Hi - can anyone reccommend any products for keeping an eye on OSX to spot any existing or new installations of spyware and keystroke loggers? Or have any advice on manually tracing down such infestations?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Spyware/keylogger detectors for OSX
- Thread starter BarnabyWilde
- Start date
- Sort by reaction score
No known spyware, so don't worry about that. There are keyloggers but somebody needs physical access to your Mac to install one. You might be able to find one with some detective work, but to you think somebody sat down at your computer and installed one?
Horrortaxi said:
Yup - it's very possible. I need to discreetly find out if they have (it's my boss....maybe....)
I agree with horror taxi.
However, I have seen both key loggers and spyware for Mac OS X, they are usually installed with a legitimate program (trojan horse), due to their need for a password to get to certain places.
I've never heard of anyone actually getting "infected" by spyware on a mac.
However, I have seen both key loggers and spyware for Mac OS X, they are usually installed with a legitimate program (trojan horse), due to their need for a password to get to certain places.
I've never heard of anyone actually getting "infected" by spyware on a mac.
open up a termninal, then type
ps aux
and check each and every process for something weird.
You may want to check kernel extension files as well: kextstat. You may try unloading it with 'sudo kextunload <module>" but be warned though, you can crash your machine really easilly...
If you fear that some process logs the key to your hard drive you can use the 'lsof' command under terminal.
If you fear the data is sent over the network you can check the data being transfered by installing a network sniffer : http://www.macosxhints.com/article.php?story=20010810103021605
Good luck...
And remember, a sane machine is just a format away
ps aux
and check each and every process for something weird.
You may want to check kernel extension files as well: kextstat. You may try unloading it with 'sudo kextunload <module>" but be warned though, you can crash your machine really easilly...
If you fear that some process logs the key to your hard drive you can use the 'lsof' command under terminal.
If you fear the data is sent over the network you can check the data being transfered by installing a network sniffer : http://www.macosxhints.com/article.php?story=20010810103021605
Good luck...
And remember, a sane machine is just a format away
BarnabyWilde said:
umm... if it is at work then it's not "your" computer and they are entitled to do whatever they like with it. If your boss did install a keylogger I don't know if you want to just remove it.
Why would your boss install something like that anyway, are you giving him/her a reason to want to spy on you? Maybe they think you spend too much time on macrumors while you should be at work
morkintosh said:umm... if it is at work then it's not "your" computer and they are entitled to do whatever they like with it. If your boss did install a keylogger I don't know if you want to just remove it.
Why would your boss install something like that anyway, are you giving him/her a reason to want to spy on you? Maybe they think you spend too much time on macrumors while you should be at work
Not to mention that deleting a monitoring program at work is a great way to get on the fast track to unemployment.
I have to agree, if this is a work computer you have no business taking anything off of it. They own you during work hours and they don't want you doing your own thing on the net. You probably signed some kind of agreement saying as much when you were hired.
If this is your own computer then your boss has no business touching it. Of course if you hooked your computer into the company network that complicates things a bit.
Time to come clean--what exactly is going on?
If this is your own computer then your boss has no business touching it. Of course if you hooked your computer into the company network that complicates things a bit.
Time to come clean--what exactly is going on?
One word....
The only reason you should be afraid of spyware at work is....porn, plain and simple and the fact that you are sending your resume out from work
The only reason you should be afraid of spyware at work is....porn, plain and simple and the fact that you are sending your resume out from work
Wash!! said:The only reason you should be afraid of spyware at work is....porn, plain and simple and the fact that you are sending your resume out from work
Oh no, there are plenty of other things he has to be afrade of.
Things like d/l copyrighted material off p2p programs.
Same as above, only using BT.
Hackers, hacking, and/or virii.
Making sure your actually doing work your suppost to be doing, other than coming to places like MR and posting.
There's probbably some more, but I'm to lazy to think right now.
