|
Geek Forums
 |
|
|
Keyloggers and file security
| geek_socram |
July 24, 2010, 10:14 pm |
|
|
#1 | Having had a former employee dismissed through inappropriate computer use and theft of company time, (my partner installed a keylogger on that computer), I am curious to know how you can tell if a keylogger has been installed on a machine?
This query was created by another thread making an assumption that a keylogger may have been installed.
Equally, if you have to drop a computer in for technical repair, how can you prevent the technician nosing through your company accounts - or anything else for that matter? | |
|
| geek_gibler |
July 24, 2010, 10:44 pm |
|
|
#2 | various programs (including some anti-virus/anti-malware) will try to detect oftware keystroke loggers e. g.
http://dewasoft.com/privacy/kldetector.htm
If you can't trust a PC, then you are better to backup and then reinstall the OS from trusted media.
To prevent people reading your files. . either remove them first and securely erase free space OR encrypt them (e. g. Truecrypt). Or get a tech you trust and get them to sign a non-disclosure agreement. |
| geek_kevin16 |
July 24, 2010, 11:13 pm |
|
|
#3 | Thats 2 seperate Qs
Companies have a company tech. , on contract, . . |
| geek_jcmp21 |
July 24, 2010, 11:19 pm |
|
|
#4 | | +1 |
| geek_jcmp21 |
July 24, 2010, 11:30 pm |
|
|
#5 | | A reputable company should be safe to leave your machine with. If you feel you cannot trust them maybe try another company. Another option could be as suggested using truecrypt or something similar, however this could land you in serious crap if for some reason it goes wrong. A technician strictly speaking cannot go looking for interesting data etc, for example if he was installing a new video card in your machine it would give no excuse to go through your my documents folder etc. |
| geek_ferita |
July 25, 2010, 6:17 am |
|
|
#6 | No software will detect a hardware keylogger and if someone has an internal keylogger then it can be basically impossible to detect by the average person. Internal keyloggers can be built into an actual legitimate keyboard.
Secondly, a tech may be accessing different parts of your computer to fix it. If you have something that needs protecting then encrypt it otherwise get a tech who will sign a NDA.
A really good program that can thwart keyloggers is mamutu. |
| geek_drcspy |
July 25, 2010, 6:47 am |
|
|
#7 | | that's an assumption created from insufficient information. You have no idea whether the employer had advised staff that their computer activities would or could be monitored. If so the staff have NO comeback. |
| geek_kevin16 |
July 25, 2010, 7:27 am |
|
|
#8 | | true that, . . the reasons or termination would imply it was 'sprung' on the employee, what do -you- reckon? , |
| geek_kevin16 |
July 25, 2010, 7:34 am |
|
|
#9 |
I want to know what the "or anything else for that matter? ", refers too, . . |
| geek_ferita |
July 25, 2010, 7:48 am |
|
|
#10 | | Ha ha ha, computer techs rubbing the hardware all over there bodies LOL |
| geek_kevin16 |
July 25, 2010, 7:50 am |
|
|
#11 | | rofl, . . uber-nerd-pron, |
| geek_little_egypt |
July 25, 2010, 8:05 am |
|
|
#12 | | I didn't get that impression at all. There was nothing in OP to suggest that the employee didn't get multiple written warnings and a keylogger installed to make sure they complied with the written warnings. It's the employer's computer after all, and hard for an employee to claim an invasion of privacy when you're not supposed to be using that computer for personal/private use in the first place. |
| geek_kevin16 |
July 25, 2010, 8:08 am |
|
|
#13 |
This is why I asked for clarification of "... - or anything else for that matter? ". . |
| geek_little_egypt |
July 25, 2010, 8:10 am |
|
|
#14 | You remember a few months back there was a discussion on here about some tech got busted for going through his clients computers and collecting kiddy-photos. . probably stuff like that.
