Spyware/keylogger detectors for OSX

Discussion in 'Buying Tips, Advice and Discussion (archive)' started by BarnabyWilde, Aug 20, 2004.

  1. BarnabyWilde macrumors newbie

    Joined:
    Aug 20, 2004
    #1
    Hi - can anyone reccommend any products for keeping an eye on OSX to spot any existing or new installations of spyware and keystroke loggers? Or have any advice on manually tracing down such infestations?
     
  2. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #2
    No known spyware, so don't worry about that. There are keyloggers but somebody needs physical access to your Mac to install one. You might be able to find one with some detective work, but to you think somebody sat down at your computer and installed one?
     
  3. BarnabyWilde thread starter macrumors newbie

    Joined:
    Aug 20, 2004
    #3
    Yup - it's very possible. I need to discreetly find out if they have (it's my boss....maybe....)
     
  4. slughead macrumors 68030

    slughead

    Joined:
    Apr 28, 2004
    #4
    I agree with horror taxi.

    However, I have seen both key loggers and spyware for Mac OS X, they are usually installed with a legitimate program (trojan horse), due to their need for a password to get to certain places.

    I've never heard of anyone actually getting "infected" by spyware on a mac.
     
  5. Palad1 macrumors 6502a

    Palad1

    Joined:
    Feb 24, 2004
    Location:
    London, UK
    #5
    open up a termninal, then type

    ps aux

    and check each and every process for something weird.

    You may want to check kernel extension files as well: kextstat. You may try unloading it with 'sudo kextunload <module>" but be warned though, you can crash your machine really easilly...

    If you fear that some process logs the key to your hard drive you can use the 'lsof' command under terminal.

    If you fear the data is sent over the network you can check the data being transfered by installing a network sniffer : http://www.macosxhints.com/article.php?story=20010810103021605

    Good luck...
    And remember, a sane machine is just a format away :)
     
  6. morkintosh macrumors regular

    Joined:
    Nov 25, 2003
    #6
    umm... if it is at work then it's not "your" computer and they are entitled to do whatever they like with it. If your boss did install a keylogger I don't know if you want to just remove it.

    Why would your boss install something like that anyway, are you giving him/her a reason to want to spy on you? Maybe they think you spend too much time on macrumors while you should be at work ;)
     
  7. DavidLeblond macrumors 68020

    DavidLeblond

    Joined:
    Jan 6, 2004
    Location:
    Raleigh, NC
    #7
    Not to mention that deleting a monitoring program at work is a great way to get on the fast track to unemployment.
     
  8. Mord macrumors G4

    Mord

    Joined:
    Aug 24, 2003
    Location:
    UK
    #8
    putting one on your bosses mac is a good way to counter unemployment
     
  9. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #9
    I have to agree, if this is a work computer you have no business taking anything off of it. They own you during work hours and they don't want you doing your own thing on the net. You probably signed some kind of agreement saying as much when you were hired.

    If this is your own computer then your boss has no business touching it. Of course if you hooked your computer into the company network that complicates things a bit.

    Time to come clean--what exactly is going on?
     
  10. Wash!! macrumors 6502

    Joined:
    Jan 8, 2002
    Location:
    here, there, who knows
    #10
    One word....

    The only reason you should be afraid of spyware at work is....porn, plain and simple and the fact that you are sending your resume out from work :D ;)
     
  11. musicpyrite macrumors 68000

    musicpyrite

    Joined:
    Jan 6, 2004
    Location:
    Cape Cod
    #11
    Oh no, there are plenty of other things he has to be afrade of.

    Things like d/l copyrighted material off p2p programs.
    Same as above, only using BT.
    Hackers, hacking, and/or virii.
    Making sure your actually doing work your suppost to be doing, other than coming to places like MR and posting.

    There's probbably some more, but I'm to lazy to think right now.
     
  12. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #12
    It's more than just porn. They don't want you doing your stuff while they're paying you. I know of people who have been fired for sending personal email. Nothing pornographic, just making happy hour plans and general conversation. I know of a woman who got fired because she planned her wedding at work on company time. They had all her emails and tied her computer to the websites she used for booking travel, etc.

