Key Logger Software

alfoxy

Hey All,

Does anyone have any suggestions for the best Keylogger software (free or not) for use on an office network. Im in charge of security and would like to know more about what some employees are at.

Any suggestions/advice would be greatly appreciated

Thanks

Al

daywalker

have a look at the security tools here

http://www.astalavista.com/index.php?section=directory&id=5

dlofnep

Alfoxy, would that not conflict with your privacy act?

alfoxy

Nah! Its Ok once they dont find out about it.
Do you have a better suggestion?

dlofnep

alfoxy wrote:

Nah! Its Ok once they dont find out about it.

No it's not ok.

daywalker

you must inform staff that their computer usage is monitored, whether constantly or through random checks.

dlofnep

By the looks of it, he doesn't plan on doing so. Such neglect for the privacy of employees. If I worked there, I'd report it.

alfoxy

If you worked here you couldnt report me because I wouldnt have told you!

Employee privacy is like giving a kid a loaded gun and telling him not to shoot it.

Blub2k4

alfoxy wrote:

If you worked here you couldnt report me because I wouldnt have told you!

Employee privacy is like giving a kid a loaded gun and telling him not to shoot it.

And giving clueless admins rights to the whole organisation is akin to .......


You wont be able to use any of the information anyway, so all you can do is get your jollies sniffing their email and personal convos, nice one.

daywalker

alfoxy wrote:

If you worked here you couldnt report me because I wouldnt have told you!

Employee privacy is like giving a kid a loaded gun and telling him not to shoot it.

yeah but if someone was to find out and secrets are very hard to keep in an office environment(people talk) the company could potentially be sued for invasion of privacy.

a notice for standard computer usage monitoring is a protection instituted by companies for the protection of its interests and also to protect employees so that they know exactly what is or is not tolerated on company property. anyone that then violates these rules, cannot reproach the company for not informing them.

alfoxy

Thanks Daywalker,
A much more useful post than Blub2k4 or dlofnep

And no I couldnt give a fk about their personal crap. I worry about my companys price lists, customer lists, etc being sent out to compeditors. If that happens my company would loose money, then I we could be all out of a job. By monitoring all employees I am doing my best to protect them and the company.

I have taken Daywalker's comments on board.

The others should get real. Your morals are all well and good on a forum but useless inb the realworld. Im protecting people.

Thats my opinion anyway

Blub2k4

Protecting yourself, what do you intend to do with the information when you get it? Fire them for what, on the basis of illegally collected information?
Real world my arse, in the real world they sign a security policy document that the admin spends time compiling and within which states that their usage is monitored and sometimes recorded and signed off by them, possibly even an NDA, the lazy way is to implement it illegally as you wish to....good luck with it.

electric69

All key loggers are completly illegal no matter what their desired means to be use for are.By installing a keylogger on the computers in question you are invaiding the employees rights and it is very simple for a keylogger 2 be located on a newtork,and if you do install a keylogger it would only be a matter of time before your company is sued because their security manager is obviously incapable of doing his job.

Any person that is working on computer security for a company would know how 2 monitor the traffic on the network and where and how it is being sent so either you are talking throught ur arse or else ur a very imcompetant security manager.

My guess is that you heard about the keyloggers on the news in the past few days and want 2 get 1 so u can spy on some people that you are infactuated by.

petes

Computer policy needs to be in place and signed by each employee as blub said. If not any information collected is a waste of time. And you are an admin? This is the first thing an employer should get the new employee to sign aswell as the contract of employment.

Hobart

alfoxy wrote:

Nah! Its Ok once they dont find out about it.
Do you have a better suggestion?

What an idiotic statement. I suggest you read up on what your job entails, before you get yourself or your employer into serious trouble.

Blub2k4

The damage done by someone suing could be a lot more than the damage done by leaked information to competitors.

I am really trying to help, just with an air of sarcasm, due to your attitude with regard to privacy and apparent cluelessness with regard to the implementation of a proper security policy which protects both your and your employees interests in a manner which can be backed up legally.

