Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defense Against Corporate Spyware


  • Please log in to reply
3 replies to this topic

#1 paul4131

paul4131

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 13 June 2009 - 02:01 PM

I'm currently working for a company that has aggressive monitoring, keylogging, password hacking, network sniffing, and other security measures in place. The company is quite open about using these techniques. I am an independent contractor, using my own equipment, and should not have my system compromised by these measures. Of course, I realize any traffic over their network can be sniffed, and that's OK with me. I'm concerned that some of their monitoring code has found its way onto my machine, which could create a liability for me regarding my other clients.

My question: How can I be sure I haven't been compromised?

I'm running Vista Ultimate, McAfee Security Center. Downloaded HJT and ran a scan but not sure about the results. The folks this company employs to do this are TS / SCI clearance ex-government types ... I'm concerned they are using something better than the "off the shelf" monitoring / keylogging applications.

Any help regarding how to approach this is greatly appreciated.

Regards,
Paul

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:50 PM

Posted 13 June 2009 - 04:08 PM

Hi Paul and welcome to BC.

I think the best advice here is to meet with the companies IT staff and ask them about it.

This is one of the grey areas of the IT world. It is your equipment, but you have agreed to their terms by using their network. While I understand your question is most likely legitimate, there are others who may read this topic and use the information for less savory reasons.

You may wish to view some of the threads in this forum and use the standard fixes for malware of SuperAntiSpyware, Malwarebytes, and DrWebCureit.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 paul4131

paul4131
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 June 2009 - 11:29 AM

Thanks for the quick feedback. I did speak to the management of the company at the outset of this engagement and explained that while I respect their right to monitor everything that belongs to the company, I could not allow access to my equipment. They said they do not access the personal equipment of Independent Contractors. However, I have come to believe that the IT security personnel (perhaps without authorization) have compromised my computer, and other IC's. If this turns out to be baseless, and I'm just being paranoid, I don't want to escalate the issue. Thus, I am trying to see for myself.

The only contractual agreement that exist between me and the company is MY Independent Contractor Agreement, crafted by my lawyer, which does not provide the company with any rights of access to my equipment (or any other special rights). They have not provided, nor have I agreed to, any specific "terms" to use their network. However, as a practical matter, I think they are perfectly within their rights to monitor any traffic across their network. My issue is that their rights stop at the end of the plug ... they cannot legitimately compromise my computer.

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:50 PM

Posted 14 June 2009 - 05:31 PM

I understand Paul. Let me consult my mentors for direction. Hang in there. :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users