Monitoring Software

Posted on 2009-12-16
Last Modified: 2013-12-04
Dear Experts,

As you know the idea of monitoring applications that lets you see what other doing in their system such as your children is very good way, but from security point of view, the applications uses Spyware and rootkits techniques to capture, monitor and hide from target users.

Some of applications I found are Spector Pro and eBlaster :

So, the question is that is it safe to use these monitoring applications in your systems and how can you be sure that the same data you received from target (website visited, IM, email ...) it will not send to someone else ! or used the system to something more dangerous. Is there any suggestions to get the benefits of monitoring software as well as be secure ?

As I know there is no open source applications that works under windows for monitoring which will be the best secure option, Waiting for Experts.

Thanks in advance.
Question by:G_API
    LVL 25

    Expert Comment

    very good question. unfortunately unless your a forensics experts, I doubt you'll ever be very confident in your security.

    a couple of suggestions that I can think of to help try to detect odd behavior are:
     - RootkitRevealer - finds rootkits
     - ntop/wireshark - recommend ntop though, but something that can sniff traffic that is going into your firewall so you can analyze it to see if its coming from your app
     - various PSTools - MS bought out sysinternals, but they have great tools like Filemon, TcpView that give a view of files and network connections going on
                                 - can't remember which one, but i know there is one that lets you run commands remotely so you can do netstat's and compare against traffic as well which helps detect rootkit style traffic
    - tripwire - while there is no tripwire free version for windows, the basic idea is something that keeps track of and alerts on any system changes
     - central log server - keep logs in a central protected area to ensure they aren't corrupted for when you go thru them or have them aggregated with something similar to logwatch

    there are many tools out there, many are linux based.  but you get the point, you have to monitor basically every section of the network and systems the spyware app would be ran as well as ensure any logs are securely kept for later review.

    Author Comment

    Hi Cyclops3590,
    Sorry for the delay, You comment listing some of security tools that used by professionals or advance users. my question is different, how can the normal user be sure the monitoring applications works as he think, I guess the only way is used an open source tools so is there any open source tools for windows ?
    LVL 25

    Assisted Solution

    not really that I'm aware of.  most are created for linux and might be ported.

    however, those tools I listed are to accomplish what you want. sorry, but the normal user does not have the skills necessary to verify monitoring apps work as advertised.  only by thoroughly monitoring what the system is doing and is sending on the network can you actually verify its actions.  and if it acts like a rootkit, then this makes it more difficult.  as a result, you need higher level tools that require a larger setup and skill level to know what is going on.

    Author Comment

    Still Waiting for experts :)
    LVL 27

    Accepted Solution

    Well, it might be a start to use a hardware keylogger (plugged on the keyboard, that stores all information but cannot send anything into the internet) And use a hidden hi-res camera that simply records anything on the monitor.

    This way you got a way to be certain the monitoring devices cannot interfere with your intentions.

    LVL 32

    Assisted Solution

    G_API,  we've been using SpectorSoft products for a while.  Pro and 360.  They have single-user versions for Windows and Mac that do something similar.  The network product utilized one or more servers for storage and reporting/alerting.

    Never had any functional problems at the desktops, except with some anti-virus products (namely Symantec). Had to create an exception rule and deploy to each workstation to stop the AV product from disabling the monitoring software.

    >how can you be sure that the same data you received...will not send to someone else !

    Well, that's an administrator's problem.  Yes, you _can_ configure the software to e-mail alerts to ... but that's not the fault of the software.  That's an admin/configuration error.

    Do you can you be sure that the software manufacturer is not stealing your data?  You can't, really.  You'd have to have network monitoring software recording traffic for several days or weeks.  Chunks of data are saved for periodic upload to the monitoring/storage server, so even laptops that are not LAN connected can forward data back to the central server.

    The question becomes, do you trust the vendor?  If "open source" (which I'm interpreting to mostly mean "free"), is the assumed transparency in development ensuring safety, and is it support-able in a multi-user environment. install on your own personal computer big deal.  Fifty workstations and a half-dozen servers are down or negative impact on performance...who gets the call?

    It's best to document your needs first.  No different than a physical security system.  What is the purpose of that door?  Is that hollow core sufficient?  Hinges?  Frame?  Lockset?  Cheap Home Depot parts OK, or do we need institutional-grade?

    Author Comment

    Dear Tolomir and aleghart,

    Thank you both for your reply, yes you both right as Its hard to detect and I guess in my opinion the only thing you can do is to trust them about what they said :)


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now