Who's Watching the Watchers?

Recently I posted a thread about monitoring computers in your home. As in your kids computers. Having done so I recieved a fair bit of helpful advice. I have had monitoring software on my computer for a while now. And just to be clear here, everyone who logs on to any computer that is on our home net recieves a pop-up that tells them they are being monitored. No one seems to have a probelm with it( including my teenage daughter) suprizingly enough.

The software I am using is Spector Pro. Great program for anyone who is looking for something of it's nature. Which brings me to the title of this thread. I had recommended this program to a friend. He purchased the program outright (no trial offered), had a bit of a time installing it on his machine. Finally got it up and running. Was thinking about running in on one of his office machines as well, but was a bit skeptical about forking out another $99.00 only to have it not work. So he installs his copy from home to see if it would work. It did. The next morning he gets an email from SpectorSoft telling him he had 24 hrs to contact them about registering the second copy of the software. And if he did not contact them they would render all of their software inoperative. Still no problem, he going to buy another copy anyhow. But what freaked him and myself out was the fact that they were able to get past his router firewall,software firewalls, AV program, and numorus anti spyware and anti trojan software and see stuff on his machines.

So, once again we should ask who is watching the watchers? How secure are our machines?

well they antivirus/trojan stuff probably wouldn't have mattered. But I would think theoretically what he could do is in his software firewall would be to block all access to the net for the software, he should check what setting he had on for it because if it allowed outgoing packets well there is your answer there. Also the router would let the sending packets go because it would be considered "solicited". Furthermore the software if they have his e-mail probably asked him to regester some sort of CD key and thats probably how they identified him.

Monitoring software by its very nature is Trojan like in fact many retail products are based widely available trojans and keyloggers, considering that most monitoring software offer the ability to report over lan or email would make me believe that it also has the ability to connect to other sources.
I would also suggest that if people took interest in the security rather than throwing yet another application at the problem then many of the issues which appear to exist could be reduced.. Its exceptionaly feasible and not to hard to see what connection each application makes and to what IP addresses... Its also easy enough to block the external IP addresses or ports accessed by this application at the router or firewall, thus resolving who get sent information.

From my perspective your friend appears to have little interest in attempting to understand his security issues .... if his security mattered that much he never would have installed a ligitimate trojan on his system because thats what hes done.

A great deal of security sites have in the past reviewed this type of software and many can be exploited or increase the possibility of trojan infection due to requiring more relaxed security....

Knowledge protects a system more than software

Your friend also took little interest in understanding the application he purchased, the option list offers a remote install .. The terms and conditions are a little vauge as well or worded well

Optional Remote Install
If it is not feasible for you to physically go to the PC on which you wish to install eBlaster, SpectorSoft offers a Remote Install Add-On, perfect for parents with children away at school or employers with remote offices.

Click to expand...

The Company Policy also makes for interesting reading :-

INDEMNITY. You shall indemnify, defend, and hold harmless SpectorSoft and its content providers and their respective shareholders, affiliates, employees, agents, successors, officers, and assigns, from any suits, losses, claims, demands, liabilities, costs and expenses (including attorney and accounting fees) that they may sustain or incur arising from (i) Your use of the software available at or downloaded from this site

Click to expand...

Ohh so you can't hold the company or their parents or friends, anyone they know responsible for much

SpectorSoft reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the services offered under this site (or any part thereof) with or without notice.

Click to expand...

Does this mean they can change the software or service offered as part of the site without informing the user... I think so

MONITORING. You acknowledge that SpectorSoft or its designees reserves the right to, and may from time to time, monitor any and all activity or information transmitted or received through this site

Click to expand...

The question is does the software transmit to the site, does it recieve updates from the site, and does this give them the legal right to monitor or read this information... I find the wording a little strange as if it does not appear to be a browser specific statement. I would also like to know who are its designees

http://www.spectorsoft.com/terms.html

Sounds like the Lawyers are watching the watchers, but who's reading the EULA, The Privacy Policy, Terms etc ???

But what freaked him and myself out was the fact that they were able to get past his router firewall,software firewalls, AV program, and numorus anti spyware and anti trojan software and see stuff on his machines.

Click to expand...

Of course it did, because it's not meant to be captured by any of those devices or programs.

If you are inside a firewall, unless that firewall has been set to specifically block traffic originating from inside your network heading to the outside world, then the firewall will simply pass the traffic through. Generally, a basic firewall has a rule by default that allows all traffic originating internally to go wherever it wants. You have to program the firewall to block specific ports in order to stop programs from communicating to the outside world.

For example, say that ICQ uses port 6980 to log in to the ICQ network (I don't remember exactly what port it uses). If you don't want to allow people to use ICQ at work, you have to go into the firewall and shut that port down on the inside interface for them to not be able to communicate with the ICQ servers.

I can be a big security risk to not have specific firewall rules for the internal network. Say somebody downloads a trojan and installs it, if that trojan tries to contact somebody outside the firewall, the firewall will allow it because it's traffic coming from the internal network unless the ports are specifically shut down internally.

Anyway, the point is, plugging a firewall into your network does not secure you from threats that are created internally. There is more configuration that needs to be done. Of course, shutting down all ports internally would likely restrict some important things, such as antivirus definitions being downloaded and whatnot.

Antivirus software only finds viruses that are included in the virus definitions it has. Spector won't be listed as a virus, so the software won't do anything about it.

Absolutly we are responsible for our own security. I know from my own experience in using a Linksys Wireless Router, that the software that comes with it allows you to set up IP blocks and resrictions and use times. But I have yet to this day been able to get them to work. So as far as using a schedule to restrict my kids times they are on the web ie; the wee hours in the morning, I have had to resort to shutting off the cable modem. Whisch I don't like doing because that halts my Folding.
Any suggestion as to a scheduling program would be great.
And short of removing Spector, how would I find and block thier spyware? None of my Anti Spyware programs have found anything. I was not of thier placement of such programs on my computer until my friend told me it happened to him.

This is of some interest in blocking communication with Spector:

Network Intrusion Detection Systems
These systems could simply be on the lookout for connectivity from their client machines to TCP port 16771. Additionally, they could be on the lookout for DNS queries for the zone U2A1376GF-43TY-245B.COM.
Application-Layer Firewalls
Because these systems will not be able to pass traffic for protocols they do not understand, application-layer firewalls will prevent Spector Pro from operating correctly. (We have not investigated whether Spector Pro can work with firewalls, which it could do by encapsulating the data in HTTP requests. If it does, however, such firewalls could be configured to look for connections to the obfuscated hostname.)

Click to expand...

If you close down TCP port 16771 in your Linksys router, that will (if this information is accurate) remove the ability from Spector Pro to talk to their remote network. It's entirely possible that it has a list of ports it can try, or it could even pick a random port if it find it is unable to communicate, so if you are really paranoid, you could block a range of ports, anywhere from 1025 to 65536 (I think). That would also disable other programs that communicate in the upper range of IP ports such as IM programs and online games.

If it were me, I don't think I'd be to worried about it, but YMMV.

Again, the reason your antivirus and antispyware programs don't squawk about their software is because it is not regarded as spyware by the industry.

Alternatively you could use an application such as Net Peeker to discover what ports the Spector Pro application is using and block those

http://www.net-peeker.com/