Many of my client’s install spyware and monitoring programs such as
“eBlaster” on their PCs for various reasons. How can one tell if such a hidden
program has been added to their machine?
We talk a lot about spyware, and typically what we’re talking about is true
malware: software that’s been installed with malicious intent. Keystroke
loggers, phishing redirectors and the like; all designed by bad people to do bad
What we’re talking about here though, is what I’ll call “legitimate”
spyware. Tools that are available to computer owners that “spy” on the computer
user to keep tabs on what they’re up to.
Become a Patron of Ask Leo! and go ad-free!
The most common scenarios for legitimate spyware are parents keeping an eye
on their children’s computer use, and corporations keeping an eye on their
This class of programs is, ultimately, still spyware in the same sense that
malware classified as spyware is. There’s a limited set of tricks to hiding –
complex, obscure and crafty, but limited. Ultimately that means that the same
techniques that expose malware should, in theory, also expose
What I can’t say is whether any current specific anti-spyware software will
detect any current specific spyware or monitoring package. It’s a game of cat
and mouse in the malware world, but in the “legitimate” spyware arena I’m
actually not sure at all how it plays out.
the same sense that malware classified as spyware is.”
Legitimate spyware vendors often avoid addressing that issue, meaning that
they fail to answer whether their package can be detected by current anti-spyware
programs. But most also indicate that people should be told that it’s been
That kind of absolves them of needing to be 100% hidden in the face of
That’s all a lot of not answering your question.
If faced with the issue myself I would at a minimum scan with a couple of
different respected anti-spyware packages, and then make sure to also scan
using a rootkit detection tool such as Rootkit Revealer (rootkits are a form of advanced hiding
If all those come up clean I’d start to feel better, but if still concerned,
and if resources are available, I’d start monitoring network traffic in and out
of the suspect machine.