Jump to content

company laptop spyware question


RickD

Recommended Posts

Hello all,

I recently got a new company laptop and there are rumours the new laptops contain some kind of advanced spyware on it, that monitors pretty much anything you do with it.

I know a company has the right to monitor employees, but i would like to know to what extend the monitoring is happening.

Netstat -aonb doesn't show any suspicious activity. And also the tasklist seems to be clean. I have admin right so in theory i think i should be able to find any monitoring software ..

In fact i don't see how one would be able to do this and hide it without rootkitting the laptop.

Could anybody help me out here and tell me what is and is not possible in this area in a regular company context and how to find the software?

Any help is much appreciated.

 

Regards,

Rick

Link to comment
Share on other sites

In all honesty, you don't find it.

It's not your laptop, it's the companies. If you use it, you accept that they can, may, and probably are, monitoring every single thing you do on it. So just behave, use it for NOTHING bar work.

Now, you want to know what can be done with monitoring software? Set up a small home test lab, in a virtual environment, and start looking into corporate monitoring software.

Link to comment
Share on other sites

2 hours ago, Rkiver said:

In all honesty, you don't find it.

It's not your laptop, it's the companies. If you use it, you accept that they can, may, and probably are, monitoring every single thing you do on it. So just behave, use it for NOTHING bar work.

Now, you want to know what can be done with monitoring software? Set up a small home test lab, in a virtual environment, and start looking into corporate monitoring software.

I guess you are right and from a security point of view even trivial stuff like checking personal email can't be done without maybe revealing your password.

However these laptops are also sometimes supposed to be used from home. And I don't know if I want to connect such a thing to my home network.

And you could probably argue that if you have nothing to hide, who cares. But I just don't want any company sysadmin scanning my lan, just because it's possible.

.

 

Link to comment
Share on other sites

4 minutes ago, RickD said:

I guess you are right and from a security point of view even trivial stuff like checking personal email can't be done without maybe revealing your password.

However these laptops are also sometimes supposed to be used from home. And I don't know if I want to connect such a thing to my home network.

And you could probably argue that if you have nothing to hide, who cares. But I just don't want any company sysadmin scanning my lan, just because it's possible.

.

 

 

I sincerely doubt that a sysadmin would attempt to scan your lan just because they can. The legislation that allows them to provide you a work laptop, and be able to monitor you on that work laptop, is very unlikely to include the right to scan your home lan.

 

I mean with that level of paranoia why are you even online? You're connected to this forum, which means IT could scan your lan.

 

As you see once you get to that point, it gets very silly. A work provided laptop is for just that, work. And yes they are supposed to be use from home, to do work. So use them for just that. Of if you're not comfortable with it, bring it up at a meeting.

Link to comment
Share on other sites

It depends where you live. Where I live (Netherlands) it's completely different. An employer has no right to monitor your behaviour on the network! Unless there's a strong suspicion that you are into illegal activity.

The employer doesn't have the right to monitor which websites someone visits. 

And he cannot forbid you to do some private browsing, like checking you're email or checking the weather to see if it is going to rain on your way home. As long as it is within reasonable boundaries and not interfering with the work.

So the action you can take depends on where you live...

Link to comment
Share on other sites

What if you only suspect? The average person isn't going to be in a position to do any kind of proper checks themselves. Without giving someone the ability to test to see if they are being monitored, the law isn't that useful as most people would not know and wouldn't know how to go about finding out.

Link to comment
Share on other sites

:lol::lol: I agree the good stuff is on the pones.

I really wouldn't know where to go for support. Like someone else already said, personally I would start with asking my employer, starting with my direct supervisor. That way they also know I am aware. But I can imagine just asking is not a suitable action in every company.

Link to comment
Share on other sites

It would depend on how much effort they have gone to. Worst case, they've created custom spyware and there is very little way to detect it. It would beacon home infrequently to different locations and bring custom written it wouldn't be detected by any scanner. 

More likely would be an off the shelf tool which you could detect by using a live boot scanner.

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...