• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 423
  • Last Modified:

Monitoring Software

Dear Experts,

As you know the idea of monitoring applications that lets you see what other doing in their system such as your children is very good way, but from security point of view, the applications uses Spyware and rootkits techniques to capture, monitor and hide from target users.

Some of applications I found are Spector Pro and eBlaster :
http://www.spectorsoft.com/products/SpectorPro_Windows/index.asp

So, the question is that is it safe to use these monitoring applications in your systems and how can you be sure that the same data you received from target (website visited, IM, email ...) it will not send to someone else ! or used the system to something more dangerous. Is there any suggestions to get the benefits of monitoring software as well as be secure ?

As I know there is no open source applications that works under windows for monitoring which will be the best secure option, Waiting for Experts.

Thanks in advance.
Regards.
0
G_API
Asked:
G_API
3 Solutions
 
Cyclops3590Commented:
very good question. unfortunately unless your a forensics experts, I doubt you'll ever be very confident in your security.

a couple of suggestions that I can think of to help try to detect odd behavior are:
 - RootkitRevealer - finds rootkits
 - ntop/wireshark - recommend ntop though, but something that can sniff traffic that is going into your firewall so you can analyze it to see if its coming from your app
 - various PSTools - MS bought out sysinternals, but they have great tools like Filemon, TcpView that give a view of files and network connections going on
                             - can't remember which one, but i know there is one that lets you run commands remotely so you can do netstat's and compare against traffic as well which helps detect rootkit style traffic
- tripwire - while there is no tripwire free version for windows, the basic idea is something that keeps track of and alerts on any system changes
 - central log server - keep logs in a central protected area to ensure they aren't corrupted for when you go thru them or have them aggregated with something similar to logwatch


there are many tools out there, many are linux based.  but you get the point, you have to monitor basically every section of the network and systems the spyware app would be ran as well as ensure any logs are securely kept for later review.
0
 
G_APIAuthor Commented:
Hi Cyclops3590,
Sorry for the delay, You comment listing some of security tools that used by professionals or advance users. my question is different, how can the normal user be sure the monitoring applications works as he think, I guess the only way is used an open source tools so is there any open source tools for windows ?
0
 
Cyclops3590Commented:
not really that I'm aware of.  most are created for linux and might be ported.

however, those tools I listed are to accomplish what you want. sorry, but the normal user does not have the skills necessary to verify monitoring apps work as advertised.  only by thoroughly monitoring what the system is doing and is sending on the network can you actually verify its actions.  and if it acts like a rootkit, then this makes it more difficult.  as a result, you need higher level tools that require a larger setup and skill level to know what is going on.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
G_APIAuthor Commented:
Still Waiting for experts :)
0
 
TolomirAdministratorCommented:
Well, it might be a start to use a hardware keylogger (plugged on the keyboard, that stores all information but cannot send anything into the internet) And use a hidden hi-res camera that simply records anything on the monitor.

This way you got a way to be certain the monitoring devices cannot interfere with your intentions.

Tolomir
0
 
aleghartCommented:
G_API,  we've been using SpectorSoft products for a while.  Pro and 360.  They have single-user versions for Windows and Mac that do something similar.  The network product utilized one or more servers for storage and reporting/alerting.

Never had any functional problems at the desktops, except with some anti-virus products (namely Symantec). Had to create an exception rule and deploy to each workstation to stop the AV product from disabling the monitoring software.

>how can you be sure that the same data you received...will not send to someone else !

Well, that's an administrator's problem.  Yes, you _can_ configure the software to e-mail alerts to prez@whitehouse.gov ... but that's not the fault of the software.  That's an admin/configuration error.

Do you mean...how can you be sure that the software manufacturer is not stealing your data?  You can't, really.  You'd have to have network monitoring software recording traffic for several days or weeks.  Chunks of data are saved for periodic upload to the monitoring/storage server, so even laptops that are not LAN connected can forward data back to the central server.

The question becomes, do you trust the vendor?  If "open source" (which I'm interpreting to mostly mean "free"), is the assumed transparency in development ensuring safety, and is it support-able in a multi-user environment.  Meaning...one install on your own personal computer crashes...no big deal.  Fifty workstations and a half-dozen servers are down or negative impact on performance...who gets the call?

It's best to document your needs first.  No different than a physical security system.  What is the purpose of that door?  Is that hollow core sufficient?  Hinges?  Frame?  Lockset?  Cheap Home Depot parts OK, or do we need institutional-grade?
0
 
G_APIAuthor Commented:
Dear Tolomir and aleghart,

Thank you both for your reply, yes you both right as Its hard to detect and I guess in my opinion the only thing you can do is to trust them about what they said :)

Thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now