As an IT professional, I regularly monitor employee computers and email. This is important in a production environment for both administrative and security purposes. For example, email monitoring allows you to block attachments that may contain viruses or spyware. The only time I need to connect to a user’s computer and work directly on their computer is to fix the problem.
However, if you feel like you are being watched even though you shouldn’t, there are a few small tricks you can use to determine if you’re right. First, watching someone’s computer means they can observe everything you do on their computer in real-time. Blocking porn sites, removing attachments or blocking spam before it reaches your inbox, etc. not really control, but more like filtering.
Before moving on, I want to highlight one BIG problem: if you are in a corporate environment and think that you are being watched, you have to assume that they can see EVERYTHING you do on the computer. Also suppose you can’t find a program that records everything. In a corporate environment, computers are so personalized and reconfigured that it is nearly impossible to detect anything unless you are a hacker. This article is more for home users who think a friend or family member is trying to spy on them.
Computer monitoring
So now, if you still think someone is spying on you, here’s what you can do! The easiest and easiest way to log into your computer is to use Remote Desktop. The good thing is that Windows does not support multiple concurrent connections when someone is logged into the console (there is a hack for that, but I wouldn’t bother). This means that if you are logged in to your XP, 7 or Windows 8 computer and someone had to connect to it using the Windows EMBEDDED REMOTE DESKTOP feature, your screen will lock and it will tell you who is connected.
So why is this useful? This is useful because it means that in order for someone to connect to YOUR session without you noticing or distracting your screen, they must be using third-party software. However, in 2014 no one will be as obvious and it will be much more difficult to detect third-party stealth software.
If we are looking for third-party software commonly referred to as remote control software or virtual network computing (VNC) software, we must start from scratch. Usually, when someone installs this type of software on your computer, they have to do it while you are away and restart the computer. So, the first thing that might scare you is restarting your computer, and you don’t remember doing that.
Secondly, you should check in the Start Menu – All Programs if something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc. is installed. knows what a program is and will simply ignore it. If any of these programs are installed, someone might connect to your computer without your knowledge while the program runs in the background as a Windows service.
This brings us to the third point. Usually, if one of the programs listed above is installed, there will be an icon for it on the taskbar, because it must be constantly running in order to work.
Check all your icons (even hidden ones) and see what works. If you find something you haven’t heard of, do a quick Google search to see what appears. It is quite easy for monitoring software to hide the icon on the taskbar, so if you don’t see anything out of the ordinary there, it doesn’t mean that you don’t have monitoring software installed.
So, if nothing is displayed in the obvious places, let’s move on to more complex things.
Check firewall ports
Check firewall ports
Again, since these are third party applications, they must connect to Windows through different communication ports. Ports are simply virtual data connections through which computers communicate directly. As you may already know, Windows comes with a built-in firewall that blocks many incoming ports for security reasons. If you don’t have an FTP site, why should port 23 be open?
Thus, in order for these third-party applications to connect to your computer, they must pass through a port that must be open on your computer. You can check all open ports by going to Start, Control Panel and Windows Firewall. Then click on “Allow this program to run through Windows Firewall” on the left.
Here you will see a list of programs with check boxes next to them. Those that are checked are “open” and those that are not checked or not listed are “closed.” Go through the list and see if there is a program that you are not familiar with or that complies with VNC, remote control, etc. If so, you can block the program by unchecking the checkbox for it!
Check outgoing connections
Check outgoing connections
Unfortunately, this is a little more complicated. In some cases there may be an incoming connection, but in many cases the software installed on your computer will only have an outgoing connection to the server. In Windows, all outgoing connections are allowed, which means nothing is blocked. If all spyware writes data and sends it to the server, then it only uses the outbound connection and therefore does not appear in this firewall list.
To catch such a program, we need to see outgoing connections from our computer to the servers. There are many ways to do this, and I’ll talk about one or two. As I said earlier, this is getting a little trickier now because we are dealing with really hidden software and you have a hard time finding it.
TCPView
TCPView
First download the TCPView program from Microsoft. It’s a very small file and you don’t even need to install it, just unzip it and double-click Tcpview. The main window will look like this and will probably make no sense.
Basically, it shows you all of your computer’s connections to other computers. On the left is the name of the process that will run programs like Chrome, Dropbox, etc. The only other columns we need to look at are the remote address and state. Go ahead and sort by the State column and view all the processes listed under the ESTABLISHED section. Installed means that there is currently an open connection. Please note that spyware may not always be connected to the remote server, so it is recommended that you leave this program open and monitor for any new processes that may appear in the installed state.
