Questions

Discreet Remote Viewing/Control Software

Tags:
+
0 Votes
Locked

Discreet Remote Viewing/Control Software

dvltash
Managers at our client's organization would like to discreetly and remotely view their agent's screen to monitor computer usage, ie. inappropriate internet use, etc. While we are aware specific access to websites, programs and the such can be controlled via different security measures, for various reasons the client doesn't want this. They want to be able to use something like VNCViewer to remotely log in real time and view what the agent is doing. Is there a way to script not only a silent install but one with no icons and no pop ups to indicate that it is running? Is there a different software that we should be looking at? Of course, they would like some kind of free solution.

Thanks!
  • +
    1 Votes
    gechurch

    Where I used to work (years ago), we used to use TightVNC with a registry change to hide the icon exactly as you desire. You can see the registry change in the FAQ at http://www.tightvnc.com/faq.php. It looks like they have changed it in newer versions so that you must use the interface to disable it though. That's going to be a pain if you want to push it out via GPO or similar.

    As you already know, this is a bad idea. There are better ways of tracking things like web activity and installed programs. Doing this opens up potential privacy issues. What if the person you spy on was in the middle of writing a sensitive letter to one of your colleagues for example? Or if the person is running payroll and you see the salaries of people that you shouldn't be seeing? If they're going to do it, I'd at least inform the users in a very simple and open way and have them sign off on it (which I'm sure many of them will refuse to do, which will hopefully see the people wanting to do this change their mind).

    +
    0 Votes
    the edidas

    Use DameWare Mini Remote Control.
    You can deploy it remotely with a configuration file to hide all the icons and run it in hidden mode.

    +
    0 Votes
    a.portman

    Tightvnc and Realvnc can be scripted to hide the icon and allow remote view/control.

    You said client, not employer, correct?

    Now, get in writing that you are installing this for management and that you have made management aware that there are better tools for monitoring employee Internet use and that you are installing this software per their director orders.

    I think they are looking for a bunch of lawsuits they don't want to see and that they will be on the losing end of most of them.

    Suggest they talk to their legal representative about what they want to do.

    +
    1 Votes
    darthmongo

    Every place I've worked at has required a confirmation from the user to remotely connect to their machine while they were logged in, mainly to eliminate the potential for accessing confidential information, whether it be personal or company related (the end user may be composing an email to their doctor about a sensitive medical matter, or as mentioned earlier, viewing payroll information with social security numbers, etc). I recommend getting your Human Resource department's views on this for your own workplace. Your management may be putting you (and the department) in a bad situation, and HR may have a dim view of this methodology.

    +
    1 Votes
    tony

    How is this different from a virus? I am pretty sure that giving managers the opportunity to spy like this is illegal - maybe not where you are, but in many countries. I recall cases where people have been jailed for spying on partners like this.

    I am fairly sure that if this comes to light you will probably find yourself on the receiving end of legal acton, possibly criminal, and certainly civi.

    Here in the UK the simple thing of accessing people's voicemail without their knowledge has sent people to jail and caused huge problems for News International.

    If you don't have the easy option of walking away from this, at least do the following

    1) Insist on having a copy of the organisation's policies on IT and Internet use; make sure that it is dated and signed as being in effect at that date
    2) Ask for a written instruction as to which users it should be installed for, and the activities suspected
    3) Armed with the above, you can put in appropriate measures e.g. if it is web activity, then there is probably a proxy of firewall that will log things. There are also free tools that will unpick a user's browsing history (this is better because it comes from an authenticated profile - I am assuming that you are talking about a domain based system)

    I have dealt with two cases, years ago, where there were specific things
    1) Inappropriate use of the internet in a sub-office. In this case, I warned (by email) all users in that office that we had performance problems with their Internet that was affecting the business use (they used remote access to head office that was being impacted) and that I would be monitoring internet use for several days, starting ... Two of the people did not change their habits when advised in advance that this monitoring would be taking place (at the router) and were subsequently disciplined (both chose to leave)
    2) A more tricky case. A senior manager was suspected of inappropriate relationships with staff and I was asked to make his email available to the CEO. This resulted in him leaving. Incidentally, in one of the emails he said that it was quite safe to use company email because the system admin did not know how to access it.

    In both of these cases, specific wrong doing was suspected, and the lightest possible measures taken to verify or exonerate those concerns. In the first, people were told in advance, and in the latter, it was to confirm the verbal evidence we had from a number of female staff.

    If your client does not have clear and targeted reasons e.g. specific company policies or laws being broken, then take local legal advice before you do it, to make sure that whatever you do is not going to land you in jail.

