As an administrator, you need to be aware of the existence of a type of program that can capture keystrokes and monitor a user’s computer activity. You may decide to use such software to monitor users on your network—although there are legal implications for doing so. But even if you don’t use it yourself, you should know that hackers can use one of these programs to steal passwords and sensitive data. In this article, I’ll introduce you to one of these monitoring programs, WinWhatWhere.

Legal precautions
What do you do when you suspect that an employee is using an office computer for illegal, questionable, or just plain time-wasting activities? In the past, employers would simply confront the user. If he or she didn’t give a satisfactory response, the employer would often deliver a warning or terminate the user. However, today, executives generally concede that merely questioning an employee about possible violations can cause both legal and morale problems.

One way to proceed is to first make certain that there’s a clause in your employee manual that informs all employees that their computer, telephone, and/or fax communications are subject to monitoring without notice. Also, clearly state in writing that inappropriate or illegal activities during business hours using company equipment are grounds for dismissal. Obviously, the wording of such statements should be reviewed (and perhaps written) by your corporate lawyers.

Monitoring user activity
Before you dismiss or even challenge an employee, you need some solid evidence of misdeeds—if only to confront the individual to change his or her behavior (or, in the worst-case scenario, so you can persuade the employee to resign voluntarily).

Monitoring software such as WinWhatWhere can be extremely useful for gathering such evidence. However, you need to be aware that the results of using this and other software may not constitute legal proof of misdeeds—you’ll need to ask your attorney about this, too. But even if the information can’t be admitted in court, it may help you confirm suspicions or clear an innocent worker to your own satisfaction.

WinWhatWhere lets you monitor every keystroke on a computer and record editing operations in a word processor. Figure A shows an example of text that WinWhatWhere captured from an e-mail message. You can configure the program to monitor only selected activities, such as anything done in a Web browser. WinWhatWhere can also show you what files a user has accessed and for how long, as shown in Figure B.

Figure A
WinWhatWhere enables you to capture keystrokes, such as this outgoing e-mail.

Figure B
This report indicates how much time a user spent in Flight Simulator 2000.

One option is to use this program in an open atmosphere where everyone is kept “honest” by knowing that any of their computer activity could potentially be recorded. Alternatively, you can use it in stealth mode to conduct an investigation of suspected negative activities.

Put to nefarious use
Although WinWhatWhere can be a useful management tool, it can also be a serious security threat if someone sneaks it onto your computers without authorization. In the stealth e-mail mode, the program can quietly e-mail all collected data to any e-mail address. As a result, WinWhatWhere can be a powerful hacking and/or industrial espionage tool. Thus, even if you never intend to use it on your workers’ computers, for security purposes, you need to be aware of how this and other keystroke-monitoring programs function.

How do you feel about monitoring software?

We look forward to getting your input and hearing your experiences regarding this topic. Join the discussion below or send the editor an e-mail.