<edit> any script kiddie can find any number of keyloggers online in a matter of seconds without embarrassing themselves on a bulletin board in public btw.

Blub2k4

Here's a link from MS, I suggest that you read through it and perhaps learn something before you shoot yourself in the foot.

http://www.microsoft.com/technet/security/bestprac/bpent/sec1/secstrat.mspx

You can possibly move on from there to http://www.sans.org/resources/policies/

Now who said I wasn't helpful?

dlofnep

alfoxy wrote:

Thanks Daywalker,
A much more useful post than Blub2k4 or dlofnep

And no I couldnt give a fk about their personal crap. I worry about my companys price lists, customer lists, etc being sent out to compeditors. If that happens my company would loose money, then I we could be all out of a job. By monitoring all employees I am doing my best to protect them and the company.

I have taken Daywalker's comments on board.

The others should get real. Your morals are all well and good on a forum but useless inb the realworld. Im protecting people.

Thats my opinion anyway

Compeditors? You're about as much of a network admin as I am a ballet dancer. Let me guess, your girlfriend didn't meet you for pizza last night and now you're going to install a keylogger on her pc to see if she's meeting someone else?

Either way, you're breaching someone's privacy and nobody here is going to help you.

Blub2k4

dlofnep wrote:

Either way, you're breaching someone's privacy and nobody here is going to help you.

Honestly I think the links above would help him if he takes the time to read them, but I dont have much hope.....:rolleyes:

alfoxy

Thanks, the last few posts were useful.
My comment
"Nah! Its Ok once they dont find out about it."
Was sarcastic

The company is real, my motives are real. It doesnt matter what you think except that I asked for advise.
To some of you - thanks for some adult advise, rest - thanks for a bit of banter!

Bottom line
1) Write up a policy
2) ??????

Are keyloggers really illegal? If not has any one used one that they would reccomend?

Thats all I wanted to know

dlofnep

Software isn't illegal, it's how you use the software determines on whether it's illegal or not. For you to use a keylogger to record your own keystrokes is not illegal but to record data belonging to a person who has know prior knowledge or agreement over it is illegal. Just like it would be legal to use bitorrent to download free software, it is not legal to use it to download movies and so forth

ecksor

alfoxy wrote:

The others should get real. Your morals are all well and good on a forum but useless inb the realworld. Im protecting people.

The most useful response to yours seems to have been Blub24k's, but on balance most of the responses here seem to be on the ball.

Monitoring employees in this manner is definitely illegal and the amount of difficult situations you can get yourself and your company into by doing this is huge. What do you do if you find something that you weren't looking for but is inappropriate? How do you take action when you weren't supposed to be looking for anything in the first place? What if you find something illegal that now puts your business in a difficult situation between legally having to report said lawbreaking but in a business context knowing that it could seriously harm profits and shareholders?

I had one chap come to me a while ago who'd suspected that someone was doing inappropriate from a particular machine and upon taking a peek he realised that it was a hell of a lot dodgier than first suspected. Then he realised that he was in a hell of a pickle because he hadn't a clue what to do with the information, whether he had acquired it legally, didn't really want to have found out about it, etc etc. This is a bad spot to be in.

Seriously, if this is something that you are taking upon yourself to do, then don't. If you are being ordered to do it by a manager then encourage them to get legal advice on the matter. The advice I received in relation to this was in a different context but it is quite interested to watch blood pour out of a man's ears when you discuss the topic.

alfoxy

Thanks All,

That was an enlightening discussion.

Enjoy your weekend!

Al

Blub2k4

alfoxy wrote:

Thanks, the last few posts were useful.
My comment
"Nah! Its Ok once they dont find out about it."
Was sarcastic

The company is real, my motives are real. It doesnt matter what you think except that I asked for advise.
To some of you - thanks for some adult advise, rest - thanks for a bit of banter!

Bottom line
1) Write up a policy
2) ??????

Are keyloggers really illegal? If not has any one used one that they would reccomend?