    Actually, getting good legal advice in writing that you can give to your client stating what can and cannot be done may be the best way of dealing with the situation. This would at least allow you to make it clear what you can and cannot do, and they cannot urge you to break the law on their behalf.

    +
    0 Votes
    timp999

    I agree with Tony. It's difficult to walk away from revenue, but the desire to do this on the part of the client is pretty abhorrent. Either they don't know a better way, in which case as a consultant you need to educate them. In the presence of updated information on better methods, if the client still insists on the "Big Brother" approach, I'd walk away. At minimum, be very clear in your understanding of possible legal issues that may arise.

    I wouldn't want my business associated with breaches of privacy, accidental or otherwise.

    +
    0 Votes
    info

    Morale-wise and concept-wise, this IS a bad idea. You end up with employees that always think 'Big Brother' is looking over their shoulders, which will create added stress and friction. What managers don't realize is that when they see an employee 'taking breaks', it actually enables them to think more clearly and work better over the long run.

    Sometimes they're just goofing off, though.

    Where I disagree is on this 'legality' issue. It will vary from country to country, but an IT policy will clearly state that the computers and network are company-owned. Any information sent across that network can be subject to scrutiny. So if any 'sensitive' letters need to be written to doctors and the like, they should do so from home. Or, these days, from their mobile device. As for seeing sensitive data, the best systems would buffer IT personnel from that, but not even always. Over my past 20+ years, I've been privy to ALL sorts of sensitive information due to my roles in IT. This ranges from personal medical histories, to employee payscales, to what porn the execs have been looking at.

    There's this one employee attribute that covers all of that. DISCRETION.

    PS: I worked at a call center where the management came up with this solution to monitor us at random. Of course, this was the day of P4 1.7GHz, so as soon as our PC's performance went South, we'd wave to them because we knew what was happening...

    +
    0 Votes
    timp999

    A perfect example of just because you can, doesn't mean you should. How much respect did you have for the watchers? Clearly not much, given your "wave".

    +
    0 Votes
    highlander718

    guess it is too late ... really a pitty if you have to work for somebody who asks this kind of thigs.

    +
    0 Votes
    gechurch

    I don't think ditching the client is the right approach. They'll just end up with another consultant with lower morals. I think the right approach is to explain to the client the problems with their approach, and guide them towards a better solution.

    We all like to talk about "big brother" when we hear these sorts of stories, but I think more often than not these 'bright ideas' are from people that are well-meaning enough, but are just a tad naive and haven't thought about the negative consequences.

  • +
    1 Votes
    gechurch

    Where I used to work (years ago), we used to use TightVNC with a registry change to hide the icon exactly as you desire. You can see the registry change in the FAQ at http://www.tightvnc.com/faq.php. It looks like they have changed it in newer versions so that you must use the interface to disable it though. That's going to be a pain if you want to push it out via GPO or similar.

    As you already know, this is a bad idea. There are better ways of tracking things like web activity and installed programs. Doing this opens up potential privacy issues. What if the person you spy on was in the middle of writing a sensitive letter to one of your colleagues for example? Or if the person is running payroll and you see the salaries of people that you shouldn't be seeing? If they're going to do it, I'd at least inform the users in a very simple and open way and have them sign off on it (which I'm sure many of them will refuse to do, which will hopefully see the people wanting to do this change their mind).

    +
    0 Votes
    the edidas

    Use DameWare Mini Remote Control.
    You can deploy it remotely with a configuration file to hide all the icons and run it in hidden mode.

    +
    0 Votes
    a.portman

    Tightvnc and Realvnc can be scripted to hide the icon and allow remote view/control.

    You said client, not employer, correct?

    Now, get in writing that you are installing this for management and that you have made management aware that there are better tools for monitoring employee Internet use and that you are installing this software per their director orders.

    I think they are looking for a bunch of lawsuits they don't want to see and that they will be on the losing end of most of them.

    Suggest they talk to their legal representative about what they want to do.

    +
    1 Votes
    darthmongo

    Every place I've worked at has required a confirmation from the user to remotely connect to their machine while they were logged in, mainly to eliminate the potential for accessing confidential information, whether it be personal or company related (the end user may be composing an email to their doctor about a sensitive medical matter, or as mentioned earlier, viewing payroll information with social security numbers, etc). I recommend getting your Human Resource department's views on this for your own workplace. Your management may be putting you (and the department) in a bad situation, and HR may have a dim view of this methodology.

