Helping people with computers... one answer at a time.

Monitoring software, used by parents and corporations, act very much like spyware. Ideally anti-spyware tools will tell you if they're installed.

Many of my client's install spyware and monitoring programs such as "eBlaster" on their PCs for various reasons. How can one tell if such a hidden program has been added to their machine?

We talk a lot about spyware, and typically what we're talking about is true malware: software that's been installed with malicious intent. Keystroke loggers, phishing redirectors and the like; all designed by bad people to do bad things.

What we're talking about here though, is what I'll call "legitimate" spyware. Tools that are available to computer owners that "spy" on the computer user to keep tabs on what they're up to.

The most common scenarios for legitimate spyware are parents keeping an eye on their children's computer use, and corporations keeping an eye on their employees activities.

This class of programs is, ultimately, still spyware in the same sense that malware classified as spyware is. There's a limited set of tricks to hiding - complex, obscure and crafty, but limited. Ultimately that means that the same techniques that expose malware should, in theory, also expose "legitimate" spyware.

What I can't say is whether any current specific anti-spyware software will detect any current specific spyware or monitoring package. It's a game of cat and mouse in the malware world, but in the "legitimate" spyware arena I'm actually not sure at all how it plays out.

"This class of programs is, ultimately, still spyware in the same sense that malware classified as spyware is."

Legitimate spyware vendors often avoid addressing that issue, meaning that they fail to answer whether their package can be detected by current anti-spyware programs. But most also indicate that people should be told that it's been installed.

That kind of absolves them of needing to be 100% hidden in the face of anti-spyware tools.

That's all a lot of not answering your question. Smile

If faced with the issue myself I would at a minimum scan with a couple of different respected anti-spyware packages, and then make sure to also scan using a rootkit detection tool such as Rootkit Revealer (rootkits are a form of advanced hiding technology).

If all those come up clean I'd start to feel better, but if still concerned, and if resources are available, I'd start monitoring network traffic in and out of the suspect machine.

Article C3290 - February 12, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Grey McKenzie
February 12, 2008 4:03 PM We detect ONLY commercially available spy software like eBlaster. We also tested all the major players against our database and found that none of them detected more than half.

Best Regards,

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.