι αυτός χρήσιμος; Είναι χρήσιμο επειδή σημαίνει ότι για κάποιος συνδέει με τη σύνοδό ΣΑΣ χωρίς σας παρατήρηση ή την οθόνη σας που αναλαμβάνεται, αυτοί έχει το λογισμικό τρίτων χρήσης και είναι πολύ ευκολότερο να ανιχνευθεί το λογισμικό τρίτων από μια κανονική διαδικασία στα παράθυρα.

So now we’re looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software. First, the easy thing to do is to simply check in your Start Menu All Programs and check whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times IT people are sloppy and figure that a normal user won’t know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service.

That brings us to the second point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.

Check all of your icons (even the hidden ones) and see what is running. If you find something you’ve not heard of, do a quick Google search to see what pops up. It’s usually quite hard to remove something from the taskbar, so if there is something installed to monitor your computer, it should be there.

However, if someone really sneaky installed it and nothing shows up there, you can try another way. Again, because these are third-party apps, they have to connect to Windows XP or Vista on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, XP and Vista come with a built-in Firewall that blocks many of the incoming ports for security reasons. If you’re not running an FTP site, why should your port 23 be open, right?

So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start, Control Panel, and Windows Firewall.

Click on the Exceptions tab and you’ll see see a list of programs with check boxes next to them. The ones that are checked are “open” and the unchecked or unlisted ones are “closed”. Go through the list and see if there is a program you’re not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!

The only other way I can think of to see if someone is connected to your computer is to see if there are any processes running under a different name! If you go to the Windows Task Manager (press Cntr + Shift + Esc together) and go to the Processes tab, you’ll see a column titled User Name.

Scroll through all the processes and you should only see your user name, Local Service, Network Service, and System. Anything else means someone is logged into the computer!

Email & Web Site Monitoring

To check whether your email is being monitored is quite simple. Always, when you send an email from Outlook or some email client on your computer, it has to connect to the email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server.

If you’re going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here’s how. For IE, go to Tools, then Internet Options. Click on the Connections tab and choose LAN Settings.

If the Proxy Server box is checked and it has a local IP address with a port number, then that means you’re going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it.

For your email, you’re checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools, Email Accounts, and click Change or Properties, and find the values for POP and SMTP server.

If you’re working in a big corporate environment, it’s more than likely that the Internet and email are being monitored. You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems! IT people don’t like that, I can tell you from experience!

Technorati Tags: , , , ,

Bookmark, Share or Email this article.

If you enjoyed this post, make sure you subscribe to my RSS feed!

» Filed Under Computer Tips

Related Posts

17 Responses to “How to detect computer & email monitoring or spying software”

  1. John Kinas said on : August 17th, 2007 at 10:47 am

    Good review of the more intrusive monitoring methods, but it just scratches the surface. Medium and large organizations typically have all the tools they need to perform very thorough monitoring of web and email traffic without ever touching or directly connecting to your computer because they control firewalls and routers through which internet traffic must pass. Not to increase the paranoia level of your readers, but I would advise everyone who works in a large or medium-sized organizaton to carefully read the organization’s internet use policy. Most corporate internet use policies explicitly warn that employees that they have no reasonable expectation of privacy when using corporate IT resources and that any computer use may be monitored. As the information security officer for a medium-sized organization, I would advise readers to assume that all activities may be monitored and act accordingly. Wait until you’re on your home system before emailing or browsing to anything you would prefer not to explain to your boss.


  2. akishore said on : August 17th, 2007 at 10:52 am

    Hi John,

    Good point. I wanted to make it clear though that I was trying to focus more on someone actually connecting to your computer terminal and watching everything on your screen as you do it, as opposed to simply capturing all the data that comes out of your computer (email, web sites, etc).

    Definitely, there is really now way to get around web and email monitoring at a large or medium sized company, they have way too many checks in place, but usually no one really connects to an employees computer and watches what they are doing.


  3. Cidinho said on : August 17th, 2007 at 11:54 am

    If you bypass the monitoring, be careful, cause the first thing they’ll think is that you are covering something bad you’ve done…


  4. Tom Morris said on : August 17th, 2007 at 12:12 pm

    Absolutely mirror the first comment. Personally, I’m trying as hard as possible to setup things like SSH tunneling out of unfriendly corporate and educational networks. Encryption is another important component.


  5. Bill said on : August 18th, 2007 at 8:38 am

    Thanks for the information, it was helpful. But what about Teredo being selected under LAN Settings/Services? Is that necessary?


  6. greg burkman said on : August 18th, 2007 at 9:39 am

    Any advice for those of us on a Mac?