Another interesting thing, that case actually got a mention at the ecrime presentation last week too (pretty sure it was the same case) The guy was using full disk encryption but when the police went through his USB drives they found a backup of the encryption keys! Pwnt! |
| geek_little_egypt |
July 25, 2010, 8:12 am |
|
|
#15 | | I think there's two different issues here; 1) Issues around inappropriate use of a work computer, and 2) Issues around protecting information when a computer (not necessarily a work one) is in for repair. . |
| geek_kevin16 |
July 25, 2010, 8:14 am |
|
|
#16 |
this is a company computer so should only have company info on it, so how can there be anything else? , . . unless, . . there are two sets of policy, ... | |
|
| geek_little_egypt |
July 25, 2010, 8:18 am |
|
|
#17 | | I didn't read the second paragraph as necessarily still being a "work" computer. But even if you limit it to that, there's still lots of 'anything else' in a business other than company accounts that you might not want a tech looking at. |
| geek_kevin16 |
July 25, 2010, 8:19 am |
|
|
#18 | further for the prod... .
if it was a half decent company it would have someone doing IT that is not the tea-lady, . . and they would have locked down to computers denying inet access, ... . |
| geek_little_egypt |
July 25, 2010, 8:24 am |
|
|
#19 | | There's a LOT of small businesses that can't really justify the expense of that level of IT. If you only have five employees and a DSL connection, and the tea lady knows how to install AVG and keep it updated, she is your IT department... |
| geek_kevin16 |
July 25, 2010, 8:27 am |
|
|
#20 | | imho, and I guess the point I'm trying to make is, if the op had their system set up by a pro, they would still have that employee, . . |
| geek_little_egypt |
July 25, 2010, 8:36 am |
|
|
#21 | Hopefully the tealady would have enough sense to ask the company's lawyer before doing something that might not be legal.
Also as far as the employee goes, if they hadn't been misusing company equipment (and to get fired this would be a lot more than the occasional look at TM or checking their gmail) then they'd still have their job.
Most small businesses allow for a small amount of personal use, if you're too strict you may end up with annoyed and less productive workers. |
| geek_lythande1 |
July 25, 2010, 2:18 pm |
|
|
#22 |
Which is asking for trouble. When it all goes bad, then they scream and expect some tech to wave the magic wand.
Much better to have a reputable tech come and show you a few things you should be doing on a regular basis. Doesn't have to be ongoing "maintenance" most of which is unnecessary and an excuse for the IT co to make loads of money.
Yes techs can look at your stuff, most won't. One: they don't care Two: Too busy sorting it to bother.
And any decent anti-spyware program is going to pick up a keylogger - the fact that you don't know that means you aren't using any - which will cause more damage than some employee browsing the net instead of working. |
| geek_vtecintegra |
July 25, 2010, 2:26 pm |
|
|
#23 | | No as mentioned earlier a hardware keylogger is completely undetectable by software. |
| geek_jcmp21 |
July 25, 2010, 4:07 pm |
|
|
#24 | +1
Also if anyody has had physical access to your machine consider it compromised. An installed rootkit is embedded so deep in the system that anything running at the software level can be subverted, ie displaying falsified results after scans etc. |
| geek_socram |
July 25, 2010, 4:14 pm |
|
|
#25 | Just to clarify.
If you are paying an employee very well, yet you find out that as soon as the boss is out of the building, up to 80% of his time is spent on non-work related stuff, and that person's role is crucial to creating work for the remaining employees, then it is theft of company time, pure and simple, which is a serious misconduct issue and subject to instant dismissal according to the contract.
Secondly: He was asked to resign and also signed a letter claiming that there would be no comeback on the company. After he had signed that document, we also informed him that as we had knowledge of the websites he had been visiting, that we wouldn't take it any further. Read into that what you want, but porn was NOT involved, but I think his partner wouldn't have been too pleased...