What you want to do is filter this list down to processes whose names you do not recognize. Chrome and Dropbox are fine and no cause for concern, but what are openvpn.exe and rubyw.exe? Well, in my case, I am using a VPN to connect to the internet, so these processes are for my VPN service. However, you can just google these services and figure it out quickly. VPN software is not spyware, so worry not. When you search for a process, you can immediately tell if it is safe or not just by looking at the search results.
Another thing you want to check is the rightmost columns called Packets Sent, Bytes Sent, etc. Sort by bytes sent, and you can see at a glance which process is sending the most data from your computer If someone is watching your computer, they have to send data somewhere, so if the process is not very well hidden, you should see it here.
Process Explorer
Process explorer
Another program that you can use to find all the processes running on your computer is Microsoft’s Process Explorer By running it, you will see a lot of information about each process, and even about child processes running inside parent processes.
Process Explorer is pretty good because it connects to VirusTotal and can tell instantly if a process has been detected as malicious or not. To do this, click Options, VirusTotal.com, and then click Check VirusTotal.com. It will take you to their website to read the TOS, just close it and click Yes in the program dialog box.
Once you have done this, you will see a new column that shows the detection rate of the last scan for many processes. It is not possible to get the value for all processes, but it is better than nothing. For those without a rating, search these processes manually on Google. For those with points, you want it to be roughly 0 / XX. If it’s not 0, go ahead and google the process or click on the numbers to go to the VirusTotal site for this process.
I also try to sort the list by company name and any process where the company is not listed I check with Google. However, even with these programs, you may still not see all the processes.
Rootkits
Rootkit
There are also hidden programs of a class called rootkits that the above two programs cannot even see. In this case, if you did not find anything suspicious while checking all the processes described above, you will need to try even more reliable tools. Another good tool from Microsoft is Rootkit Revealer, but it’s very old.
Other good anti-rootkit protections are the beta version of Malwarebytes Anti-Rootkit, which I highly recommend as their anti-malware tool was # 1 in 2014. GMER is another popular tool.
I suggest you install these tools and run them. If they find something, delete or delete whatever they suggest. In addition, you should install antivirus and antivirus software. Many of these hidden programs that people use are considered malware / viruses, so they will be removed if you run the appropriate software. If something shows up, be sure to go to Google to see if it was monitoring software or not.
Email and website monitoring
Checking if your email is being tracked is also difficult, but in this article we’ll focus on simple things. Whenever you send an email from Outlook or any email client on your computer, it should always connect to the mail server. Now he can connect directly or through a so-called proxy server, which accepts the request, modifies or verifies it, and forwards it to another server.
If you are using a proxy server for email or web browsing, then the websites you access or the emails you write can be saved and viewed later. You can check both, and here’s how. For IE, go to Tools, then Internet Options. Go to the “Connections” tab and select “LAN Settings”.
If the Proxy server checkbox is checked and it has a local IP address with a port number, it means that you are going through the local server first before it reaches the web server. This means that whatever website you visit first goes through another server running some kind of software that either blocks the address or just logs it. The only time you will be somewhat secure is if the site you are visiting uses SSL (HTTPS in the address bar), which means that everything sent from your computer to the remote server is encrypted. Even if your company captures intermediate data, it will be encrypted. I say somewhat secure because if you have spyware installed on your computer, it can capture keystrokes and therefore capture whatever you enter into these safe sites.
For corporate email, you check the same thing – the local IP address for the POP and SMTP mail servers. To test Outlook, go to Tools, Email Accounts, click Edit or Properties and look for the values ??for POP and SMTP Server. Unfortunately, in corporate environments, the mail server is probably local and therefore you are definitely being watched even if not through a proxy.
You should always be careful when writing emails or browsing websites in the office. Attempting to hack into their security system can also cause you problems if they find that you have bypassed their systems! IT pros don’t like it, I can tell from experience! However, if you want to secure your web browsing and email, your best bet is to use a VPN such as private Internet access.
This requires installing software on your computer, which you may not be able to do in the first place. However, if you can, you can be sure that no one will be able to see what you are doing in your browser unless they have local spyware installed! There is nothing to hide your actions from the locally installed spyware as it can record keystrokes, etc., so try your best to follow my instructions above and disable the monitoring program. If you have any questions or concerns, feel free to comment. Enjoy!
–