Monitoring Software

Dear Experts,

As you know the idea of monitoring applications that lets you see what other doing in their system such as your children is very good way, but from security point of view, the applications uses Spyware and rootkits techniques to capture, monitor and hide from target users.

Some of applications I found are Spector Pro and eBlaster :

So, the question is that is it safe to use these monitoring applications in your systems and how can you be sure that the same data you received from target (website visited, IM, email ...) it will not send to someone else ! or used the system to something more dangerous. Is there any suggestions to get the benefits of monitoring software as well as be secure ?

As I know there is no open source applications that works under windows for monitoring which will be the best secure option, Waiting for Experts.

Thanks in advance.
Who is Participating?
Well, it might be a start to use a hardware keylogger (plugged on the keyboard, that stores all information but cannot send anything into the internet) And use a hidden hi-res camera that simply records anything on the monitor.

This way you got a way to be certain the monitoring devices cannot interfere with your intentions.

very good question. unfortunately unless your a forensics experts, I doubt you'll ever be very confident in your security.

a couple of suggestions that I can think of to help try to detect odd behavior are:
 - RootkitRevealer - finds rootkits
 - ntop/wireshark - recommend ntop though, but something that can sniff traffic that is going into your firewall so you can analyze it to see if its coming from your app
 - various PSTools - MS bought out sysinternals, but they have great tools like Filemon, TcpView that give a view of files and network connections going on
                             - can't remember which one, but i know there is one that lets you run commands remotely so you can do netstat's and compare against traffic as well which helps detect rootkit style traffic
- tripwire - while there is no tripwire free version for windows, the basic idea is something that keeps track of and alerts on any system changes
 - central log server - keep logs in a central protected area to ensure they aren't corrupted for when you go thru them or have them aggregated with something similar to logwatch

there are many tools out there, many are linux based.  but you get the point, you have to monitor basically every section of the network and systems the spyware app would be ran as well as ensure any logs are securely kept for later review.
G_APIAuthor Commented:
Hi Cyclops3590,
Sorry for the delay, You comment listing some of security tools that used by professionals or advance users. my question is different, how can the normal user be sure the monitoring applications works as he think, I guess the only way is used an open source tools so is there any open source tools for windows ?
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

not really that I'm aware of.  most are created for linux and might be ported.

however, those tools I listed are to accomplish what you want. sorry, but the normal user does not have the skills necessary to verify monitoring apps work as advertised.  only by thoroughly monitoring what the system is doing and is sending on the network can you actually verify its actions.  and if it acts like a rootkit, then this makes it more difficult.  as a result, you need higher level tools that require a larger setup and skill level to know what is going on.
G_APIAuthor Commented:
Still Waiting for experts :)
G_API,  we've been using SpectorSoft products for a while.  Pro and 360.  They have single-user versions for Windows and Mac that do something similar.  The network product utilized one or more servers for storage and reporting/alerting.

Never had any functional problems at the desktops, except with some anti-virus products (namely Symantec). Had to create an exception rule and deploy to each workstation to stop the AV product from disabling the monitoring software.

>how can you be sure that the same data you received...will not send to someone else !

Well, that's an administrator's problem.  Yes, you _can_ configure the software to e-mail alerts to ... but that's not the fault of the software.  That's an admin/configuration error.

Do you can you be sure that the software manufacturer is not stealing your data?  You can't, really.  You'd have to have network monitoring software recording traffic for several days or weeks.  Chunks of data are saved for periodic upload to the monitoring/storage server, so even laptops that are not LAN connected can forward data back to the central server.

The question becomes, do you trust the vendor?  If "open source" (which I'm interpreting to mostly mean "free"), is the assumed transparency in development ensuring safety, and is it support-able in a multi-user environment. install on your own personal computer big deal.  Fifty workstations and a half-dozen servers are down or negative impact on performance...who gets the call?

It's best to document your needs first.  No different than a physical security system.  What is the purpose of that door?  Is that hollow core sufficient?  Hinges?  Frame?  Lockset?  Cheap Home Depot parts OK, or do we need institutional-grade?
G_APIAuthor Commented:
Dear Tolomir and aleghart,

Thank you both for your reply, yes you both right as Its hard to detect and I guess in my opinion the only thing you can do is to trust them about what they said :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.