Paranoid......

[skippybangkok]

getting new laptop, and our IT have been installing the software on it. As anyone, protecting privacy and company files is important. What would you recommend i do to check that IT have not loaded some spyware for some fun ? Not say they would, but better safe than sorry ( caught a PABX technician listing my co phone as record-able ( tape) number once in another company, since then am a little paranoid ).

Thx.

[fvw53]

free software SPYBOT&DESTROY should be very helpful

http://www.safer-networking.org/index2.html

[Crushdepth]

Format the drive and reinstall everything yourself - this is the only way to be confident your work hasn't put stuff on your computer.

[welo]

^ agreed. No other way to be 100% sure.

A (skilled) attacker will load custom malware on your PC, not one that is spread over the internet. Most malware scanners are signature based. That means the scan engine only scans for 'known malware'.

That said, most anti-virus solutions now do implement so-called heuristics and try to detect malicious programs and new variants that have not yet been added to the signature database.

I recommend Avira (free) and NOD32 (free online scanner) for that purpose. With Avira make sure heuristics is set to Maximum, not sure how this works in NOD32. Please note that this will very likely also produce some FALSE POSITIVES. So this is no basis for going to start a war with your IT department.

Malwarebytes' works mostly with signatures AFAIK, so of not much use here. Not sure about Spybot.

Hitman Pro is also worth a try. It has a database of known files that are known to be virus free/unmodified. If a file is not in the database it will mark it as suspicious and upload it to a scan cloud. This way you can scan for modified files on your PC - common applications should not show up as 'suspicous' - of course you cannot rely on the scan result from the scan cloud, and it'll take some experience and knowledge to keep going from there.

Your next problem is root kits. These are malicious programs that install 'deep into the system' and hide themselves even from anti-virus scanners. There are rootkit scanners but due to their nature root-kits are very hard to detect...

Some more basic checks:

* Check entries in Autoruns (use msconfig or Sysinternals Autoruns) for suspicous entries

* Check each task in the Task Manager for suspicious entries

* Check the user manager for other user accounts - if your PC is part of a Windows Domain you are at the Domain Administrators mercy anyway...

* Make sure the Firewall is up and running and check the exception list - you could also do a port scan on your PC

If IT put some serious efforts in hacking your installation the chances that you find the mole are low. But bringing in some security software and checking your general setup for security issues is not a wrong thing in Pirate-Thailand.

welo

[filingaccount]

If you can't trust them, then you shouldn't have them install/upgrade/etc anything.

Anyhow, since the "damage" has been done, download and install the following programs

1. Spybot S&D (www.safer-networking.org)

2. Malwarebytes Antimalware (www.malwarebytes.org/mbam.php)

3. Spywareblaster (www.javacoolsoftware.com/spywareblaster.html)

4. Run an online antivirus scanner, eg. http://housecall.trendmicro.com and/or www.pandasecurity.com/activescan/

This should be enough alleviate your fears.

[NanLaew]

LOL. All the spyware and malware catchers listed here won't 'catch' any LEGITIMATE programs that your employers IT man may have installed. They have the Admin rights and if they needed, can access the laptop remotely if and whenever THEY want. The laptop is their property, not the OP's so better not be cluttering up the hard drive with your personal stuff and DO NOT load or use any messaging or chat services. Finally, don't access social networking websites on their laptop either. Save that for your own machine and time.

Here endeth the First Lesson.

[skippybangkok]

LOL. All the spyware and malware catchers listed here won't 'catch' any LEGITIMATE programs that your employers IT man may have installed. They have the Admin rights and if they needed, can access the laptop remotely if and whenever THEY want. The laptop is their property, not the OP's so better not be cluttering up the hard drive with your personal stuff and DO NOT load or use any messaging or chat services. Finally, don't access social networking websites on their laptop either. Save that for your own machine and time.

Here endeth the First Lesson.

Thanks for all the inputs...........

