Hardware Keylogger

[nakedpeanut]

You could always write your own.. Wrote one for my machine so i can see what people do on it
It's very easy especially when done in c#. But ya i'd hate to work somewhere if they monitoring my keystrokes! Thats just creepy.

 

[Roger.Wilco]

I see. the company's policy is to randomly monitor users and their activities and the personla use of company equipment including personal banking and email isnt permitted

You're heading for serious trouble if you go ahead with this.

For example:
You can give the employee's a warning or whatever if they use company equipment for banking if they're not allowed to. But when you start logging personal banking details from your employees, it gets really serious. They will have to sign a contract stating specifically that you're logging keystrokes, and explain to them exactly what that means. And even then, if someone wants to take you to court for this, the court will want to know why you're not blocking sites that's not permitted.

I've never heard of a valid reason why anyone would want to use keyloggers.

 

[Mars]

Firstly, depends. If your company has a policy that allows for the monitoring of it's users, including keyloggers, then it would be OK. Secondly, I don't know where you could buy one, never had the need

+1 besides who is going to go through all the data to check it? Do you even realize what kind of data you would be collecting?
Also, since you are legally required to inform the users of the key logger, it can then be easily circumvented by using a different keyboard, using a software keyboard or simply copying and pasting words from random documents to make up your sentences.

So all you will be achieving by doing this is telling the honest people you mistrust them, and the dishonest ones will just find a way around it.

 

[AstroTurf]

Get something like eblaster (hardware keyloggers are likely to get removed/stolen) while eblaster and similar when implemented properly are not noticeable by users.

That said, The proxy solution is much better, less resource intensive for the users and as is always the case, prevention is better than spyware.

 

[The_Unbeliever]

Man, why all this hoo-haa?

Just get Smoothwall with Dansguardian, and use DansGuardian to block websites they're not allowed to go to.

They will still get to do their Internet banking.

Most bad sites will be blocked should you use Shalla's blacklist in conjunction with Dansguardian, there's a whole lot of options you can use to make sure your users doesn't surf to the wrong sites.

Case closed.

And, yes, I agree with this - should somebody's bank account get plundered, and it is determined that the company used keyloggers, then that company can be held liable for the loss of money from that account. Unless they can prove otherwise, but that's going to be extremely difficult.

 

[Roger.Wilco]

Man, why all this hoo-haa?

Just get Smoothwall with Dansguardian, and use DansGuardian to block websites they're not allowed to go to.

They will still get to do their Internet banking.

Most bad sites will be blocked should you use Shalla's blacklist in conjunction with Dansguardian, there's a whole lot of options you can use to make sure your users doesn't surf to the wrong sites.

Case closed.

When I read this article http://mybroadband.co.za/news/business/12983-Skilled-professionals-tough-find.html this morning, I couldn't believe what they're saying. We have some fantastic IT people in SA! But then after reading threads like this about IT "professionals" who wants to use keyloggers, I can understand what they're talking about.

A good admin should never have to monitor his people. What's so difficult in just blocking access to whatever you don't want the employees to do? How do incompetent people end up in positions like this?

 

[acidrain]

I wouldn't suggest using a key logger since it could cause problems if your employee finds out you are capturing private information. As for a good firewall, there is always a way around it, like the whole "browse the net using notepad" etc etc. Blocking by address, use an online proxy. Block by port, well can't really block the http port.

The remote desktop sounds like the best. Can catch the person, capture screen and present it as proof with their written warning. Maybe just put up a notice stating that key loggers will be installed on all computers, and browsing private information will be captured and is therefore at their own risk. Obviously don't implement it, just in case you get idiots that havn't heard of keeping your information secure. They won't know whether it's running on the machine or not.

As far as blocking personal emails and internet banking is concerned, I don't see the big deal with it unless the person affected has no pc or internet at home. It's labor, unnecessarily wasted for things that SHOULD be done at home.

 

[Arthur]

C'mon people. To whom do the PCs belong, and do they not have rights too? You might not like it, and even refuse to work for an organisation that has such policies -- that's your choice -- but it's an unacceptable violation of an organisation's rights to prevent them from setting rules about how and under what circumstances their own equipment can be used. Same goes for phones, stationery, vehicles, TVs, furniture, rooms, &c, &c.

Ever called a Call Centre that never answers, or dealt with Call Centre agents who are obviosuly less than interested in resolving your problems? Then you know the problem, and strictly monitoring their work and use of company assets is not out of line, IMHO.

That said, I have no idea where to get hardware keyloggers.