comments inline.
With written permssion, install BackOriface on that person's sysem. Let
them work as usual for a while. Then show him what is captured.
I already tried going this route with them and the response was that of
course it will capture everything because I have full permissions on the
network. They don't believe that spyware can silently install a
keylogger and have permission to capture encrypted data. Trying to
explain how they work hasn't helped but they made it very clear that if
I can show an actual real world example they will believe it.
The logic is severely flawed but it is a small business that requires
all users be allowed to install all the personal software they want. It
recently came up when someone installed a program full of spyware on
their computer and the system started running slow. Upon inspection I
found a lot of this stuff and a keylogger installed but it hadn't
captured any data yet.
To complicate matters it is a company that deals with a lot of personal
financial information. To be honest, I will never send any transactions
through this company because of the restrictions they put on me when it
comes to implementing security. It seems like they would rather have
their employees playing games than protecting the heart of their business.
--Blaine
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