There is trust, but have seen to much in my life to blindly go with the flow. In terms of them / company spying on me, not the concern as there is no policy and i think we have better things to do. My concern is i have alot of company data which in no way should fall into the hands of a junior IT guy - you never know what might happen ( i.e. sell to competitors ). Small chance, but one i am not willing to take.

Thanks - will give this a start.

[Crushdepth]

Don't assume people have better things to do. It's quite common for employers to access the email/computers of staff without their knowledge, or after they've left. IMHO selling (or just leaking) confidential company info is rampant in Thailand. Information security is pathetic.

[welo]

I'm no expert in the field of IT security, but as a software engineer I do have good knowledge of IT stuff in general. Maybe I'm comparable to one of the guys in IT.

So what would I do to get my hands on some sensitive documents...

As part of the IT department it is usually easy to access file shares on the network and get whatever documents you need from there. Nothing you can do about it. Of course this depends on how access privileges are implemented and who gets access to the Domain Administrator password.

If I'd like to get access to your PC I'd start with more conventional methods than installing malware on your PC. Again, knowing the Domain Administrator password will make things easy, since I can open the root drive on your PC as a file share (when connected to the company LAN) without an ordinary user being able to notice.

I could also setup a second Administrator account on your PC - maybe this is even company standard - which allows me to do the same. As the person who installs software and maintains your PC I'd definitely have Administrator privileges on your Laptop.

There is no need to install anything on your PC yet - nothing that might arouse suspicion and bring me troubles...

welo

[elcent]

getting new laptop, and our IT have been installing the software on it. As anyone, protecting privacy and company files is important. What would you recommend i do to check that IT have not loaded some spyware for some fun ? Not say they would, but better safe than sorry ( caught a PABX technician listing my co phone as record-able ( tape) number once in another company, since then am a little paranoid ).

Thx.

PABX conversation and traffic is recorded for up to 6 month. There's is no law to protect you. Every phone call is stored together with your conversation. PABX comes from 'NICE' (England) and another brand from Israel.

You can only use encoding and decoding to be safe, which need an extra effort, but it maybe worth while. Embassies and bigger companies using encoding for years already.

[Sunbelt Asia]

I'm with NanLaew on this: It's their machine. They can do what they want with it. You should not have personal programs or information on it.

As for leaking intellectual property to a "junior IT guy," they -- as said -- would not need any malware. They have proper access to anything on your machine.

If you are genuinely concerned about snooping, then encrypt the documents you think are too sensitive and/or password protect the directory (folder) they are in. Both are possible under Windows 7/Vista and to an extent, Windows XP with an NTFS-formatted hard drive.

[skippybangkok]

I'm with NanLaew on this: It's their machine. They can do what they want with it. You should not have personal programs or information on it.

As for leaking intellectual property to a "junior IT guy," they -- as said -- would not need any malware. They have proper access to anything on your machine.

If you are genuinely concerned about snooping, then encrypt the documents you think are too sensitive and/or password protect the directory (folder) they are in. Both are possible under Windows 7/Vista and to an extent, Windows XP with an NTFS-formatted hard drive.

www.sunbeltasia.com

26th Floor Fortune Town BR, 1 Ratchadapisek Rd, 10400 Bangkok

Tel: 02-642-0213 Fax: 02-641-1995

Follow us on:

Drive Encryption might be a start.

In terms of "they can do what they want"..... it depends from what angle you are looking at. If you are a front line staff, i.e. procesing orders, recieving payments - yes i would agree. In my case, management (which i am a part of) know what i am up to anyway ( through regular discussions ) and trust me, they have absolutely no interest nor the time to express interest in my hard disk ( unless in the very unlikely event i turn criminal ). ITS NOT A BIG BROTHER ISSUE.

The only one with interest are ops levels..... 1) staff love to know what your upto ( i.e. gossip of the day is where the boss was spotted and with who ) 2) Yes, there is commercial important (to me) info which might be of interest ( maybe not ) . I have so much, would be hard to weed out the jewels but could be of interest.

If IT wants to update anything, can visit my office and update. It would be totally un-accpetable for IT staff to access the laptop secretly via LAN, and they would be in deep poop if it were discovered.

