Watching you secrets windows tells.
How do they do it? (Or, how can you do it?)
Software known as "snoopware," allows users to engage in real-lime monitoring of someone's computer usage, including reading their e-mail and providing screen shots of documents they are preparing. Also, your current operating system and Web browser store information about you that can recreate most all of your recent computer activities. (For more on snoopware, see sidebar, Page 24.)
Information about where you went, what you saw and how long you stayed is readily available in several sub-directories on your hard disk, courtesy of Microsoft Windows and Internet Explorer. Want to know where someone has been? Take a look here:
Favorites is another term for bookmarks (the term used in Netscape), and was popularized by Microsoft's Internet Explorer browser. It provides a list of frequently visited sites on the Internet (or network). You can find this information on your PC in C:\WINDOWS\Favorites.
A history feature tracks user commands and retrieved items so that they can be quickly reused or reviewed. Web browsers maintain a list of downloaded pages so that you, and anyone who accesses your computer, can quickly review everything that you have retrieved. This information is located in C:\WINDOWS\History.
TEMPORARY INTERNET FILES
You may have noticed a folder on your hard drive, located inside the Windows folder, named Temporary Internet Files. If you surf the Internet somewhat regularly, you may notice that the Temporary Internet Files folder grows in size. This folder is better known as a "cache."
The cache is a part of your Web browser that helps it load Web sites more rapidly. When you visit a Web site for the first time, your Web browser has to retrieve various files that are required to view that Web site. If there are many files to acquire, or if some of them are large, it takes more time for that site to be displayed in your browser.
If you return to that Web site, your browser will use the files in the cache, rather than downloading them again. It's more efficient because it allows the site to load more quickly.
To protect against snoops, you can delete the contents of the cache safely, without fear of it harming your computer. Web browsers give you the option of cleaning out the cache, but most people never think to empty these "footprints" from their hard disk. Look in C:\WINDOWS\Temporary Internet Files.
Cookies are ASCII text data, created and sent to you by a Web server, and stored on your computer. They provide a way for a Web site to track a user's patterns and preferences and, with the cooperation of the Web browser, to store them on the user's hard disk, usually without your knowledge. Cookies contain a range of URLs for which they are valid. When the browser encounters those URLs again, it sends those specific cookies to the Web server.
You can have your browser disable cookies or warn you before accepting a cookie. Although some sites try to set so many cookies that it can be disruptive to your workflow to approve or deny individual cookies. Cookies also can be deleted regularly from your computer. Look for the cookie options in your browser in the Options or Preferences menu. Cookies are usually located in C:\WINDOWS\Cookies.
My Documents is a desktop folder that provides you with a convenient place to store documents, graphics or other files that you want to access quickly. On your desktop, it is represented by an icon of a folder with a sheet of paper in it.
When you save a file in a program such as Word or Excel, or when you save Web documents from Internet Explorer to your computer, the file or document is automatically saved in My Documents unless you choose a different location. On a single (NT, 2000 or XP) computer, there is a separate My Documents folder for each individual user. It is located in the Documents and Settings\username folder.
My Documents also contains the My Pictures folder, which is the default storage location for your pictures when you save them from your digital camera to your computer. This information is located in C:\My Documents.
Located on the Start menu, the Documents menu is a handy way of opening recently used files (click Start/Documents). If you work with many applications, or browse through a lot of folders, the file you want may not be there, because the menu has a limit of 15 documents. By looking in the Documents menu, you can see what files were open and used recently. You also can open the documents themselves from this menu. While listed as Documents on the Start menu, this information is located in a subdirectory called C:\WINDOWS\Recent.
The Recycle Bin is a system icon located on the Windows desktop. It represents a directory where deleted files are temporarily stored. Accessing this directory enables you to retrieve files that have been deleted. You can configure Windows so that it doesn't use the recycle bin at all, but then you won't be able to retrieve deleted files. By looking in this subdirectory, it is possible to look at and restore files that have been deleted, but not purged from the recycle bin. This information is located in C:\RECYCLED.
Note: Most of the folders mentioned here are found under the WINDOWS directory in Windows 95 and 98--usually c:\WINDOWS. On machines running Windows NT, including Windows 2000 and XP, these folders probably are located under the user's profile or C:\WINNT.
RELATED ARTICLE: Snoopware: Behind the Scenes Computer Monitoring
Snoopware. This software is virtually undetectable, costs under $100 and allows real-time monitoring of computer usage, including reading e-mail and screen shots of documents as they are prepared. For an example of what snoopware can do, take a look at the numerous features of the $100 WinWhatWhere Investigator software. This inexpensive software has the ability to invisibly monitor and record all computer activity including keystrokes.
KEYSTROKES -- Logs every keystroke as it is pressed. It also works out the backspaces, arrows, delete keys and other edits to display an easy to read final output. Investigator records keystrokes and window information in the local language of the monitored computer.
SCREEN CAPTURE -- Provides screen shots of the computer monitor, and can save snapshots or send these to a remote location.
URLs -- It stores hyperlinks to visited Web sites. Clicking on the link returns the monitoring individual to the visited site.
WINDOW CONTENTS -- Retrieves the text content of many types of windows, including incoming e-mail and dialog box contents, and allows you to recover user passwords.
WEBCAM -- Provides images of who was sitting at the computer.
KEY PHRASE ALERTS -- Watches for phrases and words typed or appearing in Windows in real time. When the phrase is detected, the software will immediately send a notification e-mail and can include data from previous days, including previous e-mails.
STEALTH E-MAIL -- Sends the collected data silently and invisibly from the monitored computer. The data arrives as a standard e-mail message with the data contained in an attachment.
FILE ACTIVITY -- Reports on files being moved, renamed, copied and deleted.
HIDE & SEEK -- Randomly renames and moves itself on the installed computer. It cannot be found by searching for a file name.
REMOTE INSTALLATION -- Generates an executable file that will install and start Investigator using pre-set parameters on a remote target machine.
For more information about snoopware, visit www.winwhatwhere.com, www.trisys.com, www.cyber-snoop.com or www.spectorsoft.com.
Excerpted from the from the California CPA Education Foundation Class "A Paranoid Accountant's Guide to Security," by James A. Sanders. Sanders is a principal in jaslin group SAN FRANCISCO, a firm that specializes in technology integration and cyber security. He can be reached at email@example.com.
|Printer friendly Cite/link Email Feedback|
|Author:||Sanders, James A.|
|Date:||May 1, 2002|
|Previous Article:||Financial planning software.|
|Next Article:||TPS time and billing. (Practice Management).|