Solved

Legitimate Tracking Software

Posted on 2008-10-30
7
446 Views
Last Modified: 2013-12-04
We have been having problems with individuals hacking other computers and staff downloading non-approved software.  Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things.

So, the next best thing is tracking software.  I'm interested in something like a key logger but I need to be able to have symantec ignore the software also.  Of course it needs to be a network-approved software.

We run Windows Server 2003.  Exchange.  We host our own e-mail.  We have approximately 50 users.  Each workstation this is to be placed on runs Windows XPP and Symantec Client Security.

I would appreciate any and all thoughts.  Have you tried it.  Does it work.  How accurate, etc.
0
Comment
Question by:lkretzBK
7 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 22845320
If you are running SAV Corporate client, then you can go into the console and tell it which applications to ignore.  Anything that you pick, it can ignore, but I think your getting yourself in a uncomfortable position by bringing keyloggers into your environment.  There are management utilities out there that can protect against that stuff without recording everything that the employees are doing.
0
 
LVL 11

Expert Comment

by:knoxzoo
ID: 22845706
Spiceworks monitors software installed on systems.  

www.spiceworks.com
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 240 total points
ID: 22845852
SpectorSoft.com  has two business versions: SpectorCNE and Spector360.  They also have consumer editions that are good to use on your home computer.

They perform keyword alerts, key logging and stats, web stats, application usage, idle time, many others.  Tons of reports.  Interface is full of information right out of the box.

Installation documentation has instructions for Symantec exceptions to ignore the agent.

Also, newest version has optional password masking (overrides keystroke logging for logins) and ability to maintain collection on remote computers like traveling laptops or remote workers.

Have had very few tech support calls over the past few years.  Most of them about migration of database, upgrades, and anti-virus killing the agent.  Support is great.  Highly recommend it.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 44

Expert Comment

by:scrathcyboy
ID: 22846546
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 240 total points
ID: 22846757
>Keyloggers are not really "legitimate" as you call it, they are spyware.

It all depends on the application of the technology.  Eye of the beholder, you could call it.

In verifiable data-entry, it is a requirement.  Multiple operators input same data within time constraints.  Keystroke analysis will give a pass/fail to the data entered.

Keystroke logging can also be used for typing rate analysis.  Accuracy.  Speed. Use of the backspace or delete keys.

In some environments, forensic analysis is enhanced by keystroke logging.  I, personally, have found the source of a virus infection by analyzing the forensic data recorded by SpectorSoft.  Tracked the activity down to the user, exact e-mail, and web site link.  Further analysis showed that the malware installation was not deliberate.  Proper resolution was removal of software, one-on-one meeting explaining cause of problem, group meeting explaining new exploit modes.

The work environment and proper disclosure are necessary, of course.  A work environment may include access control, security cameras, e-mail archiving & monitoring, web usage reporting, web content filtering, chat blocking or filtering, keyword analysis and alerting.  Keystroke logging has a place.  But definitely not in all environments.

It's just a tool.   Like video cameras.  They can be used or abused.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 80 total points
ID: 22850662
Well your users seem to have no regard for the rules... "hacking other computers" and "non-approved software". The best thing you can do is reign them back in, publish your acceptable use policies, have the users sign off that they have read and understood that their actions can and will have consequences. If you need a good AUP to start with, try all the various policies you can find here: http://www.sans.org/resources/policies/#template
Then you should follow through with the policies so that word spreads that your actually enforcing the rules. If symantec can't keep them from installing software, then perhaps you should consider getting ZoneAlarm or McAfee which can, and they also use a seperate password and can deny anyone the ability to install unless the additional password is provided.
-rich
0
 
LVL 19

Accepted Solution

by:
CoccoBill earned 180 total points
ID: 22866650
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

Actually there are very few applications that require admin privileges, most of the time user or power user privileges are enough when you find out exactly what in the application requires administrative rights. Typically this is something silly like a one-time registry key write under HKLM on first start of the software. Use filemon and regmon to find out exactly what the software is trying to do and only grant the users access to the appropriate files/registry keys.

http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx

"That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software."

Where did it say the applications in question were MS? If a software vendor writes an app against MS's specification (yes, the specs say where software should and should not write, and that apps should work with user privileges) I don't see why you're blaming MS. It's quite as easy to write software for Linux or any other OS that requires admin/root access.[/rant]
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
The viewer will learn how to set up a document for the web and print and the recommended PPI for printing.
This video will demonstrate how to find the puppet warp tool from the edit menu and where to put the points to edit.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now