• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
masha2

How to know if my PC is being monitored?

22 posts in this topic

I just read this article [url="http://bits.blogs.nytimes.com/2011/12/05/big-brother-in-the-home-office/?pagewanted=all"]http://bits.blogs.ny...?pagewanted=all[/url] about workplaces monitoring/taking snapshots of workers computer desktop. Is there any way to know if I have something like this going on my work laptop?


Thanks in advance.
0

Share this post


Link to post
Share on other sites
The tool hijackthis generates a good log file of all the stuff going on. Then googling the unknown processes and services lets you find out pretty quickly whether there are any threats.
0

Share this post


Link to post
Share on other sites
Not if the software is smart/good or if you've got limited rights on the machine. The quickest and easiest way is to ask. If your manager doesn't trust you enough to have open communication... then you know.
0

Share this post


Link to post
Share on other sites
I'm still not 100% sure because that would defeat the purpose of it. If hijackthis could pick it up then the administrator could simply block that program via group policy; problem solved.

We do this to some (very minor) extent when we are asked to, but it's through a server. The fire stations use VPN for now (until they get fiber ran to them) and they have to RDP into the fire stations main server to run the software for their reporting. When this happens you can simply interact with their session and do it in view only mode. This allows you to watch them in real-time and they have no clue they are being watched. I'm sure there are plenty of other ways, but this has worked so far from what was needed. So it is possible to do it without being detected both locally and remotely when needed.
0

Share this post


Link to post
Share on other sites
[quote name='Telastyn' timestamp='1323964221' post='4894190']
Not if the software is smart/good or if you've got limited rights on the machine. The quickest and easiest way is to ask. If your manager doesn't trust you enough to have open communication... then you know.
[/quote]

I asked. He said he doesn't know and I believe him, he is a good man.

[quote name='UltimaX' timestamp='1323964539' post='4894193']
I'm still not 100% sure because that would defeat the purpose of it. If hijackthis could pick it up then the administrator could simply block that program via group policy; problem solved.

We do this to some (very minor) extent when we are asked to, but it's through a server. The fire stations use VPN for now (until they get fiber ran to them) and they have to RDP into the fire stations main server to run the software for their reporting. When this happens you can simply interact with their session and do it in view only mode. This allows you to watch them in real-time and they have no clue they are being watched. I'm sure there are plenty of other ways, but this has worked so far from what was needed. So it is possible to do it without being detected both locally and remotely when needed.
[/quote]

You're right about hijackthis. I can't even install this kind of stuff. But where can I found more info on your "method"?
0

Share this post


Link to post
Share on other sites
There are lots of ways to monitor your activity without needing anything installed on your machine, mailboxes can have access rights changed to allow admin/managers to view your emails, if your company uses a proxy server then they can see where people and probably who is viewing which sites.

I think it unlikely that you are being monitored unless you have given your company a reason to suspect you need to be
0

Share this post


Link to post
Share on other sites
This may not be a reliable method, but see if you can monitor graphs on your machine. Look out for unusual, but regular load spikes in network activity and CPU usage.

[url="http://technet.microsoft.com/en-us/sysinternals/bb897437"]Process Explorer[/url] lists processes loaded on the machine, although it may not reveal rootkit based monitoring applications.

[url="http://technet.microsoft.com/en-us/sysinternals/bb897437"]TCPView[/url] gives you a list of processes that either listen or communicate through a network port.

Running [url="http://www.wireshark.org/"]Wireshark[/url] might be an option, although I can't remember whether it requires admin privileges to capture network traffic.

If you have browsing access to the Program Files dir, you could see what's installed, and google up stuff that looks suss.
0

Share this post


Link to post
Share on other sites
[quote name='Malal' timestamp='1323966345' post='4894199']
I think it unlikely that you are being monitored unless you have given your company a reason to suspect you need to be
[/quote]


:) I think too I'm not. But I prefer to be in control of what's going on my computer. I want to know if to limit my gmail reading, skyping and etc. . These things don't reduce my productivity and I dont have terrible secrets, but I dont want someone else to look on it.
0

Share this post


Link to post
Share on other sites
[quote name='someuser']
workplaces monitoring/taking snapshots of workers computer desktop ... But I prefer to be in control of what's going on my computer. I want to know if to limit my gmail reading, skyping and etc.
[/quote]
Does it matter? You should always assume they are.

