Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I be sure that there isn't "legitimate" spyware on my machine?

Question:

Many of my client’s install spyware and monitoring programs such as
“eBlaster” on their PCs for various reasons. How can one tell if such a hidden
program has been added to their machine?

We talk a lot about spyware, and typically what we’re talking about is true
malware: software that’s been installed with malicious intent. Keystroke
loggers, phishing redirectors and the like; all designed by bad people to do bad
things.

What we’re talking about here though, is what I’ll call “legitimate”
spyware. Tools that are available to computer owners that “spy” on the computer
user to keep tabs on what they’re up to.

Become a Patron of Ask Leo! and go ad-free!

The most common scenarios for legitimate spyware are parents keeping an eye
on their children’s computer use, and corporations keeping an eye on their
employees activities.

This class of programs is, ultimately, still spyware in the same sense that
malware classified as spyware is. There’s a limited set of tricks to hiding –
complex, obscure and crafty, but limited. Ultimately that means that the same
techniques that expose malware should, in theory, also expose
“legitimate” spyware.

What I can’t say is whether any current specific anti-spyware software will
detect any current specific spyware or monitoring package. It’s a game of cat
and mouse in the malware world, but in the “legitimate” spyware arena I’m
actually not sure at all how it plays out.

“This class of programs is, ultimately, still spyware in
the same sense that malware classified as spyware is.”

Legitimate spyware vendors often avoid addressing that issue, meaning that
they fail to answer whether their package can be detected by current anti-spyware
programs. But most also indicate that people should be told that it’s been
installed.

That kind of absolves them of needing to be 100% hidden in the face of
anti-spyware tools.

That’s all a lot of not answering your question. Smile

If faced with the issue myself I would at a minimum scan with a couple of
different respected anti-spyware packages, and then make sure to also scan
using a rootkit detection tool such as Rootkit Revealer (rootkits are a form of advanced hiding
technology).

If all those come up clean I’d start to feel better, but if still concerned,
and if resources are available, I’d start monitoring network traffic in and out
of the suspect machine.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “How can I be sure that there isn't "legitimate" spyware on my machine?”

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.