RickD Posted December 16, 2016 Share Posted December 16, 2016 Hello all, I recently got a new company laptop and there are rumours the new laptops contain some kind of advanced spyware on it, that monitors pretty much anything you do with it. I know a company has the right to monitor employees, but i would like to know to what extend the monitoring is happening. Netstat -aonb doesn't show any suspicious activity. And also the tasklist seems to be clean. I have admin right so in theory i think i should be able to find any monitoring software .. In fact i don't see how one would be able to do this and hide it without rootkitting the laptop. Could anybody help me out here and tell me what is and is not possible in this area in a regular company context and how to find the software? Any help is much appreciated. Regards, Rick Quote Link to comment Share on other sites More sharing options...
Rkiver Posted December 16, 2016 Share Posted December 16, 2016 In all honesty, you don't find it. It's not your laptop, it's the companies. If you use it, you accept that they can, may, and probably are, monitoring every single thing you do on it. So just behave, use it for NOTHING bar work. Now, you want to know what can be done with monitoring software? Set up a small home test lab, in a virtual environment, and start looking into corporate monitoring software. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 16, 2016 Share Posted December 16, 2016 Have you tried simply asking the company? And as Rkiver says, just do what you are supposed to do on it and don't worry about it. Quote Link to comment Share on other sites More sharing options...
RickD Posted December 16, 2016 Author Share Posted December 16, 2016 2 hours ago, Rkiver said: In all honesty, you don't find it. It's not your laptop, it's the companies. If you use it, you accept that they can, may, and probably are, monitoring every single thing you do on it. So just behave, use it for NOTHING bar work. Now, you want to know what can be done with monitoring software? Set up a small home test lab, in a virtual environment, and start looking into corporate monitoring software. I guess you are right and from a security point of view even trivial stuff like checking personal email can't be done without maybe revealing your password. However these laptops are also sometimes supposed to be used from home. And I don't know if I want to connect such a thing to my home network. And you could probably argue that if you have nothing to hide, who cares. But I just don't want any company sysadmin scanning my lan, just because it's possible. . Quote Link to comment Share on other sites More sharing options...
Rkiver Posted December 16, 2016 Share Posted December 16, 2016 4 minutes ago, RickD said: I guess you are right and from a security point of view even trivial stuff like checking personal email can't be done without maybe revealing your password. However these laptops are also sometimes supposed to be used from home. And I don't know if I want to connect such a thing to my home network. And you could probably argue that if you have nothing to hide, who cares. But I just don't want any company sysadmin scanning my lan, just because it's possible. . I sincerely doubt that a sysadmin would attempt to scan your lan just because they can. The legislation that allows them to provide you a work laptop, and be able to monitor you on that work laptop, is very unlikely to include the right to scan your home lan. I mean with that level of paranoia why are you even online? You're connected to this forum, which means IT could scan your lan. As you see once you get to that point, it gets very silly. A work provided laptop is for just that, work. And yes they are supposed to be use from home, to do work. So use them for just that. Of if you're not comfortable with it, bring it up at a meeting. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 16, 2016 Share Posted December 16, 2016 If you really don't trust them you could try to insist on then providing a 4g dongle for home internet access. Or if they provide your phone get a data plan put on that. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 18, 2016 Share Posted December 18, 2016 It depends where you live. Where I live (Netherlands) it's completely different. An employer has no right to monitor your behaviour on the network! Unless there's a strong suspicion that you are into illegal activity. The employer doesn't have the right to monitor which websites someone visits. And he cannot forbid you to do some private browsing, like checking you're email or checking the weather to see if it is going to rain on your way home. As long as it is within reasonable boundaries and not interfering with the work. So the action you can take depends on where you live... Quote Link to comment Share on other sites More sharing options...
digininja Posted December 18, 2016 Share Posted December 18, 2016 If you suspect this is happening then are there services you can go to to get help and investigate? Quote Link to comment Share on other sites More sharing options...
Guest Posted December 19, 2016 Share Posted December 19, 2016 If you have proof I would say the judge. But I guess it can be difficult to prove.. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 19, 2016 Share Posted December 19, 2016 What if you only suspect? The average person isn't going to be in a position to do any kind of proper checks themselves. Without giving someone the ability to test to see if they are being monitored, the law isn't that useful as most people would not know and wouldn't know how to go about finding out. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted December 19, 2016 Share Posted December 19, 2016 If you're that paranoid about it, don't use it at home. Honestly I could give two shits about what's on someone's home network. I'm busy enough keeping shit off the corporate networks. Besides, everyone knows the good stuff is on the phones! Quote Link to comment Share on other sites More sharing options...
Guest Posted December 20, 2016 Share Posted December 20, 2016 I agree the good stuff is on the pones. I really wouldn't know where to go for support. Like someone else already said, personally I would start with asking my employer, starting with my direct supervisor. That way they also know I am aware. But I can imagine just asking is not a suitable action in every company. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 20, 2016 Share Posted December 20, 2016 It would depend on how much effort they have gone to. Worst case, they've created custom spyware and there is very little way to detect it. It would beacon home infrequently to different locations and bring custom written it wouldn't be detected by any scanner. More likely would be an off the shelf tool which you could detect by using a live boot scanner. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.