    I was just a juror on a civil trial where this came up. She says she was fired because she was pregnant, and the company counters with thousands of personal emails she sent on company time. Outta there.

    By the way, don't expect anything you do on the network at work to be private.
     
  13. BarnabyWilde thread starter macrumors newbie

    Joined:
    Aug 20, 2004
    #13
    Yeah it is the company's mac - I just want to know if my personal mails are private or not. Stated company policy is not to monitor personal emails, but my department head is a real jerk, and I suspect he might be busting official policy to keep on top of a little departmental strife.

    I don't want to uninstall a keylogger, I just want to know if it's there.

    BTW, I ran the ps and ps aux commands in terminal, didn't find anything untoward there - does that settle the matter? Would any currently running app show up there?
     
  14. Palad1 macrumors 6502a

    Palad1

    Joined:
    Feb 24, 2004
    Location:
    London, UK
    #14
    Not quite, you could still have a trojan if the logger were either :
    - embedded in a 'legitimate' application
    - a kernel extension
     
  15. BarnabyWilde thread starter macrumors newbie

    Joined:
    Aug 20, 2004
    #15
    And do you know if any commercial key loggers do that?
     
  16. whooleytoo macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #16
    Even if there's no keystroke logger, they probably can monitor all your email anyhow, especially if you're using a company mail server, but even if you're sending and receiving web mail by using a packet sniffer. Certainly, when I worked in Apple, they could monitor all email traffic, and they recorded some of the phone conversations too.

    Personally, I wouldn't work in a company that insisted upon installing a keylogger; and I'd be hesitant to join a company that intercepted/recorded/viewed emails again. It's privacy for privacy's sake, it's not about hiding anything. Though, there are many valid reasons why a person wouldn't want a keylogger - what if I buy h/w or s/w for the company using my credit card - why should I trust the IT department with my credit card number? etc..etc..
     
  17. garybUK Guest

    garybUK

    Joined:
    Jun 3, 2002
    #17
    Check the terms and conditions of employment and the company T&C's to see if this covers 'using company office systems for other uses other than those realted to do your job', if no such T&C's exist then im pretty sure that its against your human rights (it is in Europe Anyway), If you was dismissed, then you would take it to industrial tribunaral for wrongful dismissal, the evidence would be passed, but if this was not stated in the T&C's then they (the company) would be in trouble.
     
  18. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #18
    If their policy is not to monitor your personal email then your company is certainly in the minority. Most company's policy state that you are not to use email for personal use under penalty of termination. Make damn sure that the policy really says what you think it says. Get it in writing.

    But they do have the technical ability to see everything you do over the network. Not saying they do it, but they could.

    If the policy is not to monitor emails and your boss has installed a key logger then that's obviously a no-no and is something you can take up with his boss or the labor board.

    It doesn't sound like you've got any questionable software installed though.
     
  19. GrizzlyHippo macrumors member

    Joined:
    Jul 17, 2002
    Location:
    on the sofa
    #19
    spyware app.

    Have a look on www.versiontracker.com for a programme called Little Snitch. I have it installed and it alerts you of any network access (std config allows Safari etc to gain access) and gives you the choice of making rules to allow or block access for each application/trojan/spyware.

    I'm not sure, but this may solve your needs / put your mind at rest.

    Cheers,
    Tom
     
  20. slughead macrumors 68030

    slughead

    Joined:
    Apr 28, 2004
    #20
    US companies will soon be required to keep all e-mail for at least 1 year, to help prevent insider trading (yeah, like it's THAT hard to alter an e-mail :X).
     
  21. Horrortaxi macrumors 68020

    Horrortaxi

    Joined:
    Jul 6, 2003
    Location:
    Los Angeles
    #21
    Many probably already keep it at least that long because spring cleaning is no fun. As for faking the emails--that all lies in the integrity of the person in charge of the email.
     
  22. kant macrumors 6502

    Joined:
    Jul 22, 2004
    #22
    Lot harder than you think, because there's always that nagging question: Did you get all the copies?
     

Share This Page