Monitoring Software Can be Used for Spying as Well

Alexandra Gamanenko

We all already got used to computer monitoring both at work and at home. We got used to advertising software products as tools for parental control and workplace surveillance. These programs are indeed useful tools -- to a certain extent. Large and middle-sized companies use legitimate monitoring programs for workplace surveillance --to ensure information security and local network accountability. At home more and more parents install such software as a "life jacket" for their web-surfing kids. You probably use such a program already, or going to.

But are you aware that these useful and absolutely legal monitoring programs installed on lots of PCs --and perhaps on yours, too -- have a very dangerous sibling called keylogging spyware?

Keylogging spyware -- such programs are usually called simply "keyloggers" have very much in common with legitimate monitoring software. These programs spy--they log keystrokes, mouse clicks, make screenshots, compile a neat log-file and send it to the person who installed (as a rule, remotely) this program on your -- or somebody else's -- PC.

The very principle is pretty often the same. Actually, the technology applied in monitoring software is a dual-purpose one. It is neither good nor bad -- numerous things can be used for several purposes, not all of them permissible. A knife is a typical example -- while we are cutting bread with a bread knife, somebody stabs his neighbor to death with a dagger or stiletto.

Identity thieves do know how to use both kinds of software for their nefarious purpose. I am not going to talk about moral issues, but if there is an opportunity, there always will be one to use it.

If these programs are so closely related, how to tell which is which then? Well, there are two specific program functions that are typical only to programs that spy.

First, it is possible to carry out preliminary configuration of the monitoring module (it is usually called client, agent etc.), getting a compiled executable file as a result. This file, when installed, doesn't display any messages or create windows on the screen. It "hides itself" and "shows no signs of life". It is impossible to notice whether the particular PC is being secretly monitored or not. Of course, the user is not aware of being spied -- until the consequences show up.

Second, spy software always has built-in means of remote installation; as a rule, the pre-configured module (agent) is installed into the target PC remotely. Then the files with obtained information are sent via local network or emailed to the person who installed the spy program.

Remove these functions -- and you will get a monitoring program instead of spyware. If it is impossible to pre-configure the monitoring module and install it remotely, it is not spyware. If you should have administrator privilege to install the program, it is monitoring software. (Person with administrator privilege installs major software products, and in case of a home computer, it is usually the person who owns the PC).

Nevertheless, there are some vendors who advertise monitoring products with "remote deployment", i.e. function of remote installation. In fact, nothing distinguishes these programs from malicious keyloggers. Some of them are actually Trojan Horse programs, which can be sent by email disguised as, say, a greeting card.

Many users feel that it is impossible to install a surveillance program without physical access to their PCs. Unfortunately, they are mistaken. And security experts confirm-- remote deployment of surveillance software is sharply on the rise.

Researchers from Websense Security Labs in their "Security Trends Report" call such programs "commercial keyloggers" and caution users against them: " These commercial keyloggers may be marketed as products that allow you to spy on your spouse or watch your children's online activities. They are often used as packaged attacks designed to capture keystrokes to gather online banking passwords, login credentials, Social Security Numbers and other identity-related information".

No wonder that both security experts and vendors now see keyloggers -- no matter commercial ones or those cybercriminals write themselves -- as a grave threat.

Keyloggers can be also included into freeware and shareware. Trojan programs, viruses and Internet worms often contain keyloggers, too. Security experts warn that information-stealing programs are already relatively common and predict the further rise of unlawful use of such software. That is why it is so important to apply special anti-keylogging protection now.
About the Author
2005 All rights reserved
Alexandra Gamanenko

Alexandra Gamanenko currently works at Raytown Corporation, LLCan independent software developing company,which provides various solutions for information security. Learn more -- visit the company's website

More articles