As a computer person, I see this all the time at work. The easiest way to detect it?
Put something on it. Innocent enuff but spreadable. If it is being looked at the gossip gets back to you.
My problems stem from employees coming in on Saturday to do their taxes. Nothing wrong with that BUT they are telling the director they are working. That is wrong. To take a day off for comp time and come in and do your taxes.
Our email simply copies the email you send and stores it on our server. So it I cuss my boss out I can run down and look at what I sent. Very few people know this where I work. I can read EVERYTHING they write. And it is hard as they will cuss you out and of course you can’t say nothing or they will know.
VNC is a specific software, created by ATT in UK (link below) and free. There are many other applications in the same genre such as PCAnywhere which cost more and have different features. In all cases, you run a “host” version on the machine you want to connect to and a “client” version on the machine you’re connecting from, and then the client can log into the host as if it were the local terminal. In the case of VNC, you simply access the current system in shared mode with the local terminal. If there’s someone on the local machine, you compete for mouse access, etc. so it’s quite noticable unless the remote user is just watching. With some systems such as MS Terminal Services, you connect to the remote machine with an independent session, so you are not competing with the local user (and not viewing what the local user does). In the case of both VNC and PCAnywhere, the host software includes a prominent icon which indicates connection status so the local user knows a remote is connected. You could probably remove this, but it would be easier to install a monitoring program if that’s what you’re after.
In most cases, VNC etc. are installed by IT people so when the user calls and reports an error, they can connect and view the problem as it happens and make configuration changes directly without coming on site. Like the network shares I mentioned in an earlier post, disabling the remote access software is likely to annoy the techies a great deal.
Just a note about last accessed times on files. This may work for your local PC, but on network shares it is pretty unreliable. Virus scans and some backup software can technically access these files and change the timestamp.
Also changing your permissions on your shares and on your local PC to lock out the admins royally pisses off IT staff. Like it or not, we can access your data and it’s just a matter of how many steps we need to take.
The only exception is if you encrypt your data using PGP or something like that. Of course a keystroke grabber will still record what you put into those files…