You absolutely should limit your work activities to things that are work related or to activities that have explicit or tacit approval from your employer.




Actual law depends on location, but for most of the world employees have very few privacy rights with anything involved at work.

Employers can generally search their employee's cubicles, desks, and personal possessions kept in the office, much like you can search any room in your home or go through your child's backpack. Corporate objects belong to the company and they have no expectation of privacy. Personal objects you leave in the office have very little expectation of privacy.

If this is a work computer you really have no right to anything on it since it isn't yours; courts routinely find that you have no expectation of privacy on work computers, work networks, work email, or Internet access at work. Anything that goes through the corporate network or exists on a corporate computer is subject to inspection and review by the company. It is the company property, you are using it on the company's behalf, for the company's purposes.

They are probably not monitoring everything you do, unless you are working at a casino or other high-security job. They are most certainly logging your email communications; constant risk of lawsuits means mandatory data retention policies for these and other important tidbits. Some companies will have rolling taps for "training and performance monitoring purposes", and in many places they don't need to tell you since it was in your employment contract. Sysadmins can grab a constant live view of what sites you are viewing, what network connections are open, and what resources are in use, and have logs of what everyone does; again this is normally just ignored but when they start using the tools to check it out there is a very good chance the sysadmins will know exactly what you are doing every moment of the day.

You may not feel like it, but the company has some liability for everything their employers do with their equipment. Your employer is unlikely to be monitoring you while you check your gmail, but legally they generally have the right to watch what you are doing on their equipment. They have every right to fire you if you break corporate policy on your personal account if they happen to discover it was done on company equipment or on company time.

Of course, if they use that information to break into your gmail account or bank account or other non-work system, then they have gone too far. That is a different matter.



Just assume your company is monitoring everything if they own the computer. Assume that anything going through the corporate network is also monitored. The company generally has a legal right to do so, and can respond to anything they discover. If you are concerned about computer privacy leave the office and do it elsewhere.
2

Share this post


Link to post
Share on other sites
Even if they don't directly 'monitor' your workstation per say, they can still log and see pretty much [i]anything [/i]you have done in retrospect. So no, it'd be very unwise to ever assume you [i]aren't [/i]being monitored -- not that I think an employer monitoring his employees is very healthy; it implies mistrust and that is never good in a working relationship...
0

Share this post


Link to post
Share on other sites
[quote name='Tachikoma' timestamp='1323966679' post='4894201']
Running [url="http://www.wireshark.org/"]Wireshark[/url] might be an option, although I can't remember whether it requires admin privileges to capture network traffic.[/quote]
It does, but you don't actually have to run it on the machine in question. Proxy your connections through a second box and run wireshark on that (or make the second box the router for the local network).
1

Share this post


Link to post
Share on other sites
+1 for frob's comment. It's probably prohibitively expensive to check up on you all that intensely (the risk of your misuse of equipment/data would have to be fairly high to pay someone to track all of your activities). But that doesn't mean that your use isn't being reviewed shallowly and regularly. I think it's also a good idea generally not to underestimate some manager's penchant for allocating resources poorly.

Because it isn't your computer you are only going to have so much ability to control it and what it does. I am consistently annoyed at the limitations on my work computer which prevent me from doing basic maintenance to keep it running well for my work needs, especially since those limitations wouldn't do much to stop me if I really wanted to cause trouble. But since it's theirs, I have to tolerate it.

