Solved

Legitimate Tracking Software

Posted on 2008-10-30
7
451 Views
Last Modified: 2013-12-04
We have been having problems with individuals hacking other computers and staff downloading non-approved software.  Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things.

So, the next best thing is tracking software.  I'm interested in something like a key logger but I need to be able to have symantec ignore the software also.  Of course it needs to be a network-approved software.

We run Windows Server 2003.  Exchange.  We host our own e-mail.  We have approximately 50 users.  Each workstation this is to be placed on runs Windows XPP and Symantec Client Security.

I would appreciate any and all thoughts.  Have you tried it.  Does it work.  How accurate, etc.
0
Comment
Question by:lkretzBK
7 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 22845320
If you are running SAV Corporate client, then you can go into the console and tell it which applications to ignore.  Anything that you pick, it can ignore, but I think your getting yourself in a uncomfortable position by bringing keyloggers into your environment.  There are management utilities out there that can protect against that stuff without recording everything that the employees are doing.
0
 
LVL 11

Expert Comment

by:knoxzoo
ID: 22845706
Spiceworks monitors software installed on systems.  

www.spiceworks.com
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 240 total points
ID: 22845852
SpectorSoft.com  has two business versions: SpectorCNE and Spector360.  They also have consumer editions that are good to use on your home computer.

They perform keyword alerts, key logging and stats, web stats, application usage, idle time, many others.  Tons of reports.  Interface is full of information right out of the box.

Installation documentation has instructions for Symantec exceptions to ignore the agent.

Also, newest version has optional password masking (overrides keystroke logging for logins) and ability to maintain collection on remote computers like traveling laptops or remote workers.

Have had very few tech support calls over the past few years.  Most of them about migration of database, upgrades, and anti-virus killing the agent.  Support is great.  Highly recommend it.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 44

Expert Comment

by:scrathcyboy
ID: 22846546
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 240 total points
ID: 22846757
>Keyloggers are not really "legitimate" as you call it, they are spyware.

It all depends on the application of the technology.  Eye of the beholder, you could call it.

In verifiable data-entry, it is a requirement.  Multiple operators input same data within time constraints.  Keystroke analysis will give a pass/fail to the data entered.

Keystroke logging can also be used for typing rate analysis.  Accuracy.  Speed. Use of the backspace or delete keys.

In some environments, forensic analysis is enhanced by keystroke logging.  I, personally, have found the source of a virus infection by analyzing the forensic data recorded by SpectorSoft.  Tracked the activity down to the user, exact e-mail, and web site link.  Further analysis showed that the malware installation was not deliberate.  Proper resolution was removal of software, one-on-one meeting explaining cause of problem, group meeting explaining new exploit modes.

The work environment and proper disclosure are necessary, of course.  A work environment may include access control, security cameras, e-mail archiving & monitoring, web usage reporting, web content filtering, chat blocking or filtering, keyword analysis and alerting.  Keystroke logging has a place.  But definitely not in all environments.

It's just a tool.   Like video cameras.  They can be used or abused.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 80 total points
ID: 22850662
Well your users seem to have no regard for the rules... "hacking other computers" and "non-approved software". The best thing you can do is reign them back in, publish your acceptable use policies, have the users sign off that they have read and understood that their actions can and will have consequences. If you need a good AUP to start with, try all the various policies you can find here: http://www.sans.org/resources/policies/#template
Then you should follow through with the policies so that word spreads that your actually enforcing the rules. If symantec can't keep them from installing software, then perhaps you should consider getting ZoneAlarm or McAfee which can, and they also use a seperate password and can deny anyone the ability to install unless the additional password is provided.
-rich
0
 
LVL 19

Accepted Solution

by:
CoccoBill earned 180 total points
ID: 22866650
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

Actually there are very few applications that require admin privileges, most of the time user or power user privileges are enough when you find out exactly what in the application requires administrative rights. Typically this is something silly like a one-time registry key write under HKLM on first start of the software. Use filemon and regmon to find out exactly what the software is trying to do and only grant the users access to the appropriate files/registry keys.

http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx

"That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software."

Where did it say the applications in question were MS? If a software vendor writes an app against MS's specification (yes, the specs say where software should and should not write, and that apps should work with user privileges) I don't see why you're blaming MS. It's quite as easy to write software for Linux or any other OS that requires admin/root access.[/rant]
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question