|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Analysis: Your PC could be watching you
(IDG) -- If you lie awake at night fretting about personal privacy and your computer, consider this: The biggest threat may not be the government or the operator of the Web site you visited late last night, but your business partner, your boss, or even your spouse.
Products for monitoring desktop computers have been around for years. But until recently they were primarily designed for and marketed to large businesses that worried about employee misuse of Internet access and the company e-mail system. Now, a new wave of low-cost, easy-to-use monitoring products is available to home and small-business users. Dubbed snoopware, these products do everything their large-scale corporate cousins can--and in some cases, even more.
Spy on them all
Advertising for these products makes their intended use crystal clear: "Secretly Record Everything Your Spouse, Children, and Employees Do Online," invites one firm. Another vendor promises to help "companies understand how employees use their computers, especially, how much time they spend for non-business purposes or in ways that could result in legal exposure for the organization."
PC World tested four snoopware products intended for home and small-business use: Insight, a $100 per seat product from Trisys; WinWhatWhere's Investigator ($99 for a single-user license); and SpectorSoft's EBlaster ($60 per package) and Spector 2.1 ($70 per package). Our conclusion: Though each does its job a little differently, all are extremely effective at surreptitiously recording activity on a computer, whether it's in an office or in the family room.
We also discovered that it's possible, though not easy, to determine whether you're being monitored. But unless you know just what to look for, and where, you may never know that someone else has been clandestinely observing your every keystroke.
Secret computer recording technology disturbs privacy advocates, who worry about possible abuse of spy software. For the moment, such software is virtually unregulated, and its use is spreading rapidly, especially in the corporate world. Earlier this year, an American Management Association survey of over 2100 member firms--many of them among the biggest in the country--found that 74 percent monitored employees' communications, including Internet use, e-mail, computer files, and phone calls. That's more than double the percentage found in a similar survey in 1997.
Exactly how often snoopware monitoring occurs in small businesses and homes is unclear. But the rapid emergence of products targeting this market suggests that vendors see financial opportunity in people's mistrust of their own families and employees.
Spector 2.1 from SpectorSoft is perhaps the best-known commercial snoopware aimed at home users. Company spokesperson Doug Fowler says that roughly 50 percent of the software's sales are made to people monitoring spouses, and at least 20 percent to people monitoring kids.
A memory-resident program, Spector 2.1 periodically captures screen shots of the desktop. Spector 2.1 can run in monitoring mode (with a small indicator visible on the screen) or in stealth mode (with no obvious indication to users that the program is in place).
By typing a special key combination and an optional password, the owner of the program can invoke a VCR-like display of actions the computer's users have taken, as well as log info and keystroke data. An options screen lets the owner choose how often to take screen shots, what color depth to record the grabs in, whether keystrokes should be captured, and so forth.
The program works by recording information in a specified folder inside the Windows directory. The files have uninformative names such as 4F0BF6D8.TPS.
To see the information a Spectorized computer has gathered, you must sit down at the machine--which could be awkward if the person you're keeping tabs on uses it all day long. To circumvent this problem, SpectorSoft has created EBlaster, a program that regularly sends e-mail reports of Spector 2.1's findings to a designated address. The reports include listings of each program executed, right down to the user keystrokes.
EBlaster can record anything transmitted from the host machine, even by popular chat software such as Instant Messenger and ICQ. It can also send screen shots.
The program works over networks and dial-up connections (even AOL) if the e-mail on the receiving end can handle attachments. Both Spector 2.1 and EBlaster require Windows 95 or later on computers that have 16MB of memory and 10MB of open disk space.
WinWhatWhere's Investigator software targets business users rather than the home market. Instead of taking snapshots of the user's desktop, it maintains detailed records of the times and dates when programs run and when keystrokes are entered on a computer. The program accumulates all of this data in an Access-compatible database, and it can either e-mail the information to the monitoring person or analyze it locally.
Registered owners can run the program in stealth mode. Under this arrangement, the software displays no toolbar tray icons or splash screens to hint that it is present and at work. Like most other snoopware, Investigator does not show up in Windows' Close Program list (which appears when you press Ctrl-Alt-Del) or in the Add/Remove Programs window.
If you're more interested in the big picture of a PC's use than in minute, exhaustive details, Insight from Trisys might do the job. This program monitors employees' use of their computers but does not capture pictures of the monitor display or record the incoming and outgoing text. Insight has both desktop and server components. On the desktop, a small monitoring-agent program observes user activity and periodically contacts the server to report on time spent by employees using various applications, including the number of mouse clicks and keystrokes entered.
Insight logs all Web pages the user visits--but only if Internet Explorer is the browser. It does not capture such precise details as the actual keys pressed or the contents of the Web pages. The server application can generate activity reports for individual workstations or for an entire workgroup. Basic reports show how much time employees have devoted to different applications; if Internet Explorer browsing is involved, you also get information on the Web pages that employees visited and the length of their visits.
Insight's server component runs on Windows NT 4.0 Server or Windows 2000. Trisys recommends using SQL Server to accumulate the statistics, another reason that Insight is more of a corporate or small-business application than a home product.
Good or evil?
In the corporate world, snoopware has helped uncover crimes such as embezzlement and fraud, but the potential for abuse worries many civil liberties advocates, who view the new technology as eroding personal privacy.
"The changing structure and nature of the workplace has led to more invasive and often covert monitoring practices that call into question employees' most basic rights to privacy and dignity," Electronic Privacy Information Center executive director Marc Rotenberg said last summer in support of congressional efforts to curb such practices.
Virtually no laws currently restrict employer monitoring of PCs in the workplace, much less home use of snoopware.
Pending legislation to tighten these rules focuses on requiring notification of employees if their computer activity is being monitored, a disclosure not required today. Several federal bills also mandate court warrants for e-mail interception in criminal cases but are silent on the use of such tactics to monitor how employees work with PCs. The National Labor Relations Board recently ruled against employers who fired workers over e-mail messages that promoted union organizing and criticized workplace conditions--but even those rulings didn't attempt to restrict the monitoring itself.
In the past two years, Dow Chemical, Xerox, and other large employers have fired dozens of employees for surfing the Internet on company time or for sending and receiving improper e-mail. In most cases, the conduct was detected via snoopware. With the low-end products now available, small businesses--not to mention your own family--could emulate the practices of Fortune 500 companies.
So if you work in a small business or use your home PC for activities you'd prefer to keep private, you might investigate whether you're being monitored. You may not be able to stop the snooping, but at least you'll know whether you're under surveillance and can respond accordingly.
The moral: Big Brother may be nearer--and more familiar--than you think.
Click here for an unabridged version of this story.
Industry group: Security key to 'next generation' Web
RELATED IDG.net STORIES:
Every click you make
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.