If you don't want your employer to know that/when/how often you check your personal email or use skype you should use a different computer, one that you own. Your employer probably has the ability to check a log of your activities at any time, at a minimum. Even if you could reliably get around this monitoring, I would advise against it. Going out of your way to avoid having your activities tracked on a work machine will be extremely suspicious and impossible to defend.
0

Share this post


Link to post
Share on other sites
When you're done folding your tinfoil hat, you probably ought to line your walls with lead, to prevent [url="http://www.surveillance-and-society.org/ojs/index.php/journal/article/viewFile/threats/threats"]EMR snooping of your monitor's contents through the walls[/url].
2

Share this post


Link to post
Share on other sites
I have a question. It's been established repeatedly that employees do [i]not[/i] have a reasonable right to privacy on their work computers or phones. However, has it been settled whether the employees have a right to know whether monitoring is in place? There's two pieces to that: 1) are you required to notify them actively, or 2) are you required to answer truthfully when asked?

I am honestly curious. I could search the case law I guess, but meehhh.
1

Share this post


Link to post
Share on other sites
I think perhaps some things may be wrong here in the thread.

It is illegal in the UK for companies to monitor CCTV in their office without reason. I assume this applies to all personal data. If you are reading your emails they cant read your emails without reason. They can record it but they cant read your emails for a laugh. Its still breach of privacy. Surely if this wasn't the case what is stopping starbucks from reading plain text msn messages on their network. After all its their property, their business and you are there on their behalf.

They can detect you are on gmail.com but they cant go deeper than that,

They have the tools, they dont have the rights. This depends on the law in your country.
0

Share this post


Link to post
Share on other sites
[quote name='RivieraKid' timestamp='1323982321' post='4894283']
I think perhaps some things may be wrong here in the thread.

It is illegal in the UK for companies to monitor CCTV in their office without reason. I assume this applies to all personal data. If you are reading your emails they cant read your emails without reason. They can record it but they cant read your emails for a laugh. Its still breach of privacy. Surely if this wasn't the case what is stopping starbucks from reading plain text msn messages on their network. After all its their property, their business and you are there on their behalf.

They can detect you are on gmail.com but they cant go deeper than that,

They have the tools, they dont have the rights. This depends on the law in your country.
[/quote]
But on Starbucks/McDonalds/etc. you are a customer -- at work, you are an employee. There is a large gap between the two. I don't think anyone's saying: "hey, you're at work, so it's totally cool if they take your phone and check your texts" -- which would be an [i]obvious [/i]breach of privacy. Rather, I think the message is: "if you're at work, using a computer provided to you by the company to execute work, expect zero-privacy given the 'business' nature of the deal."
0

Share this post


Link to post
Share on other sites
I would hope that the employer is forbidden from breaching your privacy. And, honestly, you shouldn't just cave "because it's a business relationship". I call bullshit on that. Being an employee does not make you a slave to your manager / the business owners. You remain a human being with all the rights that go with that, even as an employee. (This really should go without saying, but it seems like in this day and age, it needs to emphasized again.)

Now, they [i]may[/i] have the right to fire you because you checked private email during work hours. But [i]even if they have that right[/i], you should still be able to sue them for compensation if they violate your privacy by reading the private mail you accessed.

At least, that's the "how it should be", from an ethics point of view. Obviously, how it actually is according to the law is going to depend on which country you're in. The differences are surprisingly large.
1

Share this post


Link to post
Share on other sites
[quote name='Promit' timestamp='1323978658' post='4894269']
I have a question. It's been established repeatedly that employees do [i]not[/i] have a reasonable right to privacy on their work computers or phones. However, has it been settled whether the employees have a right to know whether monitoring is in place? There's two pieces to that: 1) are you required to notify them actively, or 2) are you required to answer truthfully when asked?

I am honestly curious. I could search the case law I guess, but meehhh.
[/quote]

Depends on the location.

In the US there are basically two considerations judges and juries need to consider. They need to ask if there is a "reasonable expectation of privacy", and they need to decide on the balance of the privacy interest of the individual vs the interest of the corporation.