[skippybangkok]

For example - under computer management - sharing it says

Admin$

c$

d$

IPC$

XP fourm advises registry hack

Hive: HKEY_LOCAL_MACHINE

Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Name: AutoShareServer for servers

Name: AutoShareWks for workstations

Type: REG_DWORD

Value: 0

[schmutzie]

For example - under computer management - sharing it says

Admin$

c$

d$

IPC$

XP fourm advises registry hack

Hive: HKEY_LOCAL_MACHINE

Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Name: AutoShareServer for servers

Name: AutoShareWks for workstations

Type: REG_DWORD

Value: 0

What's that supposed to say?

I'm with the guy who said this is company property - they can do what they want and should, as it's their job. Keep/do your personal stuff on another machine. Or accept they can view/access it (not that they'd care much).

Give the IT guys a bit of respect. Why should they not care as much about doing a good job as you do.

If need be, call/email the head of IT and present your concerns to him. He'll be over the moon.

[welo]

On the matter of responsibility and ownership

I think OP has a valid reason to be interested in providing extra security to protect his and his company's assets. In an ideal world one can trust every employee in the company, but in real world many (cyber) 'attacks' (espionage, ..) are executed by persons within the company.

I don't agree with the 'this is the company's property'-argument in this case. Would anybody object if OP locked up sensitive printed documents in a drawer in his office with nobody but him have a key. Would you expect the janitor to have a key for this drawer?

Again, OP already stated that this is not about 'Big-Brother'-worries or using the company PC for private stuff - it is about securing company information from non-authorized employees.

I agree that it should actually be the company and the IT department to suggest tighter security for computers run by management personnel. Maybe OP has his reasons why he doesn't address the issue with the head of IT. This doesn't necessarily imply a lack of trust, maybe a lack of confidence that IT would see his request as anything other than bringing 'problems' to them.

If OP needs to hand in the PC for maintenance it is his right (and duty?) to remove/protect sensitive content beforehand. If you bring your company car in for repair don't you remove your briefcase beforehand?

On the matter of technical questions and specific actions

Disabling the so-called admin shares on his PCs might interfere with some administrative tasks by the IT department. Maybe OP should seek consent from his boss or head of IT.

There are alternatives that should allow remote administration while still preventing remote access to the data on the PC.

Setting file permissions on a specific folder is rather weak since ownership can always be changed with administrator privileges and permissions be changed, but it is definitely a start.

Maybe discussion should now focus on more specific instructions. However, I see a certain risk in the OP changing permissions and registry entries - without enough experience/knowledge this might render the PC unstable, unusable, or inaccessible.

As a start I want to quote wikipedia and some actions suggested there:

WARNING: I don't recommend the OP following those instructions (yet), as, again, some actions (executed wrongly) might render the PC unstable, unusable, or inaccessible.

Preventing access

Disabling the Administrative shares mitigates many known security risks. For example, viruses such as Conficker Worm performs dictionary attacks on Administrative shares.

Alternative approaches to prevent remote browsing of the disk contents include:

* Remove "Administrators" from the Security tab of the drive in question. This will prevent any external local admin from accessing the drive yet still allow the local admin access

* disable File and Printer Sharing (or unbind the NetBT protocol)

* Stop and/or disable the Workstation service

* set IPSec block rules that prevent inbound connections on 445/tcp and 445/udp

* remove membership in the Administrators group for those users/groups you wish to block

* encrypt the files that must remain confidential using a file-based encryption technology (such as EFS or RMS) that requires access to per-user decryption keys to gain access to plaintext contents of the files

source:http://en.wikipedia.org/wiki/Administrative_share

welo

[skippybangkok]

For example - under computer management - sharing it says

Admin$

c$

d$

IPC$

XP fourm advises registry hack

Hive: HKEY_LOCAL_MACHINE

Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Name: AutoShareServer for servers

Name: AutoShareWks for workstations

Type: REG_DWORD

Value: 0

What's that supposed to say?