Thats all I wanted to know

Once the employees understand that the hardware is yours and that the products on them and their time spent on them is yours and not their own then you can effectively do what you want.
You make it clear what their scope is and that anything outside of that is not allowed and will be prosecuted/dealt with accordingly according to the gravity of what they have done.
There are better ways than keyloggers as they just pick up a lot of white noise etc.
Start with what they have access to with regard to the local machine policy, do they need AOL or MSN or non-aproved tools to work? Is this where you suspect that the misdemeanours may be occuring? If so then the policy disallows chat tools, if they are using email you are allowed to read them all anyway, once they are aware. Start by locking down the largest problem, which traditionally is users with legitimate rights etc to the systems, not hackers etc.
Most security breaches are indeed internal.
The domain policy can stop installation of anything on their systems etc, leaving only the tools that you have installed that they need to work, hence you already have everything on them logged in one form or another.
That is where I would start, keyloggers are not the best way to deal with this in my opinion.
Lockdown the workstations and the domain correctly first then let them know that any changes to systems unauthorised are not sanctioned and a firing offence ( policy doc ) then you are half way there.

electric69

The keylogger is definately illegal...if i had a brute-force hacking tool or a dictionary hacking tool or illegally downloaded movies on my computer but i wasnt using or looking at it does that mean it is legal and the authorities cant touch me.......i think not!

Cabaal

If he is a sys admin, I'd imagine alfoxy won't be a sys admin for long with the atitude he has.

Of course a sys admin would have the sense to atleast use google to find info and wouldn't need to post on a message board like some 13 year old kid would who wants to spy on his sister.
:rolleyes:

some people....

hmmm

Agree with Cabaal re attitude. Some sysadmins seem to have the attitude that they are above the law and that their employees have no right to privacy. Employees do of course have certain privacy rights, in a corporate environment it is reasonably clear what you have to do to ensure that you are doing this in a legal manner.

Technically installing a keylogger is all well and good, just try to use it in a court case and you'll find out how useful your "evidence" was. Even better, fire someone on the basis of the evidence you collected and there will be a nice big payout coming their way when they sue you.

tech

How about installing ISA Server, and creating a group policy for all users,

Restrict Internet Accress using ISA also monitor it and control content,

Group Policies will stop ppl from installing programs, chaging local settings and messing up their pc's

You could also use a Sonicwal TZ 170 and install the sercurity gatewat to restrict access and content

you can use Advanded Exchnage options to track e-mails and you can also block users sending mails to certain domain's if required and also block attachments

You could also setup the likes on GFI Mail to do reporting mails sent and also block attacment from this

You can modify the registry to stop users from copying file onto removeable storage like usb pendrives and usb devices ..........

you can really lock things down nicely with the above

Please let me know what ye think guys

tech

is this thread gone dead?

conor-mr2

Came onto this a bit late I guess. Worked in IT audit for a number of years and this is a familiar situation.

ultimately Im probably repeating what was said already but Id like to add my 2 cents. The technical solutions to this problem are easy.
Its the legal implications that need to be on the ball.

Most organisations should have a well written Security policy that has been drawn up and reviewed by a legal dept or representative.
This policy should outline what the company is legally entitled to monitor and also should define what you as an employee of the company should and should not be doing with with the company's property, ie their computer that you are working at for example.
Ideally upon commencement of employment you should receive a copy of this policy, read it and sign it accepting that you have read and will abide by the policy.

from there on in the employee should be aware that there is a chance that all activities on their pc will be monitored.

HTH

rsynnott

Hmm, after viewing the OP's history, I don't think he has that many employees

nosmo

electric69 wrote:

The keylogger is definately illegal...if i had a brute-force hacking tool or a dictionary hacking tool or illegally downloaded movies on my computer but i wasnt using or looking at it does that mean it is legal and the authorities cant touch me.......i think not!

Correct me if I'm wrong here, but if I had a "brute-force hacking tool or a dictionary hacking tool" and I was using it on my own machines or machines I had been charged with securing, would I be breaking the law? Would this not be akin to carving knives being illegal despite the fact I was using them on the Sunday dinner?

