How can I be sure that there isn't "legitimate" spyware on my machine?

Home » Viruses and Malware » Spyware

Summary: Monitoring software, used by parents and corporations, act very much like spyware. Ideally anti-spyware tools will tell you if they're installed.

Many of my client's install spyware and monitoring programs such as "eBlaster" on their PCs for various reasons. How can one tell if such a hidden program has been added to their machine?

We talk a lot about spyware, and typically what we're talking about is true malware: software that's been installed with malicious intent. Keystroke loggers, phishing redirectors and the like; all designed by bad people to do bad things.

What we're talking about here though, is what I'll call "legitimate" spyware. Tools that are available to computer owners that "spy" on the computer user to keep tabs on what they're up to.

•

The most common scenarios for legitimate spyware are parents keeping an eye on their children's computer use, and corporations keeping an eye on their employees activities.

This class of programs is, ultimately, still spyware in the same sense that malware classified as spyware is. There's a limited set of tricks to hiding - complex, obscure and crafty, but limited. Ultimately that means that the same techniques that expose malware should, in theory, also expose "legitimate" spyware.

What I can't say is whether any current specific anti-spyware software will detect any current specific spyware or monitoring package. It's a game of cat and mouse in the malware world, but in the "legitimate" spyware arena I'm actually not sure at all how it plays out.

"This class of programs is, ultimately, still spyware in the same sense that malware classified as spyware is."

Legitimate spyware vendors often avoid addressing that issue, meaning that they fail to answer whether their package can be detected by current anti-spyware programs. But most also indicate that people should be told that it's been installed.

That kind of absolves them of needing to be 100% hidden in the face of anti-spyware tools.

That's all a lot of not answering your question. Smile

If faced with the issue myself I would at a minimum scan with a couple of different respected anti-spyware packages, and then make sure to also scan using a rootkit detection tool such as Rootkit Revealer (rootkits are a form of advanced hiding technology).

If all those come up clean I'd start to feel better, but if still concerned, and if resources are available, I'd start monitoring network traffic in and out of the suspect machine.

Related:

Ask Leo! - Spyware: How do I remove and avoid spyware?
Ask Leo! - So just how sneaky can spyware be?
Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?

More articles about: Spyware

Article Useful? Link to it from your own website; just copy/paste this HTML:
<a href="http://ask-leo.com/how_can_i_be_sure_that_there_isnt_legitimate_spyware_on_my_machine.html">Ask Leo: How can I be sure that there isn't "legitimate" spyware on my machine?</a>

Article 12227 | Posted February 12, 2008

•

Recent Comments

www.spycop.com. We detect ONLY commercially available spy software like eBlaster. We also tested all the major players against our database and found that none of them detected more than half.

Best Regards,
Grey

Posted by: Grey McKenzie at February 12, 2008 04:03 PM

Post a comment on "How can I be sure that there isn't "legitimate" spyware on my machine?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments:

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...