Thirdly: A manufacturing company with less than 10 employees does not normally have an IT dept for three computers! (I am no longer a partner in that business through choice and a realignment of shareholdings and assets. )
As for privacy issues on my own PC. As a self employed person for 23 years, with a large client base all over the country, past and present, there is bound to be commercially sensitive stuff on my PC and it is not always possible to remove items subject to copyright, or information on clients, where some of their information is also commercially sensitive.
Computers have a habit of failing before you are able to keep up to date with all the housekeeping...
Fortunately, I don't get many problems but just I posed the question as computers are not my business, but I do know that some professionals are less than professional and that goes for several areas and is not aimed at the computer industry.
However, I have heard of several cases where techicians have dobbed in clients who did have objectionable material on their computers, so how did they discover it?
A confidentially agreement with the technician is a good idea though, but who can ever prove who passed on sensitive info via a telephone call?
I have never yet seen any computer business with a notice declaring their confidentiality/privacy policy... |
| geek_biker_69 |
July 25, 2010, 4:49 pm |
|
|
#26 | | NZ Dating. I've worked with a couple of guys who lived on there during work hours. One got sprung and asked to leave. The other I believe is still doing it (same company BTW - I worked with them 5 years ago and still know people there). Neither were married, but I found the complete lack of regard for their work quite appalling. The one who left even convinced his boss that he needed help with his workload and they got a contractor in. |
| geek_biker_69 |
July 25, 2010, 4:53 pm |
|
|
#27 | Well, that's pretty tricky. It's a matter of trust. You have to choose very carefully but even then there's no guarantees.
Someone suggested Truecrypt. I use this for ALL my data because a lot of the work I do is very commercially sensitive with proprietory designs. But it's only because of physical theft as I look after my own computer needs. |
| geek_jcmp21 |
July 25, 2010, 5:06 pm |
|
|
#28 | With regards to the discovery of material on a machine, if a technician goes looking for dirt where there would be no reason to then the information obtained would be considered to be obtained by non legal means. ie as per my example earlier where a technician is asked to replace a video card and stumbles upon objectionable material in a folder in the owners documents folder then it would have to be proven that the technician had a purpose for going through the owners files in the course of adding a video card.
If however the technician was asked to backup all files in the usersdocuments folder and upon verifying that backups had successfully been completed and an objectionable image for example is seen then this would be considered a valid discovery and could be used in evidence against the owner of the machine. I realise there was no mention of any illegal files in your post, but just to clarify the rules around it from subsequent posts.
With respect to use of the internet and dismissal. To ensure a rigid enforcement of policy there would as a rule be an internet usage policy that outlines what is acceptable and what isn't, ie use of social networking sites, pornography, file sharing, etc. As the network and the machines on it are property of the company what management says goes with respect to what can be done on those machines and with an internet usage policy that is signed by all employees this is pretty bulletproof when rules are broken. |
| geek_socram |
July 25, 2010, 10:43 pm |
|
|
#29 | Thanks for that clarification!
There were no illegal files on the company computer, (nor are there any on mine! )
The work issue was more a theft of company time and the fact that other people were being kept waiting for work that the guilty party was delaying, due to his excessive personal use of the computer.
It is tough enough as it is for a small company to survive these days, without staff ripping them off and causing problems, by notpulling their weight. It is even worse when they also affect other staff. |
| geek_jcmp21 |
July 25, 2010, 11:33 pm |
|
|
#30 | If you put together an internet usage policy that outline what they can and cannot do for future cases it will be very easy to go through the disciplinary motions. You can download some from various places. Netsafe also have some resources as well. I added the link but for some reason the link to download the actual template is broken so it may be a case of emailing them or something for it.
http://www.netsafe.org.nz/archive/businesses/businesses_defa
ult.html
Another thing to look at could be opendns which you can create an account with and set up to block certain things like social networking sites, peer 2 peer downloading, porn sites, streaming tv and movie sites and more. You just point the computers you want to suffer the restrictions and they will only allow what you have set.
http://www.opendns.com/about/overview/ | |
| | Leave your comment: | |
Geek Forums Message Board > Keyloggers and file security
|
|
|
|