Cake Fiend

It's not normally the tool itself that's illegal - it's the way in which it's used. A keylogger is not in itself illegal, just as a carving knife isn't. But a keylogger can potentially be used illegally, just as a carving knife can ('electric69' is wrong).

NutJob

You think hes realy a sysadmin ???? Dont they need an IT degree and 2-4 years experience or have i been applying to the wrong companies :-)

Blub2k4

electric69 wrote:

The keylogger is definately illegal...if i had a brute-force hacking tool or a dictionary hacking tool or illegally downloaded movies on my computer but i wasnt using or looking at it does that mean it is legal and the authorities cant touch me.......i think not!

Can you show us where you get this information from? Keyloggers are most definitely not illegal, I think you are mixing something up.
Your analogy with illegally downloaded movies or hacking tools does not even come close to applying in this situation.

the_syco

alfoxy wrote:

If you worked here you couldnt report me because I wouldnt have told you!

Trust me on this one: if you were logging my stuff, I'd know. If you didn't tell me, and I found out, I'd sue you. I'd then tell EVERYONE to check their credit card, to ensure no fruad has happened. If any has happened, weather or not it was you, you'd still be in deep sh|te, tbh.

And if you try to fire my ass for something you've found I've done? Well, lad, I'd use your evidence to sue you for unlawful sacking (cos you never told me you were spying on me). Then I'd sue you for invasion of privacy.

Oh, and when I sue you, you can safely bet that anyone would think twice about doing busniess with you.

nosmo wrote:

Correct me if I'm wrong here, but if I had a "brute-force hacking tool or a dictionary hacking tool" and I was using it on my own machines or machines I had been charged with securing, would I be breaking the law? Would this not be akin to carving knives being illegal despite the fact I was using them on the Sunday dinner?

Not totally. These hacking tools are often used to bypass a users password, to gain access to their files, if they left/got sacked, and the employer needs access to the files. That, or an ex-sys admin put a password on the managers account, and the manager needed access. Check out http://www.atstake.com as an example for a legal brute-force password cracker.

=-=

OP, if you want some advice, get MasterEye. This program allows you to view what the user is doing. To implement this, all you have to do is to recommend a security change to your manager, and list this as a solution. Then get it made into your companys' policy. Should be nice and legal then. Put it past a lawyer to ensure that you can't get sued over it, tho.

NutJob

In this caste the tool itself isnt illegal just method of usage.



Off the point electronic break and enter tools are illegal to possess under Irish law (no trial case as of yet). This could be argued in court.



In a corporate network you must notify all the employees that there is monitoring in place or legally u have to notify them that random monitoring is occurring.



Even better than that is if you decide to take action and single out an employee again ur open to being sued.



If you want to monitor a corporate lan.



-[font=&quot] [/font]set out a random monitoring policy

-[font=&quot] [/font]set out a fair consequence (3 strike – 1 verbal, 2 written ,followed by dismissal)











Read your company law



-Principles of Irish law (available in easons )

-Data protection act (aspects cover this)



I can get a book which summarises and gives case examples(where they exist). If you want the name ill dig it out

hshortt

Another point which has not been mentioned is that any security policy in place to monitor employees has to be regularly reviewed and re-issued to employees.

Oh, and happy employees won't sell inside secrets etc.

Good luck,
Howard

DublinWriter

alfoxy wrote:

I worry about my companys price lists, customer lists, etc being sent out to compeditors. If that happens my company would loose money, then I we could be all out of a job. By monitoring all employees I am doing my best to protect them and the company.

You obviously don't have a clue as to the legal/IR ramifications of what you're doing as *you'd* be the one losing your company money if an (ex)employee ever took this up in the Labour or Unfair dismissals court.

Do you have an IT Acceptable Use policy in place that every employee is made aware of? Probably not.

Does your company place a non-disclosure clause in employees contracts/terms of employment? Again, probably not.

Here's a scenario. An employee could walk into my office and say "I've been ripping you off for years, stealing thousands". If I had secretly tape-recorded that conversation do you think that the tape would count as evidence in a Court in this country? It would not.

