21st Century Big Brother…
The company for which I work is in the information security business. You remember George Orwell’s 1984? The stuff created here is Big Brother v2006 and it’s freaking scary! The office computer is no longer your friend (assuming it ever was) and instead it’s purpose is to monitor everything — including printing, emailing, web surfing, copying data to USB sticks, Googling, sending web email (such as through GMail, Hotmail, or Yahoo), burning CD/DVDs, and just about any other task you as a computer user can do. Any method of transferring data by almost any transport or protocol is monitored.
The security application is undetectable, unremovable, and virtually unstoppable. If it’s running in stealth mode, you’ll never even know it’s running. Task Manager can’t see it. Anti-spyware software can’t detect it. What if you boot into Safe Mode? No such thing anymore; it’s still there and you can’t even tell. If you log onto someone’s else’s computer, it follows you. If you ever do manage to get around it, there’s still a piece of hardware hidden in a humming, air-conditioned server room somewhere in your building that detects the violation and monitors all your traffic remotely — with no software required!
It’s the ultimate in legitimate spyware and your own IT department is itching to use it on your office PC, laptop, eventually your company PDA or mobile phone. Using it is absolutely legal in a corporate environment and there’s absolutely nothing you can do about it if you don’t like it, other than finding another job.
Unusual and funny events often occur during development and testing. I work on the administration piece for the appliance and recently had the most unusual meeting I’ve ever had in my career; the meeting agenda revolved around the definition of unacceptable language use, and I’ve never seen (nor uttered!) so many egregious swear words on official company time. Until last week I’ve never said the word “møthërfûçkër” *gasp* in a meeting!
Also, one of the hazards of developing a Japanese interface (especially when one cannot read or speak a word of Japanese!) is that when I occasionally verify some of the translations of the localization vendor by Googling for similar terms I sometimes end up on websites completely inappropriate for business use. Even though I’m doing real work, I’ve often had to hit the Back button in panic! And, yes, every site I accidentally visited was monitored and logged!
Just as amusing as authorized swearing and visiting pørn websites (albeit accidentally!) at work, is that I am legitimately writing this blog on company time as a test of a few policies, including the Unacceptable Language Use policy. Be careful, though! When your company buys our monitoring tools, you might want to curtail your own questionable, non-work activities on your computer. How will you know when your IT department installs it? You won’t; they don’t even need physical access to your computer to install it…
Seriously, though, as someone not that knowledgeable (when you get right down to it) about how the systems I make my livelihood off of actually work, how is some of this possible?
I don’t doubt your word that it is (Folks, if Richard tells you a triangle actually has four sides it would be worth taking another look at one just to check there wasn’t some aspect of the thing you’d overlooked. The guy *knows* things. (And given this blog entry, I’m beginning to wonder just how much he may know…)) but wonder how, given how you’ve described it, it could be.
To the extent that are actually allowed to comment:
If you log onto someone’s else’s computer, it follows you.
Me, specifically? Or more because it’s monitoring activity on every computer so whichever I use it will see what I do?
…there’s still a piece of hardware hidden in a humming, air-conditioned server room somewhere in your building that detects the violation and monitors all your traffic remotely — with no software required!
Without software of some type on the local machine, how would it detect my copying data to USB sticks? I would have thought that was a local activity that didn’t route anything thru some other hardware.
Most concerning of all, actually, would be the monitoring of email. Does it actually track the contents of messages sent to/from gmail, et al, or just the fact that the site was accessed. Would it be able to tell my boss, for example, about my admission at the start of this comment?
2. that’s assuming you have the ability to get around the software in the first place
So software is involved. That’s what I thought. As long as it isn’t magic.
3. Glad you’re on my side. (Or are you…?)
So, how long before my ISP or someone makes use of this and tracks all my use from my home computer?
When I said:
I was attempting to indicate that even if you manage to bypass the software that is stealthily running on your machine (under the huge assumption you can even tell it’s installed), you still don’t have a chance because the hardware running in the back (1) is made aware of the transgression, and (2) monitors network traffic originating from and going to your computer — and it intercepts everything whether or not the security software is running on your local machine. So you don’t have to have any software installed for it to read your GMail, intercept your Outlook, or read your blog entries.
Oh, and did I forget to mention that you can’t even find, see, or access the application files?