PC Monitoring Software

kaizersoze

A customer has asked me to install some sort of monitoring software on his office pc. I've never been asked to do that before so I'm not sure what software to use. I've been searching online but there's so many that claim to be the best.
It needs to be 100% covert, record all usage incl file access, emails, internet usage incl messenger & facebook chats and twitter etc. Remote live monitoring would be nice if possible.

Can anyone recommend a package? Free would be nice but he doesn't mind paying.

LoLth

I may have initially misread your post: is the customer wantign to monitor his own home Pc or is the customer a business owner wanting to monitor a user in the workplace?

Covert monitoring of the users' pc may not actually be legal. iirc, you have to inform the user of any monitoring that will be implemented, it has to be implemented equally and proportionately (ie: you cant pick on one user without evidence) even then, is there an acceptable use policy that the user has been made aware of and has agreed to?

messenger & facebook chats

If the user can access these utilities and uses a username and password to initiate them, then you DEFINITELY do not want to monitor what is being written. Its a breach of privacy pure and simple. Not just of the user but also of whoever the user is talking to.

You may want to inform your customer of these potential issues before you agree to install monitoring software. Invasion of privacy can take place at work as well and the monitoring you are describing above would definitely breach any privacy that the employee may take as a given, what happens if your customer reads a personal email the user receives or composes?

cheap and cheerful (but not great) route: http://support.microsoft.com/kb/310399

alternatively, I'm sure companies like websense or GFI would have a paid, more useful option.

A better, and cheaper, option is to (as the data protection commissioner suggests) PREVENT rather than monitor. Throw in an ISA server and block traffic at an application layer level or a decent firewall and block it at the network level. Include lists of known proxy sites that can bypass access control. Issue an Acceptable use policy and make sure all employees agree to it. educate employees on what htey can and cant do and inform them of monitoring policies so they *know* they cant expect to do personal things on the work PCs. Its a hazy area but spying on employees (and covert monitoring *is* spying) will never go down well if a dismissal or disciplinary action ends up in labour court.

kaizersoze

Thanks.
My customer has a business and it's one of the office pc's he wants to monitor. Employees have been notified that pc usage is going to be monitored. No single user is being targeted but it's just being put on the main back office pc atm as a test to find the best solution.

There is currently an AUP in place which is basically ignored. We already tried various blocking methods but they're too restrictive. The company uses facebook, twitter, gmail and hotmail so it's not practical to block access to these sites. He has no interest in personal emails or FB accounts just the business related stuff.

LoLth

kaizersoze wrote: »

There is currently an AUP in place which is basically ignored. We already tried various blocking methods but they're too restrictive. The company uses facebook, twitter, gmail and hotmail so it's not practical to block access to these sites. He has no interest in personal emails or FB accounts just the business related stuff.

well, defintiely seek legal advise before putting anything into operation.

for guidelines have a look at:

http://www.dataprotection.ie/viewdoc.asp?DocID=208

While your customer may have no interest in personal mails or facebook accounts he may accidentally become aware of the content through the monitoring activity. While the DPC guidelines are just that, guidelines, they are based on European legislation and are referenced by the legal system when weighing the details of a complaint.

from the DPC guide:

•A balance is required between the legitimate rights of employers and the personal privacy rights of employees

remote monitoring of desktop activity could possibly go against this

•Any monitoring activity should be transparent to workers

there goes the covert part

•Monitoring should be fair and proportionate with prevention being more important than detection.

the monitoring you describe is more detection based than prevention so thats this guideline broken as well.

however, i am not a lawyer so if you take anythign away from thsi post it would be, talk to someone who knows about this sort of thing in a professional capacity, or at least advise your customer to, before making any decisions. While I am sure the vendors of monitoring products knwo the legalities inside out, I'd be more inclined to talk to a solicitor as they have less of a sales driven outlook on the answers they provide.

kaizersoze

Thanks LoLth.

Legalities aside can anyone recommend a good program?