?
Solved

Computer Monitoring

Posted on 2005-04-23
16
Medium Priority
?
837 Views
Last Modified: 2010-04-11
Hi,

Sometimes I feel that someone is monitoring my PC.  I get the following symptoms:

- Computer becomes very slow
- I move the mouse,  but the pointer follows very slowly (delayed action)
- When I request for a program it takes a long time

What I do:
- Scan my computer for spy programs (definitions are always up-to-date)
- Scan my computer for viruses (definitions are always up-to-date)

What I suspect is that the Network admin might be accessing my computer to see what I am doing.  Many colleagues experienced this and complained.

We have a Windows 2003 server and Windows 2000 Pro. workstations.

Now,  if the admin tries to access my PC,  will Spy Software or AntiVirus catch this action?  Or do I have to put a personal firewall.

So,  what I want is:

- How to know if my computer is monitored
- What is the best program to use to catch who is accessing my PC and prevent him

Thanks a lot
hhammash
0
Comment
Question by:hhammash
  • 5
  • 4
  • 2
  • +4
16 Comments
 
LVL 1

Expert Comment

by:amareldo
ID: 13849945
1. I would use: ZoneAlarm.
2. It's free and the usability of this firewall is one of the best.
3. This firewall will let you know who is trying to access you pc.
0
 
LVL 14

Author Comment

by:hhammash
ID: 13850345
Hi,

Thank you for your reply.

Will it even stop the network admin?

Thanks
0
 
LVL 12

Assisted Solution

by:srikrishnak
srikrishnak earned 200 total points
ID: 13850392
Okies..>First point if the network admin has the right to access (supported by your corp policy) then i am afraid we dont have much option...if you want to access a firewall you can..however still admin can access your machine...
:)
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13850552
First, srikrishnak is correct, if it's the admin, he has the right to access your machine, but typically he still needs probable cause to do so. VNC (realVNC, TightVNC, winVNC etc...) and Timbuktu are popular remote control/viewing applications for admin's to use, and have modes where they can either just look at your activities, or they can take control of the mouse and keyboard. There are many other monitoring software applications that can do the same things, and even remain hidden from file searches and "spy" finding software.

amareldo's suggestion is a good one, ZA is free, and can be password protected so that even the admin cannot access your machine, srikrishnak is incorrect about that, as there are no password recovery options for ZA, however it's possible that the admin could uninstall the program if he has physical access to your machine and goes into safe mode, or unmounts your HD and erases ZA from you pc.

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za
You will need admin rights to install the program.
-rich
0
 
LVL 17

Expert Comment

by:ccomley
ID: 13851014
Use "Netstat" to tell you what ports are open on your computer.

But one other explanation is that you are low on memory - the computer "swaps out" programs you're not usingh to disk and when you switch back to them, there's a delay whilst it fetches them back into RAM, possibly swapping something else out first to make room.

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 400 total points
ID: 13851474
You can use 2 tools to be sure:

tcpview - a dynamic netstat - shows you what computers have a connection to your computer.

filemon (you need admin right to use it) it shows you properly what programs are accessing what files on your hd, quite usefull, if you want to find our what makes you computer slow.

you can get them (it's freeware) both here:

http://www.sysinternals.com/ntw2k/source/filemon.shtml

http://www.sysinternals.com/ntw2k/source/tcpview.shtml


and maybe this is usefull to:

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.


Let's hope this helps you.

Tolomir
0
 
LVL 14

Author Comment

by:hhammash
ID: 13851716
Hi,

Thank you all for your replies.

Tolomir,  I will download and check the programs.  They seem right.

hhammash
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
ID: 13852405
Programs such as Spector Pro and many other "Monitoring" program packages can hide themselves, and some are clever enough to be triggered by "knocking" on a port or protocol, so they don't have to be in the typical "listening" mode, and won't show up in a netstat /tcpview. http://www.portknocking.org/
Spector Pro and others can be considered "root-kits" as they employ methods of evasion by directly modifing the kernel. This is just an FYI... but for less "specialized" monitoring/remote controling software(vnc timbuktu), the methods and programs mentioned above will work fine.
ZoneAlarm(pro version, not the free one) however, is able to alert you when spector pro starts, as well block port knockers in my testing. ZA had to be installed AFTER spector to work properly, otherwise, if ZA was installed first, spector was able to "trick" za and effectivly by-pass it.
-rich
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 13852677
@ richrumble, you are right when you say, that there are programs that hide themselves from being detected, but it is hard to avoid accessing the disk or have a port open or are even connected to another computer while being monitored.

As long as we still don't know, it we are NT just dealing with some illbehaving program, monitoring is the best start.

@hhammash: Do you have admin rights on your computer? Cause without, installing programs is limited.

Talking about Spector, try this:

http://www.spywareremove.com/removeSpector.html

http://www3.enigmasoftware.com/download/spyhunterS.exe

Tolomir  
0
 
LVL 7

Accepted Solution

by:
ALNMOO earned 1200 total points
ID: 13853172
Dear hhammash,
The reasons that you are depending on are not enough to say you are monitored. For example, the slow of pointer should be slow from admin side not from your side if you are monitored.
So first things you have to check that you don’t have another problem that cause these effects.
Seconded, If your belong to a network only and your not a part of Domain then the administrator cannot access your PC if you want. And this can be done as follows:
      -GO to the 'my computer'   Right Click over C drive > Sharing and be sure that only you have the permissions.
      -right Click over My Computer and Select Manage
            Go shared folders and stop all shared folders (ADMIN$, C$, …) –of Course you cannot stop IPC$-.
      - be sure that no LISTENING process that you don’t know why it is running. (Using netstat –a )

By previous points, you be sure that he cannot open your files remotely.

But if you are a member of the domain, then the administrator can do a lot of things to monitor your PC.
And if you protected your PC with a firewall, he still can monitor your browsing and emails –if you use an internal Email Server- and more.

So I recommend that you tray to benefit of the network services without login to the domain –when you login to windows- and try to use local account of your PC.

I hope that I helped you



0
 
LVL 7

Expert Comment

by:ALNMOO
ID: 13853212
One more, to be sure that the problems that you are facing because your are monitored or not, disable your local network and if you still has the problems then sure you are not monitored.
0
 
LVL 14

Author Comment

by:hhammash
ID: 13854471
Thank you all,

I tried ZoneAlarm now,  I also tried it before - maybe last year- it hangs my PC.  

I liked tcpview, it is good.

ALNMOO,  thank you for your detailed explanation and recommendations.

Thanks
0
 
LVL 14

Author Comment

by:hhammash
ID: 13854501
I will not login to the domain, I will login as administrator locally.  This is better. Anyway I am not using anything shared.  I have my own printer,  own scanner,  DVD Writer,  and applications.  I will need only Internet.

When I login to the domain I feel that it is slow, the desktop appears after a long time,  I think because of the mapped network drives.  When I login as Local admin,  the computer and the internet are very fast.

I'll do that all the time.

Thanks hhammash
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 13854649
When you login to a domain, your desktop is saved on a netdrive, so if you got  500 MB on your desktop, it needs always copied to a local temporary folder.

Make a test. Login to your default domain, get a coffee ;-) move all big (> 1 MB)  files away from desktop, maybe to your local drive or to another network drive, you will see, next logon will be rather fast.

Tolomir
0
 
LVL 14

Author Comment

by:hhammash
ID: 13856938
Thank you Tolomir,

Great suggestion.

Is it faster now.  I kept only Shortcuts

Thanks a lot
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 13857244
You are welcome!

Tolomir
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question