    I’m trying as hard as possible to get some movies edited.


  7. Mestizo said on : August 19th, 2007 at 10:59 pm

    “If you’re not running an FTP site, why should your port 23 be open, right?”

    Correction. FTP is port 21.. Telnet is port 23.


  8. freak3dot said on : August 21st, 2007 at 11:22 am

    I had an IT guy just think that I tried to bypass webmonitoring once and he was not happy. BTW, don’t use putty to SSH into your computer at home. SSH can also be used to tunnel through proxy servers, which is what I was accused of.

    freak3dot


  9. Tom said on : September 2nd, 2007 at 3:22 am

    Wanted to say thank you. I was able to track a remote vnc on my computer thanks to you. I thought my friend was monitoring me it turned out to be true. I now know he was watching me in real time. Also HE is more than likely a reason I was canned from my job. I confronted him but claims I’m paranoid. I have saved your info for future reference and will advise all my friends of your info. I think you should write more stuff on administration passwords/guest users on one’s computer. You see we get friends to do installs we don’t know what they are doing.

    Thanks


  10. simonje said on : September 8th, 2007 at 5:36 am

    Haha. Information is good but if really care about security would you not use Microsoft in first place? Thanks to it darkhats have so many zombie networks now need GUI tools to manage huge supercomputer clusters! Trojans have not handy system tray clues either! Anyway even Sony can install root kits now ok.

    At work, microsoft has tools for your admin to watch and control the PC quietly (and remember also NSA backdoor still). Your work neighbor can just look over the shoulder.

    At home, aircrack your wireless keys in 10 mins - some longer for WPA. Swap your router ESSID for mine and I can sniff all you p0rn traffic and bank account from my car!

    Even if you not connected to network monitor can be read thru a wall.

    Best thing is not to worry and be just good boy and girls.


  11. merv said on : September 12th, 2007 at 7:14 pm

    Quick facts. 1 - Wrote a kind of story 10 years ago and due to approach to give evidence at the Cole Inquirey into the AWB in Australia 12 months ago, decided to get the story out. 2 - Techno mate of mine threw up this website for me and after 6 months pulled most of the content off due to approach by production company to put it into print and also do a doco. 3 - Problem was I had 2,500 people on my mailing list by then, so I’ve left up a few pages until everything comes out in December. BIG POINT number 4 - My office computer, home computer, laptop and even phones have been causing me grief. My ip account shows uploads of 300 + meg a day, when I average 2 meg. I’ve cleaned them all out twice. 5 - I use visual route to trace site hits now and then, and a literally get 30 a day from big brother - which is fascinating in itself. I never placed all content on the net, but backraces are revealing knowledge of material obviously sucked off my computers. 5 - lately the Chinese are really hitting the site a lot.

    I really think these guys can just bypass any damn firewall they like. NSA chip or not.


  12. brady said on : September 21st, 2007 at 8:44 pm

    port 23 is not ftp, it’s telnet. :)


    Pingbacks
  1. links for 2007-08-18 « geek notes Says:

    […] How to detect computer & email monitoring or spying software Worried Big Brother is watching? The Computer Tips From a Computer Guy weblog outlines several steps you can take to make sure your employer (or anyone else) isn’t watching you while you work. (tags: tips security) […]

    August 18th, 2007 at 3:42 am
    2. Pingbacks
  2. links for 2007-08-19 « The Uncanny Valley Says:

    […] How to detect computer & email monitoring or spying software Good to know for work environments. (tags: howto career security) […]

    August 18th, 2007 at 11:30 pm
    3. Pingbacks
  3. Steve Miller’s Web Sites of Interest » links for 2007-08-20 Says:

    […] How to detect computer & email monitoring or spying software (tags: computer hacks hacker hacking security) […]

    August 19th, 2007 at 10:23 pm
    4. Pingbacks
  4. Monday Morning Links Serving: The August 20th Edition | [Geeks Are Sexy] Technology News Says:

    […] -How to detect computer & email monitoring or spying software “However, if you feel that you are being monitored when you shouldn’t be, there are a few little tricks you can use to determine if you’re right.” […]

    August 20th, 2007 at 4:44 am
    5. Pingbacks
  5. 5 ways to increase Internet traffic to your blog or web site Says:

    […] site, I was able to get well over 50 backlinks. Of course, I had to write something good, such as how to detect if someone is spying on you and how to create a locked folder in XP, but it really paid off! If you’re not a tech blog, […]

    September 3rd, 2007 at 12:45 am
Please post your comments/suggestions!