IIf you would normally [i]HAVE[/i] an expectation of privacy, then as far as US electronic communications are concerned there is a three pronged test: there must be an established written policy, plus any one of the three conditions (1) one of the parties has given consent, (2) there is a legitimate business reason or (3) the company needs to protect itself.

f you would normally [i]NOT HAVE[/i] an expectation of privacy, then they would not need to provide notice. If a normal person would not expect privacy they generally don't need to tell you.

If the policy exists any one other condition is satisfied than US federal law permits archival and reviewing without further notice. If you ask, the federal law requires only that you point them to the written policy saying it is allowed to happen, not that you need to tell them if it is actually happening.

Naturally the state and local laws vary by location; some states require both parties to be notified if the notification route is followed, some states require annual disclosure, etc.

Some groups do not need permission to record things and can lie about it. For example, there was a long-held myth that narcotics officers were required to tell you if they were recording conversations when you asked. It was a very useful myth for police. The drug dealers would ask 'Are you wearing a wire?', the copy would lie 'Nope, and I'm not a cop or I'd have to tell you I was if I wanted it in court', the dealer would sell the drugs, the arrests were made, and the conversation was used in court.

Google has turned up a 100+ page book, "Compilation of State and Federal Privacy Laws" By Robert Ellis Smith, that seems to cover each of the cases about what various groups must disclose, who they must disclose it to, and what the different groups are allowed to lie about. It applies only to the US, but the fact that it is 100 pages of dense type makes me believe any answer will have location-specific and context-specific nuance.
1

Share this post


Link to post
Share on other sites
[quote name='Prefect' timestamp='1323991587' post='4894321']
I would hope that the employer is forbidden from breaching your privacy. And, honestly, you shouldn't just cave "because it's a business relationship". I call bullshit on that. Being an employee does not make you a slave to your manager / the business owners. You remain a human being with all the rights that go with that, even as an employee. (This really should go without saying, but it seems like in this day and age, it needs to emphasized again.)

Now, they [i]may[/i] have the right to fire you because you checked private email during work hours. But [i]even if they have that right[/i], you should still be able to sue them for compensation if they violate your privacy by reading the private mail you accessed.

At least, that's the "how it should be", from an ethics point of view. Obviously, how it actually is according to the law is going to depend on which country you're in. The differences are surprisingly large.
[/quote]

That is basically how it works, yes.

They can record anything you do if they meet certain guidelines, they can search your desk and anything you bring into the building assuming they have some basic standard written policies and are careful when the lawyers write up the details.

Laws about recording the details of any web page that was served up are highly variable. It is much like an envelope: The address on the outside of the envelope is public, the contents are generally considered private. Laws about accessing the payload are highly variable; some places require no notice, others require some notice, still others generally prohibit it.

The company can fire you for using company equipment for checking your gmail account if it violates their written policies. The web page addresses are public (they must know them to look up the IP address and get the right data served to you). They can record that, log it, and use it as justification to terminate employment.

They cannot use the password they caught in the transmission to open your gmail account; that requires a court order else it would be fraud.
1

Share this post


Link to post
Share on other sites
[quote name='Telastyn' timestamp='1323964221' post='4894190']
Not if the software is smart/good or if you've got limited rights on the machine. The quickest and easiest way is to ask. If your manager doesn't trust you enough to have open communication... then you know.
[/quote]I don't know what country you or the OP are in, but in many countries it is a legal requirement they tell you.
0

Share this post


Link to post
Share on other sites
At my place you're not allowed to be actively monitored except when you're suspect. If you are, chances are high, you where informed before by your boss that some stuff you do at work don't seem right (always come to work at last, leave as first, for example).

In certain cases, one can be monitored without having any pre-information, though. assumption of stealing, for example.

so yes, in the end, one can be monitored. but, except if one does illegal stuff, one can not be punished for doing private stuff without prior information.

most monitoring is passive here. stuff like proxy servers. they just start to alarm if some computer always tries to find porn, for example. then, maybe active monitoring specific to that person will start.

in the end, most is about common sense. but that, again, depends on the company :)
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0