On 14:35 03/04/05 "Matt Marooney" <matt@dynamicanswers.com> wrote:
Okay, okay, guys...I get all of your points. I'm really glad
I threw this idea out there because you all have given me some really
great reactions. Thank you Bill Humphries for your comments; you
bring up some really good points.
Now, getting back to technical conversation, the most important
requirement for this software is the multi-protocol monitoring. As
some of you have said, this is not going to be able to be done with a
small program.
I don't mind letting the user know he/she is being monitored, and I
do not intend for this utility to be used to spy on someone without
their knowledge. I guess I didn't explain that very well before.
So, with that out of the way, I'd like the program to run in the
background, and be slim enough that it does not noticeably slow down
the user's computer. This is to avoid the person coming to the
recovery group and saying, "I had to uninstall the monitor because it
is slowing down my computer".
Most Important Requirements:
1. Multi-protocol monitoring (HTTP, FTP, Chat, File sharing,
Newsreaders, etc.)
2. Thin application, does not *noticeably* interfere with normal
computer operation
3. Difficult to remove (disregarding all hardware replacements,
obviously, the person could go get a new computer) without a
password Again, thanks for your helpful input. I assure you, I am
not trying to create more problems, and I am just like you guys when
it comes to hatred of spy ware. I've been making a pretty decent
living for years securing people's computers.
-- Matt
Of course, a relatively simple solution would involve giving them a free
internet connection, and a modified ADSL/Cable modem... some of the smarter
appliances might be able to do what you describe. Failing that, get
yourself a simple Linux install. Strip it of all shells and run only those
few programs necessary for connection plus Snort. Now get some ISP to
cooperate and only give *you* the connection passwords, then install the
Linux box as a gateway. Anyone unable to crack the Linux box will not be
able to connect via this particular ISP anymore; if you want to be
reasonably secure, make the box ask for a password-protected decryption key
at boot, and make sure only a select few people have these disks. However,
this is burdensome. A simpler alternative is either pinging them or having
them ping you to ensure they are not taken down for protracted periods.
Note that the above scheme can be defeated easily by a knowledgeable user
unless you use the decryption floppy scheme, and even in that case, it is
pretty easy to get a second connection (or encrypt traffic, or whatever)...
but both require some work, hopefully enough to make them reconsider.
This is more up-front, and possibly more effective, than the spyware you
were originally proposing (yes, it is spyware. Your goals may be considered
noble by some, but it would still be spyware).
Also note that the whole idea may, depending on who you ask, be technically
flawed and morally wrong.
Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