I'm with the guy who said this is company property - they can do what they want and should, as it's their job. Keep/do your personal stuff on another machine. Or accept they can view/access it (not that they'd care much).

Give the IT guys a bit of respect. Why should they not care as much about doing a good job as you do.

If need be, call/email the head of IT and present your concerns to him. He'll be over the moon.

So its the right a privilege of i.e. a 6months IT graduate to go snooping through the files of the company ?? So should have access to all the mails, documents, contracts, salary information, marketing information of the CEO, next level down through to everyone in the company.

If you are absolutely sure what your saying is correct, then god help any company you work for.

As the other guy said, lets give the keys to the safe so the Janitor can clean it too

[konfuzed]

If it was me, what i'd do is go and get one of the internet security packages that monitors outbound communications as well as inbound communications, and have that running.

I quite like Kaspersky Internet Security for that one. Then at least you should get a warning come up that something is trying to access the internet.

That is, providing you can install stuff on the laptop, i know most companies lock down their IT something cruel to stop people from installing stuff and getting it infected, and its easier when they just have to copy an image over...

Cheers,

Konfuzed

[seanocasey]

this may help

A passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter.

here here

Edited May 9, 2010 by seanocasey

[schmutzie]

For example - under computer management - sharing it says

Admin$

c$

d$

IPC$

XP fourm advises registry hack

Hive: HKEY_LOCAL_MACHINE

Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Name: AutoShareServer for servers

Name: AutoShareWks for workstations

Type: REG_DWORD

Value: 0

What's that supposed to say?

I'm with the guy who said this is company property - they can do what they want and should, as it's their job. Keep/do your personal stuff on another machine. Or accept they can view/access it (not that they'd care much).

Give the IT guys a bit of respect. Why should they not care as much about doing a good job as you do.

If need be, call/email the head of IT and present your concerns to him. He'll be over the moon.

So its the right a privilege of i.e. a 6months IT graduate to go snooping through the files of the company ?? So should have access to all the mails, documents, contracts, salary information, marketing information of the CEO, next level down through to everyone in the company.

If you are absolutely sure what your saying is correct, then god help any company you work for.

As the other guy said, lets give the keys to the safe so the Janitor can clean it too

Here's what I think:

Yes, I do think a 6 month IT graduate could be qualified to look at your machine for the purpose of doing his job, eg. maintenance, installing software, upgrades, backups etc.

I don't think someone being with the company 20 years or 6 months makes them more or less of a liability.

Nor their age or experience. Actually, a 6 month IT graduate is probably just super excited and keen to do a good job as opposed to being stuck in the same position with no pay rises for the last 10 years (and snotty staff trying to lecture you about how to do your job).

I now propose that you contact your HR department and discuss your new paranoia that someone in the IT department might be having access to company details that they should not have and that this serves as an impediment to your ability to perform your professional duty.

But I believe you might actually be the HR department. You sound like one.

If your company data are so sensitive and important, presumably these are backed up. In case they are lost or accidentally deleted, then these files

are accessible. Do you know how and where they are backed up? Who has access?

As for the janitor analogy you have now latched onto: I don't know if the janitor should have the key, but I certainly don't think you should have the only key. You could loose it or break it or whatever. So you need to work out how many keys and who has them. And where they are kept. Get it?

But your OP wasn't even about that. It was about your worry that the janitor has a secret door to your office that only he knows about.

If what you say is true, you're implying that you're effectively carrying around the entire core business on your lappie. In that case, God help the company you work for if you feel compelled enough to come to a public web forum and ask for IT advice in order to address your concerns rather than take it up with the relative people in your organisation.

Overall, you come across as someone who thinks they're able to do someone else's job better. As well as having a fairly negative view of your colleagues. I find that...well, annoying.

I'll say it again: Get off ThaiVisa and talk to your head of IT (and if that's a 6 month grad then talk to him!).

Now reboot.

Edited May 9, 2010 by schmutzie

[NanLaew]

So its the right a privilege of i.e. a 6months IT graduate to go snooping through the files of the company ?? So should have access to all the mails, documents, contracts, salary information, marketing information of the CEO, next level down through to everyone in the company.

