Spy Software

saberahul

macrumors 68040
Original poster
Nov 6, 2008
3,616
88
USA
I recently gave my Mac to the IT team at my school so that they could install Office 2011 for me (they don’t just give us the license).

I left my laptop with the tech for about 30 minutes. Is there a possibility that he could have installed something which could track what I do? Is there a way for me to check for suspicious behavior running on this laptop? THanks.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,419
759
I recently gave my Mac to the IT team at my school so that they could install Office 2011 for me (they don’t just give us the license).

I left my laptop with the tech for about 30 minutes. Is there a possibility that he could have installed something which could track what I do? Is there a way for me to check for suspicious behavior running on this laptop? THanks.
It's very unlikely they installed anything other than Office. You can check your /Applications folder for any new apps. You can also check the following locations for things that launch when you startup:
  • System Preferences > Accounts > yourusername > Login Items
    (Lion and ML users: System Preferences > Users & Groups > yourusername > Login Items)

  • /Library/LaunchAgents/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)

  • ~/Library/LaunchAgents/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)

  • /Library/StartupItems/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)
You can also check the Console.app for any logs that may indicate something being installed.

Really, though, all that is unnecessary, as a school or business isn't likely to risk a lawsuit for invasion of privacy.
 

saberahul

macrumors 68040
Original poster
Nov 6, 2008
3,616
88
USA
It's very unlikely they installed anything other than Office. You can check your /Applications folder for any new apps. You can also check the following locations for things that launch when you startup:
  • System Preferences > Accounts > yourusername > Login Items
    (Lion and ML users: System Preferences > Users & Groups > yourusername > Login Items)

  • /Library/LaunchAgents/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)

  • ~/Library/LaunchAgents/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)

  • /Library/StartupItems/
    (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)
You can also check the Console.app for any logs that may indicate something being installed.

Really, though, all that is unnecessary, as a school or business isn't likely to risk a lawsuit for invasion of privacy.
Thanks for the response. I’ve attached the screenshot of what /Library/LaunchAgents/ shows me. I checked console but its all gibberish to me…

I do not see any new apps other than the typical 2011 office apps (outlook, word, ppt, excel, RDM, messenger, communicator).
 

Attachments

GGJstudios

macrumors Westmere
May 16, 2008
44,419
759
Thanks for the response. I’ve attached the screenshot of what /Library/LaunchAgents/ shows me. I checked console but its all gibberish to me…

I do not see any new apps other than the typical 2011 office apps (outlook, word, ppt, excel, RDM, messenger, communicator).
I assume you already had LogMeIn and TeamViewer installed, right?
 

sofianito

macrumors 65816
Jan 14, 2011
1,207
2
Spain
That's not necessary, as the school isn't going to install malware. :rolleyes:
I won't trust them. They could perfectly install a RootKit. He probably gave them the root password...

I would also install LittleSnitch and monitor incoming and outgoing connections...
 

robgendreau

macrumors 68040
Jul 13, 2008
3,331
243
Why not just change your password on your user account?

And delete any other accounts that are there?

And is that laptop really yours, or the school's? Some employers do install software (like Team Viewer or LogMeIn) for remote control so that they can provide tech support, install updates, etc. Less likely on a laptop, and super unlikely if YOU own it.
 

alphaod

macrumors Core
Feb 9, 2008
22,164
1,209
NYC
Your school IT cannot legally install other software on your computer without your permission unless they expect a lot of lawsuits and fines.
 

saberahul

macrumors 68040
Original poster
Nov 6, 2008
3,616
88
USA
The laptop is mine. The software was installed under another Admin account which is now deleted. I don’t know of any rootkit or root password; however, currently, I am the only admin on this laptop.

Is little snitch recommended? I don’t want to risk installing monitoring softwares if they use too much processing power and/or memory.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,419
759
The laptop is mine. The software was installed under another Admin account which is now deleted. I don’t know of any rootkit or root password; however, currently, I am the only admin on this laptop.

Is little snitch recommended? I don’t want to risk installing monitoring softwares if they use too much processing power and/or memory.
You don't need Little Snitch or anything else. You're fine.
 

Apple fanboy

macrumors Nehalem
Feb 21, 2012
34,466
23,467
Behind the Lens, UK
Have you got some bad history with your school? Or are you just paranoid? I think you are maybe a bit worried someone at your school will see what you do on your laptop!
 

GGJstudios

macrumors Westmere
May 16, 2008
44,419
759
You may take care if they have installed some tracking software on your computer to stole your personal information including your passwords.
As already stated, a school isn't going to risk the legal problems they would have if they did something that foolish.
 

munkery

macrumors 68020
Dec 18, 2006
2,217
1
I doubt you will find any thing but, if you're worried, install ClamXav from the Mac App Store. Then, run a scan.

Also, run a search using Finder for "/System/Library/Extensions/logKext.kext".

logKext is a fairly well known open source keylogger for Mac that includes remote access capability.

It requires password authentication by an admin to install but it sounds like the IT staff were given that level of access to the system.

If doing these tasks doesn't find anything, then you have peace of mind.