Win XP, MSN Messenger 6, Keylogging and Proactive Action

[zac_90265]

Hello all,

For some strange reason I believe the network admin at work has added a keylogger via the logon script when I log onto the domain on my laptop. It is bad enough that the script automatically installs Trend Office Scan Pro Corporate, however I just have the feeling that some sort of keylogger has been installed.

I am also interested to know, if the corporate network is using ISA 2000, if the administrators can log MSN Messenger conversations when you are obviously attached to the network.

As I am using XP and am one of the few on the corporate network that is using this, I have obviously built this particular image myself. Can anyone recommend any tools that I can use that will scan this PC for keyloggers and other items that I may not have been installed.

Of course I have used Spyboy and Adaware but obviously those programs are not going to do what I want to scan for.

Any recommendations?

[Tiger Shark]

I would simply ask him...... If it's your own computer and you are allowed to connect it to your work's network then it would be unreasonable of him to be installing stuff on it. However, to go one step further I believe your computer would need an account in the domain in order to become subject to the policies so if it has been joined to the domain then you have given tacit approval to subject it to the policy.

If he is installing a keylogger then it should be clearly stated in the policy of your org. If not they are wide open to a huge lawsuit. If they have warned you that everything you do is monitored and that the computers, network and all data passing across it are the property of the company they may not need to be explicit about the keylogger.

As I said, start by asking...... and be nice...... He'll probably tell you.

[BrainStop]

zac,

To answer your question about monitoring MSN Messenger, just Google for the subject. You will easily find products to monitor everything going on in Messenger.

Just a quick example:
http://www.computer-monitoring-softw...pector_pro.asp
(and this site lists multiple products that can do it)

You will also find links on:
http://www.isaserver.org/ISA/Content_Security/

Cheers,

BrainStop

[zac_90265]

Sure, I understand that once can physically install items on this laptop and get logs sent to them over the network. After scanning the laptop with a variety of programs I am fairly confident there are no keyloggers or anything capturing any of my local information.

So, what are the capacities of ISA 2000 in providing logging for MSN, etc? The hyperlink above didn't work. I know with websense, reports can be run on usage but physical logs of what is said over MSN? That is what I want to know.

What kind of proactive action can I do to secure this laptop to prevent this from happening besides not using these programs?

I would rather not have this conversation with the network administrator as being I am sure he is ignorant of the Australian Privacy Act of 2001, if these things are being logged I am taking it up with the managing director only to prevent exposure of the company. Yes, the network administrator is a true Nazi also!

[BrainStop]

zac,

My apologies for that broken link. Here's the correct one:

http://www.isaserver.org/software/ISA/Content_Security/

If you look at the Akonix product, you will find the following:

When integrated with ISA Server, Akonix L7 receives redirected public IM traffic via an ISA Server Application Filter. Akonix L7 then manages all public IM activity via granular policies that control users and content, scan for file transfer viruses, keep internal messages secure, and provide detailed archiving and reporting. Active policy management prevents policy violations and enforcement actions can include session termination, administrator and user alerts and flagging for offline reporting.

Policies can be created and applied to both network users and groups, and can be triggered by a variety of message attributes, including message content, attached file type, size and name, time-of-day, and intended recipient. And P2P file sharing use can be blocked.

Basically, this product can be added to an ISA server to monitor MSN content.

To prevent it from happening, you would need to encrypt the communications sent by MSN. However, I don't think there is any easy way to do that (although I never really looked into it).

Any data stream that crosses the ISA server can be copied for monitoring. It is then just a question of decoding it. Using encryption would prevent your organisation from doing that, but it would also possibly attract attention to you (i.e. what is this guy hiding for which he needs encryption).

In short, anything that you send over the corporate network can be monitored/logged. If it's encrypted, they might not be able to read it. No software is needed on your laptop to do that.

Hope this answers your question.

Cheers,

BrainStop


The other product for which I provided a link basically takes "thousands of screenshots" per hour to monitor the content of your MSN window (among others).