--- Darren Welch <WELCHDat_private> wrote: > I have been using Winguardian. I have had no > problems with the program. It emails me flawlessly > (I am on a corporate lan, I do not know how this > function works on a dial up, I haven't tested it > yet) In my environment it leaves no record of a sent > email. As far as where it runs, the output log file > resides in the windows/system subdirectory under an > inconspicuous name. The program file is hidden > further in the directory tree. It does not show up > as a running program and the program is accessed > using a keystroke combination that the user sets. I > would recommend not capturing screenshots if you do > not plan on returning to the target system for a > while. The log file does tend to get large with > screenshots and if the drive is small will > definately cause performance issues. The program > will be discovered if the suspect is using a program > such as who's watching me. But for a quick > investigation, the program can be pushed down > through the lan, the output emailed, and the suspect > never knows a thing was changed. (assuming that the > suspect is not a paranoid computer savy individual > who runs hashes against his or her system daily) Thanks for the info. Against advice from this list, my client purchased Spyagent Build 4.02.01 from: http://www.spytech-web.com/spyagent.shtml So far I have this information: Two installation options are possible 1) administrator/tester (all options and help) and 2) stealth (no help and supposedly no start menu) Unfortunately even under stealth install a conspicuous folder `Spytech Spyagent` appears in the start menu. Those shortcuts can be deleted, but the executable (1Srv32) is launched via the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key and the path to the executables is obviously in the value of that key, so the value needs to be modified if the executables are moved to a more discreet location. On the plus side, the .exe does not appear in the task list on my 95 test box. The screenshots are kept in c:\windows\agentss which is almost ok. Default log storage is in c:\windows which I like. The control panel is accessed by ctrl-shift-alt-M and is password protected. To me, probably the best feature was that you can adjust the thread priority so a slower system can use a lower priority to mitigate noticable system impact. One big `gotcha` - after installation the next reboot starts with a splash screen that warns that the program is running in stealth mode and will not be detected by users from then on. Good thing I rebooted a couple of times after installation :) __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 07:23:34 PDT