Internet Tips: Fight Back Against Surveillance Software
You probably know by now that using a computer can be hazardous to your privacy, especially if you use your system online. But your privacy can be compromised even if you never link to a network. Sure, Web sites track your browsing habits with ads, cookies, and Web bugs, and they sell your personal information to marketers. Also, spyware and adware install on your PC by piggybacking onto file sharing utilities and other free software downloads. This column frequently discusses such privacy threats.
But another, less-common threat could be more devastating to your privacy than any of the above: surveillance software installed on your machine by an employer or a family member.
Commercial "keylogger" programs spy on you invisibly. They include SpectorSoft's Spector Pro and EBlaster, TrueActive's WinWhatWhere, X Software's XPCSpy and XPCSpy Pro (see FIGURE 1
Finding the Stealth Apps
It's disturbing that mistrust can support so many software companies. Even more disturbing is the fact that it's not easy to detect and remove the surveillance programs these companies produce. Many of the products do such a good job of hiding themselves on your PC that simply looking for the installation files or for an application or process running in memory won't work.
While testing various anti-spyware utilities for a PC World review last July, I discovered that two otherwise top-notch spy catchers, Lavasoft's Ad-aware and PepiMK Software's Spybot Search & Destroy, weren't particularly good at finding the keyloggers that I had running in stealth mode on my test PC. Two other programs--PestPatrol Inc.'s PestPatrol and Webroot's Spy Sweeper--were better, though still hit-or-miss. No product found all of the keyloggers I had installed. and even when they did find one, seldom could they completely disable or remove it.
While most of those programs--both the keyloggers and the anti-spyware utilities--have been updated since my tests, one thing is undoubtedly still true: The more anti-spy tools you employ, the better your chances of detecting a stealth keylogger. Everyone who connects to the Internet should install and use both Ad-aware and Spybot as a matter of course. To do a more thorough scan, add PestPatrol and Spy Sweeper to your counterespionage arsenal. Both programs are available in trial versions (see "Keyloggers Begone" for download details).
If you suspect a keylogger is installed on your PC, you may be able to bring it out of stealth mode and uninstall it. Most of the programs emerge from stealth mode via a keystroke sequence--Spector Pro 4's default sequence is Ctrl-Alt-Shift-S, for example, and XPCSpy's wake-up call is Ctrl-Alt-X. Even if the person who installed the spy software has changed this key sequence to something else, a little determined keyboard exploration might reveal the new combination--just be sure to close every application (including those running in the system tray) beforehand to minimize the chances of invoking unwanted keyboard commands in Windows or your apps. Once all your programs are shut down, press Ctrl-Alt, Ctrl-Shift-Alt, or a similar combination, and then by trial and error start pressing other keys.
There may be other ways to reveal a hidden spy program. I found one right on X Software's Web page: To bring XPCSpy out of stealth mode, choose Start, Run, enter rx in the 'Open' field, and click OK.
If you find a keylogger on your system, you may not be able to access its settings, since the majority of these programs are password-protected. At least you now know that someone really is spying on you. Though you may feel some chagrin about what the keylogger has recorded, the sense of betrayal at being spied upon is probably worse. However, employers can legally install any tracking software they want on company equipment, and most will undoubtedly feel justified in doing so. Disabling the program, or even mentioning its existence, may not be in your best interest. Before doing anything, study up on your rights, starting with the Privacy Rights Clearinghouse's Employee Monitoring fact sheet and the Electronic Privacy Information Center's Workplace Privacy page (see FIGURE 2
If the computer belongs to you or a member of your household, the situation is even more delicate. Disabling the software may alert its installer that you're on to him or her. If you attempt to get rid of the spy software but discover that it's password-protected (preventing you from accessing its uninstall routine), you may be able to delete the program's files if you can figure out what they are called and where they are stored on your PC. PestPatrol maintains a huge list of keyloggers--both commercial programs and those created by malicious hackers. Click a linked name on that page to find information that often includes instructions for manually disabling or deleting the surveillance program (see FIGURE 3
If you've tried various tactics and you still can't get the keylogger off your system, try contacting the software maker. TrueActive states that it will assist you in removing its WinWhatWhere monitoring program if the company agrees with you that the software has been installed inappropriately. If all else fails, you can start over: Back up all of your data, reformat your hard disk, and then reinstall your operating system and applications.
To prevent someone from installing surveillance software on your computer, use an operating system that offers strict log-on security, such as Windows 2000, Windows XP, or Linux. (Windows 98 and Me provide less-restrictive log-on protocols.) Be sure to choose strong passwords (different from the ones you used previously if you just uninstalled a keylogger) for any user accounts on the computer, and keep them to yourself.
More on Firewalls
Last December's column on installing and configuring firewalls generated a flood of reader mail, most of it asking for more details. The most common question I received was, "Should I use both a hardware-based firewall (the kind built into a router's or gateway device's firmware) and a software firewall that runs on my PC?"
The answer, which I didn't come right out and say in the column, is: Yes! The hardware router will do what it does best--masking the IP addresses of the PCs on your local network from the outside world--while the software firewall will provide a service that the hardware firewall can't (easily), blocking rogue applications on your PC from opening outgoing connections to remote servers.