    +
    1 Votes
    tony

    How is this different from a virus? I am pretty sure that giving managers the opportunity to spy like this is illegal - maybe not where you are, but in many countries. I recall cases where people have been jailed for spying on partners like this.

    I am fairly sure that if this comes to light you will probably find yourself on the receiving end of legal acton, possibly criminal, and certainly civi.

    Here in the UK the simple thing of accessing people's voicemail without their knowledge has sent people to jail and caused huge problems for News International.

    If you don't have the easy option of walking away from this, at least do the following

    1) Insist on having a copy of the organisation's policies on IT and Internet use; make sure that it is dated and signed as being in effect at that date
    2) Ask for a written instruction as to which users it should be installed for, and the activities suspected
    3) Armed with the above, you can put in appropriate measures e.g. if it is web activity, then there is probably a proxy of firewall that will log things. There are also free tools that will unpick a user's browsing history (this is better because it comes from an authenticated profile - I am assuming that you are talking about a domain based system)

    I have dealt with two cases, years ago, where there were specific things
    1) Inappropriate use of the internet in a sub-office. In this case, I warned (by email) all users in that office that we had performance problems with their Internet that was affecting the business use (they used remote access to head office that was being impacted) and that I would be monitoring internet use for several days, starting ... Two of the people did not change their habits when advised in advance that this monitoring would be taking place (at the router) and were subsequently disciplined (both chose to leave)
    2) A more tricky case. A senior manager was suspected of inappropriate relationships with staff and I was asked to make his email available to the CEO. This resulted in him leaving. Incidentally, in one of the emails he said that it was quite safe to use company email because the system admin did not know how to access it.

    In both of these cases, specific wrong doing was suspected, and the lightest possible measures taken to verify or exonerate those concerns. In the first, people were told in advance, and in the latter, it was to confirm the verbal evidence we had from a number of female staff.

    If your client does not have clear and targeted reasons e.g. specific company policies or laws being broken, then take local legal advice before you do it, to make sure that whatever you do is not going to land you in jail.

    Actually, getting good legal advice in writing that you can give to your client stating what can and cannot be done may be the best way of dealing with the situation. This would at least allow you to make it clear what you can and cannot do, and they cannot urge you to break the law on their behalf.

    +
    0 Votes
    timp999

    I agree with Tony. It's difficult to walk away from revenue, but the desire to do this on the part of the client is pretty abhorrent. Either they don't know a better way, in which case as a consultant you need to educate them. In the presence of updated information on better methods, if the client still insists on the "Big Brother" approach, I'd walk away. At minimum, be very clear in your understanding of possible legal issues that may arise.

    I wouldn't want my business associated with breaches of privacy, accidental or otherwise.

    +
    0 Votes
    info

    Morale-wise and concept-wise, this IS a bad idea. You end up with employees that always think 'Big Brother' is looking over their shoulders, which will create added stress and friction. What managers don't realize is that when they see an employee 'taking breaks', it actually enables them to think more clearly and work better over the long run.

    Sometimes they're just goofing off, though.

    Where I disagree is on this 'legality' issue. It will vary from country to country, but an IT policy will clearly state that the computers and network are company-owned. Any information sent across that network can be subject to scrutiny. So if any 'sensitive' letters need to be written to doctors and the like, they should do so from home. Or, these days, from their mobile device. As for seeing sensitive data, the best systems would buffer IT personnel from that, but not even always. Over my past 20+ years, I've been privy to ALL sorts of sensitive information due to my roles in IT. This ranges from personal medical histories, to employee payscales, to what porn the execs have been looking at.

    There's this one employee attribute that covers all of that. DISCRETION.

    PS: I worked at a call center where the management came up with this solution to monitor us at random. Of course, this was the day of P4 1.7GHz, so as soon as our PC's performance went South, we'd wave to them because we knew what was happening...

    +
    0 Votes
    timp999

    A perfect example of just because you can, doesn't mean you should. How much respect did you have for the watchers? Clearly not much, given your "wave".

    +
    0 Votes
    highlander718

    guess it is too late ... really a pitty if you have to work for somebody who asks this kind of thigs.

    +
    0 Votes
    gechurch

    I don't think ditching the client is the right approach. They'll just end up with another consultant with lower morals. I think the right approach is to explain to the client the problems with their approach, and guide them towards a better solution.

    We all like to talk about "big brother" when we hear these sorts of stories, but I think more often than not these 'bright ideas' are from people that are well-meaning enough, but are just a tad naive and haven't thought about the negative consequences.