If you are absolutely sure what your saying is correct, then god help any company you work for.

As the other guy said, lets give the keys to the safe so the Janitor can clean it too

I apologise for misinterpreting your concerns; it's not your stuff you are worried about, it's your employers.

Why the concern for your employers critical data? Fair enough you are responsible for the laptop out of the office and we are familiar with news stories about all sorts of people getting their hands on sensitive stuff, be it through theft of a laptop, loss of a USB dongle or a DVD lost in the post. If your employer hasn't anything written down as to the limits of your responsibility, I would suggest either data encryption or having all the work-related 'sensitive' stuff on a separate encrypted external hard drive that you can safely lock up in the office. This latter option works if you are not in the habit taking any work home with you... thereby why take the company laptop home at all?

Now if the employer has no written policy regarding proprietary data and it's access by their own IT staff or if they farm out their IT work to a third party, I don't see where you should be doing that basic security for them and somehow feeling responsible for providing it. Don't get me wrong, your concerns are valid and indicates that you are an honest sort and looking after your employers best interests and your job. However, they have to provide the basic assurances and insurances that their own data is protected from third parties who may legally have access to the data, not you.

[schmutzie]

So its the right a privilege of i.e. a 6months IT graduate to go snooping through the files of the company ?? So should have access to all the mails, documents, contracts, salary information, marketing information of the CEO, next level down through to everyone in the company.

If you are absolutely sure what your saying is correct, then god help any company you work for.

As the other guy said, lets give the keys to the safe so the Janitor can clean it too

I apologise for misinterpreting your concerns; it's not your stuff you are worried about, it's your employers.

Why the concern for your employers critical data? Fair enough you are responsible for the laptop out of the office and we are familiar with news stories about all sorts of people getting their hands on sensitive stuff, be it through theft of a laptop, loss of a USB dongle or a DVD lost in the post. If your employer hasn't anything written down as to the limits of your responsibility, I would suggest either data encryption or having all the work-related 'sensitive' stuff on a separate encrypted external hard drive that you can safely lock up in the office. This latter option works if you are not in the habit taking any work home with you... thereby why take the company laptop home at all?

Now if the employer has no written policy regarding proprietary data and it's access by their own IT staff or if they farm out their IT work to a third party, I don't see where you should be doing that basic security for them and somehow feeling responsible for providing it. Don't get me wrong, your concerns are valid and indicates that you are an honest sort and looking after your employers best interests and your job. However, they have to provide the basic assurances and insurances that their own data is protected from third parties who may legally have access to the data, not you.

I think the OP is offering his "concern" as a smoke screen to be honest. I'm feeling a bit paranoid about his posts...

I should probably head for the door now.

[Gary A]

It's pretty simple. It is apparently a company owned computer. They can put anything on it they choose. Use your own computer for personal business and their computer for company business.

[NanLaew]

^ No Gary, that was my first assumption and first response.

The OP is concerned about his employers critical data falling into the wrong hands while he is in possession of the company laptop. He doesn't care about personal stuff that may be on it.

[skippybangkok]

^ No Gary, that was my first assumption and first response.

The OP is concerned about his employers critical data falling into the wrong hands while he is in possession of the company laptop. He doesn't care about personal stuff that may be on it.

Yup!

Seems some TV-er's react without reading and/ or thinking - shoot from the hip. It seems that in their companies IT has unlimited access to salary records, treasury records ( plus payment pass codes ) , contracts which under negotiation etc etc............... and the reason they have this unlimited access is because they have a need to know every piece of confidential info in the company.

Schmutzie - don't let the door hit ur butt on the way out ! Sheeesh !

Garry, Sorry to say you are not reading either and firing off random comments.

Edited May 10, 2010 by skippybangkok

[robblok]

I think the OP is paranoid (just as he states) and it does not seem to be his problem as the company is responsible for the IT department. As the head of the company is a few steps higher as our OP and he has decided that he trusts the IT department to do their job (why else have an IT department).

