Helping people with computers... one answer at a time.
Monitoring software, used by parents and corporations, act very much like spyware. Ideally anti-spyware tools will tell you if they're installed.
Many of my client's install spyware and monitoring programs such as "eBlaster" on their PCs for various reasons. How can one tell if such a hidden program has been added to their machine?
We talk a lot about spyware, and typically what we're talking about is true malware: software that's been installed with malicious intent. Keystroke loggers, phishing redirectors and the like; all designed by bad people to do bad things.
What we're talking about here though, is what I'll call "legitimate" spyware. Tools that are available to computer owners that "spy" on the computer user to keep tabs on what they're up to.
The most common scenarios for legitimate spyware are parents keeping an eye on their children's computer use, and corporations keeping an eye on their employees activities.
This class of programs is, ultimately, still spyware in the same sense that malware classified as spyware is. There's a limited set of tricks to hiding - complex, obscure and crafty, but limited. Ultimately that means that the same techniques that expose malware should, in theory, also expose "legitimate" spyware.
What I can't say is whether any current specific anti-spyware software will detect any current specific spyware or monitoring package. It's a game of cat and mouse in the malware world, but in the "legitimate" spyware arena I'm actually not sure at all how it plays out.
Legitimate spyware vendors often avoid addressing that issue, meaning that they fail to answer whether their package can be detected by current anti-spyware programs. But most also indicate that people should be told that it's been installed.
That kind of absolves them of needing to be 100% hidden in the face of anti-spyware tools.
That's all a lot of not answering your question.
If faced with the issue myself I would at a minimum scan with a couple of different respected anti-spyware packages, and then make sure to also scan using a rootkit detection tool such as Rootkit Revealer (rootkits are a form of advanced hiding technology).
If all those come up clean I'd start to feel better, but if still concerned, and if resources are available, I'd start monitoring network traffic in and out of the suspect machine.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.