• @PeachMan
    link
    English
    2211 months ago

    If it’s a work laptop, treat it like it has tracking software on it. Don’t use your work computer for personal stuff that you don’t want your employer to see. Period.

    • Eames
      link
      fedilink
      English
      811 months ago

      Well, thx. But this was not my question.

      • akim
        link
        fedilink
        English
        411 months ago

        As there are dozens of different ways to track different stuff, this can’t be answered easily. Try to open the task manager and examine the processes is a start.

        But that’s only for tracking software. You could also examine the data you create Server-Side and just assume stuff. Like: you are away in teams and you haven’t touched files in Sharepoint for 60mins, so we assume you don’t work right now.

      • @OmnipotentEntity@beehaw.org
        link
        fedilink
        English
        3
        edit-2
        11 months ago

        Disclaimer, I have not studied the software in question and there are many ways to implement it, so this isn’t a way to say a computer is clean, just a way to detect if it’s infected.

        Typically, keylogging programs like these are installed as device driver filters. Open devmgmt.msc, locate your keyboard and right click -> properties -> details tab -> property drop down -> upper filters and lower filters.

        These should be empty normally. If there are entries present then you have some program that is hooking into your keyboard driver and accessing your keystrokes.

        Similarly, there should be a filter on your mouse if it is being listened to.

        If you are especially paranoid, you can jot down the GUID of the keyboard and mouse driver (it looks like a long hex number with dashes surrounded by {}s), then shut down the computer and boot to a rescue disk, open up regedit, mount the registry hive for SYSTEM it’s located in \windows\system32\config\system, (let’s say you mount it to SYSTEM.remote), then navigate to SYSTEM.remote\CurrentControlSet\Control\Class\

        Then you scroll through this key’s values and look for UpperFilters and LowerFilters.

        The reason why you do it this way is to avoid a rootkit situation, where a driver also hooks into requests to the OS for certain information, and uses that to hide its presence.

      • @PeachMan
        link
        English
        211 months ago

        Yes, but my point is that you’re asking a flawed question. It’s possible for us to give you a bunch of different services or processes to look for, but it’s trivial for these companies to just make a new service or process with a different name that’s harder to find. You’re trying to play a cat and mouse game that you’re not going to win.

        I work in IT. Most of our clients’ computers are managed by an MDM, which means that we can push ANY package or software to the computer at ANY time, without notifying the user. Most of our clients don’t bother with tracking software, but some do. And make no mistake, tracking software is basically legal spyware.

        So, my point is this: it doesn’t matter whether or not you have evidence of tracking software on your computer. Just assume that it’s there, and don’t use your computer for anything you don’t want your employer to see. That is the safest route.