So in a way the OP is questioning the decisions of his boss and going against those decisions. Not a smart thing to do in Thailand.

Points are you are not responsible you might even go against the wishes of your employer. Who knows he has instructed the IT company to put in some stuff to check you. How do you know your boss did not instruct them to put that stuff on it (if it is even there)

If you were an IT expert yourself i might have agreed but now as an absolute noob your trying to find out about things you don't even know about. Can you imagine what damage you can do. I think your an higher risk to the safety of that laptop then the IT person.

Sure there is always a risk that an IT person is doing bad things but that goes for you too. Do they have to believe you on your blue eyes ? Fact.. your not responsible for the IT department your boss is and he trusts them. So basically you dont trust your boss his judgment.

[Crushdepth]

You can respect your boss without having to believe every decision they make is a good one. Real world IT in Thailand is *scary*. I think the best way to sum it up is to go outside and look at the birds nest tangle of power lines and phone cables on your street. It's like that.

If noone will mind, another option to think about is buying your own machine. You can get something better and set it up for your convenience - maybe add a VPN through to your home computer and get your own much better and more private email system (eg. Google Apps).

I suppose it depends what kind of company you work for and who is likely to be interested in your data.

[Richard-BKK]

If you want to be 100% sure nobody from your office can access your data buy a USB Flash drive with U3 operating system, you can boot from this USB flash drive and have a complete secure OS without anybody accessing it. http://en.wikipedia.org/wiki/U3

[robblok]

You can respect your boss without having to believe every decision they make is a good one. Real world IT in Thailand is *scary*. I think the best way to sum it up is to go outside and look at the birds nest tangle of power lines and phone cables on your street. It's like that.

If noone will mind, another option to think about is buying your own machine. You can get something better and set it up for your convenience - maybe add a VPN through to your home computer and get your own much better and more private email system (eg. Google Apps).

I suppose it depends what kind of company you work for and who is likely to be interested in your data.

Sure you can but the guy is just overly paranoid and its not his responsibility but his boss his. If you want to mess around with a laptop just buy your own. Then set it up the way you like it and your done.

[skippybangkok]

I think the OP is paranoid (just as he states) and it does not seem to be his problem as the company is responsible for the IT department. As the head of the company is a few steps higher as our OP and he has decided that he trusts the IT department to do their job (why else have an IT department).

So in a way the OP is questioning the decisions of his boss and going against those decisions. Not a smart thing to do in Thailand.

Points are you are not responsible you might even go against the wishes of your employer. Who knows he has instructed the IT company to put in some stuff to check you. How do you know your boss did not instruct them to put that stuff on it (if it is even there)

If you were an IT expert yourself i might have agreed but now as an absolute noob your trying to find out about things you don't even know about. Can you imagine what damage you can do. I think your an higher risk to the safety of that laptop then the IT person.

Sure there is always a risk that an IT person is doing bad things but that goes for you too. Do they have to believe you on your blue eyes ? Fact.. your not responsible for the IT department your boss is and he trusts them. So basically you dont trust your boss his judgment.

Errr...nice write up, but maybe read the posts before replying......................... Your stuck in Big Bro story.......and we have concluded that is not the issue already in previous posts........

...... in fact......... maybe time to shut down the tread, have lots of good advice from people who have read and understand the thread.

[robblok]

Errr...nice write up, but maybe read the posts before replying......................... Your stuck in Big Bro story.......and we have concluded that is not the issue already in previous posts........

...... in fact......... maybe time to shut down the tread, have lots of good advice from people who have read and understand the thread.

Thing is you asked if your paranoid.. i said yes. If you don't trust others to do their work good you can get replies like this. I just don't get it how someone like you who is obvious computer illiterate doesn't trust the IT department to do a good job. I just feel that you look down on others then you get replies like this.

But just get an usb drive or an external hard disk and encrypt it. Then its your stuff and you can do with it what you want. There are many encryption programs out there.

Edited May 12, 2010 by robblok