It's more than just porn. They don't want you doing your stuff while they're paying you. I know of people who have been fired for sending personal email. Nothing pornographic, just making happy hour plans and general conversation. I know of a woman who got fired because she planned her wedding at work on company time. They had all her emails and tied her computer to the websites she used for booking travel, etc.Wash!! said:The only reason you should be afraid of spyware at work is....porn, plain and simple and the fact that you are sending your resume out from work
I was just a juror on a civil trial where this came up. She says she was fired because she was pregnant, and the company counters with thousands of personal emails she sent on company time. Outta there.
By the way, don't expect anything you do on the network at work to be private.
Yeah it is the company's mac - I just want to know if my personal mails are private or not. Stated company policy is not to monitor personal emails, but my department head is a real jerk, and I suspect he might be busting official policy to keep on top of a little departmental strife.
I don't want to uninstall a keylogger, I just want to know if it's there.
BTW, I ran the ps and ps aux commands in terminal, didn't find anything untoward there - does that settle the matter? Would any currently running app show up there?
I don't want to uninstall a keylogger, I just want to know if it's there.
BTW, I ran the ps and ps aux commands in terminal, didn't find anything untoward there - does that settle the matter? Would any currently running app show up there?
BarnabyWilde said:
Not quite, you could still have a trojan if the logger were either :
- embedded in a 'legitimate' application
- a kernel extension
BarnabyWilde said:
Even if there's no keystroke logger, they probably can monitor all your email anyhow, especially if you're using a company mail server, but even if you're sending and receiving web mail by using a packet sniffer. Certainly, when I worked in Apple, they could monitor all email traffic, and they recorded some of the phone conversations too.
Personally, I wouldn't work in a company that insisted upon installing a keylogger; and I'd be hesitant to join a company that intercepted/recorded/viewed emails again. It's privacy for privacy's sake, it's not about hiding anything. Though, there are many valid reasons why a person wouldn't want a keylogger - what if I buy h/w or s/w for the company using my credit card - why should I trust the IT department with my credit card number? etc..etc..
Check the terms and conditions of employment and the company T&C's to see if this covers 'using company office systems for other uses other than those realted to do your job', if no such T&C's exist then im pretty sure that its against your human rights (it is in Europe Anyway), If you was dismissed, then you would take it to industrial tribunaral for wrongful dismissal, the evidence would be passed, but if this was not stated in the T&C's then they (the company) would be in trouble.
If their policy is not to monitor your personal email then your company is certainly in the minority. Most company's policy state that you are not to use email for personal use under penalty of termination. Make damn sure that the policy really says what you think it says. Get it in writing.
But they do have the technical ability to see everything you do over the network. Not saying they do it, but they could.
If the policy is not to monitor emails and your boss has installed a key logger then that's obviously a no-no and is something you can take up with his boss or the labor board.
It doesn't sound like you've got any questionable software installed though.
But they do have the technical ability to see everything you do over the network. Not saying they do it, but they could.
If the policy is not to monitor emails and your boss has installed a key logger then that's obviously a no-no and is something you can take up with his boss or the labor board.
It doesn't sound like you've got any questionable software installed though.
spyware app.
Have a look on www.versiontracker.com for a programme called Little Snitch. I have it installed and it alerts you of any network access (std config allows Safari etc to gain access) and gives you the choice of making rules to allow or block access for each application/trojan/spyware.
I'm not sure, but this may solve your needs / put your mind at rest.
Cheers,
Tom
Have a look on www.versiontracker.com for a programme called Little Snitch. I have it installed and it alerts you of any network access (std config allows Safari etc to gain access) and gives you the choice of making rules to allow or block access for each application/trojan/spyware.
I'm not sure, but this may solve your needs / put your mind at rest.
Cheers,
Tom
Many probably already keep it at least that long because spring cleaning is no fun. As for faking the emails--that all lies in the integrity of the person in charge of the email.slughead said: