How to tell if your Boss is spying on you?

Coda · February 27, 2003, 7:00pm

Ok all you computer guru’s out there in the teeming millions. Help an old man out…My daughter thinks her boss is spying on her computer. She works for a small non-profit and they are on a simple server. Nothing crazy. The reason she thinks her boss is spying on her is because he seems to know things that are only on her computer. Apparently he is not such a bad guy, but she wants to find out for sure if he is spying on her.

So of course, I get the call, "Dad, I think my boss is spying on my computer… how do I find out if he’s looking at files on MY computer??? Or what I’m doing on line? "

So does anyone know how to tell if your boss is spying on you i.e. looking at what you do online or looking at files etc…etc… ??

Bearflag70 · February 27, 2003, 7:07pm

Wait… exactly WHOSE computer is it? Does the employer own it? Is it on the business premises?

Coda · February 27, 2003, 7:11pm

Yes, why?

I see where you are going, but come on now. Why hire such a wonderful worker - my daughter - if you do not trust her?

She’s obviously not looking at porn, no instant messenger, and she does her job well.

I’m just looking for a factual answer. What can she do to find out if he is looking at her files. Not the ones on the shared drive either.

yme · February 27, 2003, 7:52pm

Beerflag70: I see where you’re going with this. But just because the company owns the equipment, doesn’t mean he can abuse company policy by prying into the personal lives for his own personal gain. He could be the peeping tom type freak, if that’s what’s going on, I don’t know.

Coda: If your daughter really feels she’s being invaded, this is your best bet. Tell your daughter to stop sharing all drives except folders that are required for business use. Change all her passwords immediately. This goes for LAN or a Windows logon (If it’s Windows), e-mail and basically anything with a password to her PC. Passwords should be like this ‘20g0ld02’ not ‘mydogfluffy’ ya know, passwords should be hard to guess. If she has a personal password file, make sure she password protects it as well. Her pc should have telnet and ftp disabled if not required for business use. PcAnywhere should be disconnected if not required. And if she has WinNT/2K/XP or unix based system, she can set security restrictions on who can access what resource on her PC. If the PC has spyware on it, there may be not too much she can do, but avoid personal things as much as possible and keep it home. My tew scents.

Bricker · February 27, 2003, 7:52pm

What is the operating system of the daughter’s computer?

Is it part of an NT or 2000 domain?

Will_Repair · February 27, 2003, 7:54pm

No way to tell if he is turning the computer on after hours and looking at files, which would include web browsing and email. She could clean the cache after use to prevent this.

He could keep a record of the server’s activities without her knowing or preventing it.

yme · February 27, 2003, 7:54pm

Also, she may have a ‘Home drive’ on the LAN server. Tell her to keep that folder full of business stuff only.

Bearflag70 · February 27, 2003, 7:57pm

I guess my response is beyond the scope of the OP. Sorry.

Post withdrawn.

Good luck!

Coda · February 27, 2003, 8:13pm

She’s on a LAN that uses Windows NT. Thats about all I know. Thanks YME I’ll tell her some of that stuff. I don’t know if she turns what you said off if it will corrupt anything on her server…

Ethilrist · February 27, 2003, 8:20pm

Check the date/time stamps on the files and the Temporary Internet files to see if they were updated when she wasn’t there. Also check the internet history. He may just be using her machine to look at sites he doesn’t want to access from his machine…

Coda · February 27, 2003, 8:23pm

Ethilrist - he can do that? remotely?

pkbites · February 27, 2003, 8:33pm

Perhaps he’s installed monitoring software on the hard drive. It’s next to impossible to detect.

micco · February 27, 2003, 8:36pm

In defense of Bearflag70, I think he makes a good point. The simplest way to avoid invasions of privacy on company equipment is not to put any personal/private data on those machines. Comparing your boss to a peeping tom (yme’s words, not the OP’s) is like complaining about people eavesdropping on your phone calls when talking on a mobile phone in the middle of a shopping mall.

To more specifically address the OP, there are a lot of different ways the company may be monitoring your daughter’s use of her computer. Many have been covered above, so forgive any recaps, and understand that this is a partial list:

They could be browsing her files remotely. She can restrict this by not sharing directories, changing local account passwords, etc. However, there are a lot of legit reasons why the company would want to access her drives, and a user who constantly turns off shares is the kind of thing that drives IT staff batty.

They could be browsing locally when she’s not there. To restrict this, she has to change the password on every account with local access. It’s unlikely she can even do this if the computer is part of a network that does centralized authentication (like an MS domain). Even if she could, this is another thing which would attract both the attention and the ire of other people who need access.

They could be monitoring network traffic. This could take the form of packet filters on the firewall or simply network monitors that look for certain types of traffic within the LAN. In either case, there is very little you could do to detect that this is happening, aside from just asking. Most companies make their filtering and monitoring a part of the openly-available acceptable use policies.

They could be using a screenshot logger or other utility to snapshot the computer’s monitor periodically. These types of utilities take a screenshot every so often and log them somewhere so a computer’s use can be reviewed after the fact. This in effect provides a stop-motion animation of the work done. In this case, there will be a logging application installed and running locally.

They could be using a keystroke monitor to log her activity. Like the screenshot logger, this will log activity to some other location, and will be evident as a local utility running.

I’m a huge privacy advocate, but I’m also a company owner and believe that my gear is my gear. My crew is free to install anything they want on their workstations and we don’t typically do any monitoring because it’s more trouble than it’s worth. But there are a growing number of precedents that hold a company responsible if they should have monitored something. For example, if one employee is offended by the sight of porn on another employee’s computer, they might hold the employer responsible because they should have prevented it and had the technical means to do so, even if there was no previous pattern of abuse. IANAL so I don’t know if these suits would stick, but I’ve heard the fears from other companies. There are also a lot of legitimate reasons why the boss or IT guys would need access to the machine, and an employee who repeatedly blocked that access would probably be sanctioned because they’re interfering with work. I know the OP says the monitoring is unnecessary, etc. but it’s difficult to restrict illegitimate access or monitoring while still allowing legitimate use. This is why I suggest just keeping your private life elsewhere.

Ethilrist makes a good point about checking file access times to see if someone is accessing files or apps. However, if the boss has any bit of technical sophistication, he could easily cover these tracks. In addition, if you suspect he’s doing things on this computer in order to make her look bad or avoid looking bad himself (e.g. browsing porn from someone else’s machine) then that’s a completely different threat than keeping your own data private and you need completely different countermeasures. In that case, you might want screenshot or keystroke monitors to determine what’s being done when she’s not there.

Coda · February 27, 2003, 8:46pm

Thank you. That is what I was looking for. I will copy and paste what you said micco in an email. I think she needs to see that.

Also I do not think her boss is looking at porn. I think he is checking to see if she is doing her work. I think. I know she doesn’t spend hours surfing the net, but I bet she spends enough time where someone may take notice. I played the fatherly role with that one, but hey she is still my daughter…

EasyPhil · February 27, 2003, 9:05pm

Technically Coda, she doesn’t have any files because the equipment and the software on it, which would include any files she created belong to the company that she works for. Even if she was bringing her own laptop, anything that she generates while working would be viewed as the property of the company.

Porn was mentioned as one of the reasons that companies may be monitoring what’s on employees machines, but more serious I think are the potential lawsuits arising out of intellectual property rights violations i.e. software, music, video.

Technically if you’re browsing the web on company time you are stealing from the company unless of course you have permission from the company to do so.

Coda · February 27, 2003, 9:09pm

So as an example, all those dopers who are at work and posting on the boards, are essentially*** stealing*** from the companies they work for?

EasyPhil · February 27, 2003, 9:26pm

How many jobs do you know that pay you to post on and read the SDMB?

NotMrKnowItAll · February 27, 2003, 9:32pm

Coda,

From you description, it doesn’t sound like she’s upset about her boss perusing her personal stuff rather, he looking at her work before it’s complete. I had a boss who did that. It is annoying especially if he’s harping about dead ends that you followed and abandoned. As what to do, it sounds like he is not that sophisicated, witness him talking about it, so probably file access times would be a sufficient check. But after that what would she do? Confront him?

Coda · February 27, 2003, 10:39pm

NotMrKnowItAll - that was a good read into the situation. And I truly do not know what she will do with the info you all have provided. She is my youngest daughter, and at 25 she can get pretty hot tempered. So my guess is, her boss is looking over her shoulder, and she doesn’t like it. I’m going to give her a buzz in an hour or so - she’s in AZ - so the time diff is 2 hours from New England. I’ll post back with what happens. I think It’ll be interesting…

Profane_Creation · February 27, 2003, 11:34pm

Coda,

There is a type of program called VNC (Virtual Network Connection?) (I thjnk that’s a generic name for the type of SW and not a product-specific name) that can be run on PCs. When two PCs have this, and they are in the right modes and a connection is made, the “master PC” can drive on the “client PC” to do remote-access software admin stuff. This is what we use at my work to do remote fixing of PC stuff. A very cool and powerful program.

If I have VNC up constantly (which some people at work do) the CS folks here can “access” my machine and see what is on my screen. If they don’t touch the mouse, they can just watch what is going on on my screen as if they were sitting right next to me, pretty much without me having a clue about it.

Your daughter’s work may have something like this installed so that the boss can watch what is being done remotely.

I admit this may be an expensive piece of SW for a very small business to have, but there may be SW out there that is similar in function (perhaps monitor-only?) that may be more practical.

Just a t’ought…