?
Solved

Legitimate Tracking Software

Posted on 2008-10-30
7
Medium Priority
?
455 Views
Last Modified: 2013-12-04
We have been having problems with individuals hacking other computers and staff downloading non-approved software.  Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things.

So, the next best thing is tracking software.  I'm interested in something like a key logger but I need to be able to have symantec ignore the software also.  Of course it needs to be a network-approved software.

We run Windows Server 2003.  Exchange.  We host our own e-mail.  We have approximately 50 users.  Each workstation this is to be placed on runs Windows XPP and Symantec Client Security.

I would appreciate any and all thoughts.  Have you tried it.  Does it work.  How accurate, etc.
0
Comment
Question by:lkretzBK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 22845320
If you are running SAV Corporate client, then you can go into the console and tell it which applications to ignore.  Anything that you pick, it can ignore, but I think your getting yourself in a uncomfortable position by bringing keyloggers into your environment.  There are management utilities out there that can protect against that stuff without recording everything that the employees are doing.
0
 
LVL 11

Expert Comment

by:knoxzoo
ID: 22845706
Spiceworks monitors software installed on systems.  

www.spiceworks.com
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 960 total points
ID: 22845852
SpectorSoft.com  has two business versions: SpectorCNE and Spector360.  They also have consumer editions that are good to use on your home computer.

They perform keyword alerts, key logging and stats, web stats, application usage, idle time, many others.  Tons of reports.  Interface is full of information right out of the box.

Installation documentation has instructions for Symantec exceptions to ignore the agent.

Also, newest version has optional password masking (overrides keystroke logging for logins) and ability to maintain collection on remote computers like traveling laptops or remote workers.

Have had very few tech support calls over the past few years.  Most of them about migration of database, upgrades, and anti-virus killing the agent.  Support is great.  Highly recommend it.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 44

Expert Comment

by:scrathcyboy
ID: 22846546
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 960 total points
ID: 22846757
>Keyloggers are not really "legitimate" as you call it, they are spyware.

It all depends on the application of the technology.  Eye of the beholder, you could call it.

In verifiable data-entry, it is a requirement.  Multiple operators input same data within time constraints.  Keystroke analysis will give a pass/fail to the data entered.

Keystroke logging can also be used for typing rate analysis.  Accuracy.  Speed. Use of the backspace or delete keys.

In some environments, forensic analysis is enhanced by keystroke logging.  I, personally, have found the source of a virus infection by analyzing the forensic data recorded by SpectorSoft.  Tracked the activity down to the user, exact e-mail, and web site link.  Further analysis showed that the malware installation was not deliberate.  Proper resolution was removal of software, one-on-one meeting explaining cause of problem, group meeting explaining new exploit modes.

The work environment and proper disclosure are necessary, of course.  A work environment may include access control, security cameras, e-mail archiving & monitoring, web usage reporting, web content filtering, chat blocking or filtering, keyword analysis and alerting.  Keystroke logging has a place.  But definitely not in all environments.

It's just a tool.   Like video cameras.  They can be used or abused.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 320 total points
ID: 22850662
Well your users seem to have no regard for the rules... "hacking other computers" and "non-approved software". The best thing you can do is reign them back in, publish your acceptable use policies, have the users sign off that they have read and understood that their actions can and will have consequences. If you need a good AUP to start with, try all the various policies you can find here: http://www.sans.org/resources/policies/#template
Then you should follow through with the policies so that word spreads that your actually enforcing the rules. If symantec can't keep them from installing software, then perhaps you should consider getting ZoneAlarm or McAfee which can, and they also use a seperate password and can deny anyone the ability to install unless the additional password is provided.
-rich
0
 
LVL 19

Accepted Solution

by:
CoccoBill earned 720 total points
ID: 22866650
"Due to various software that requires the user to have administrative rights on their computer, I can't keep them from downloading and installing things."

Actually there are very few applications that require admin privileges, most of the time user or power user privileges are enough when you find out exactly what in the application requires administrative rights. Typically this is something silly like a one-time registry key write under HKLM on first start of the software. Use filemon and regmon to find out exactly what the software is trying to do and only grant the users access to the appropriate files/registry keys.

http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx

"That is the biggest fatal flaw in all new Microsoft software.  If you were on Linux, this would be a non issue.  Keyloggers are not really "legitimate" as you call it, they are spyware.  The problem is M$ software."

Where did it say the applications in question were MS? If a software vendor writes an app against MS's specification (yes, the specs say where software should and should not write, and that apps should work with user privileges) I don't see why you're blaming MS. It's quite as easy to write software for Linux or any other OS that requires admin/root access.[/rant]
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question