Regardless of the sarcasm that you think people are throwing at you, you should heed their comments as it may stop you learning the hard and expensive way that covert employee monitoring in this country is not the brightest of ideas unless you have very definite and specific suspicion that particular fraudulent activies are being carried out.

Cake Fiend

the_syco wrote:

Trust me on this one: if you were logging my stuff, I'd know.

How?

the_syco

Sico wrote:

How?

It would appear in taskbar, I would think. The spy software usually does (the legal, and illegal ones).

DublinWriter

the_syco wrote:

It would appear in taskbar, I would think. The spy software usually does (the legal, and illegal ones).

It wouldn't and it would be fairly lame if it did.

I've even seen one product that doesn't even show up on the process-list when you CTRL-ALT-DEL.

And for total covert and serious monitoring, you'd use a product like Etherpeek or Sniffer, which wouldn't require that *any* software was installed on the target PC.

NutJob

now if you said you check ur pc thoughtfully for crap programmes. I do guarantee i may miss a process for a day or 2 but if i found a key logger on a work pc i wouldn't be happy to say the least.



Just off the point my god the output form a keylogger is hard to read in any way.



And if ur worried about company secrets on pc what about mr fax and mr photocopier. I find that easiest way to distribute pricing lists

Fionn

i once found a key logger on a PC i was doing a job on.

they can be very difficult to spot and certainly won't make their presence felt on task bars or task manager etc.

I happened to stumble upon the log file it was creating as i was trying to track down something else that was also increasing in another log file belonging to an errant piece of software.
someone who had access to the PC had placed this logger on it. There was all sorts of stuff iin the log, passwords, usernames, url histories, click events and obviously private conversations etc.

these files tend to get very big with usage. it wouldn't be the most efficient way for monitoring in a company situation.
But for home based spying it'd do the job

The moral dilemma is another question altogether.

rsynnott

The point is, unless you tell employees in advance, a keylogger is a) illegal and b) useless. You can't use the information obtained without putting yourself in a very dangerous position.

the_syco

DublinWriter wrote:

It wouldn't and it would be fairly lame if it did.

That, and I also have a habit of installing spybot and adaware on the PC's that I use, weather or not I'm allowed to. The way I see it is: if I use a PC, I make sure there's no sh|te on it.

Saying that, if theres anthing checking out the sites I visit, I know within a week, as some of the sites I visit get blocked. There's a few that will get blocked if someone's keeping tabs on what sites I visit.

Cake Fiend

If someone really wanted to keep something hidden from a user, especially on a computer or network they administered, they could. A Windows machine can be locked down quite effectively, and a rootkit could hide any process from the user if necessary. Obviously a network logger can be hidden even more easily.

hshortt

Rootkits can be identified quite easily, depending on the pc setup. If the PC is a member of an Active Directory domain, then policies in effect will stop a user from identifing a root kit. But for an Administrator on such a network, it's easy to id.

One very simple way is to run a command prompt when logged in normally, and from the root of the system drive run a simple dir /s > Normal.txt next, boot from an old boot floppy, or cd, or memory key (no matter so long as you can read the file system!) run another dir /s > Check.txt after that you compare the two files using the resource kit utility windiff. If there's nothing to worry about, both files will be identical, but if there are any hidden nasties you will be able to see them in the report.

Some rootkits hide themselves using an old technique called streaming. It's quite clever really, it hides any file you like within another file, so when you run dir, you can't see the hidden file. It becomes layered within the other one. Anyway, there's lots of utilities such as streamfind which can also reveal these tactics.

Cheerio
Howard

Cake Fiend

We're talking about a regular user here, not an administrator - in fact, it's the administrator that's trying to hide the nasties. In which case, he/she can lock down the machine (including disabling boot from external media) enough that a regular user wouldn't be able to do much scoping, even if they knew how. Most office workers wouldn't even think of the possibility of their admin snooping on them, let alone know how to detect it (much less be able to detect it).

Laguna

Why do you need a keylogger? surely you're after what they're looking at on the internet, just set up a gateway PC's NIC to promiscous mode to see what sites people are looking at. Anyone looking for a keylogger is looking to do something illegal.