Sometimes it is important to know what is happening to the computer in your absence. Who does what on it, what sites and programs it includes. Special spy programs can report all this.

Spying on someone is, to say the least, not good. Or even criminally punishable (violation of the right to confidentiality and all that)... However, sometimes it won’t hurt to know, for example, what your child is doing at the computer in your absence or what the employees of your organization are doing when there are no bosses. Or maybe they are watching you?!!

Computer and mobile devices have long been exposed to dangers from all sorts of viruses. However, there is a class of software that, without being malicious, can perform the same functions as, for example, Trojans - keep a log of application launches on the system, record all keystrokes on the keyboard, periodically take screenshots, and then send all the collected information to the one who installed and configured surveillance of the user.

As you understand, today we will talk specifically about spyware, their work and detection methods.

Differences from viruses

In the field of antivirus solutions, the class of spyware is known as “spyware” (from the English “spy” - “spy” and abbreviated “software” - “ software"). In principle, some of the applications that will be discussed below are perceived by antiviruses as malicious, but in fact they are not.

What is the difference between real spyware and computer tracking programs? The main difference here is in the scope and method of operation. Spyware viruses are installed on the system without the user's knowledge and can serve as a source of additional threats (data theft and corruption, for example).

Spyware programs for monitoring a computer are installed by the user himself in order to find out what another user is doing on the PC. At the same time, the user himself may be aware that they are being monitored (for example, this is done in some institutions to record the working time of employees).

However, in terms of operating principles, spyware is essentially no different from any Trojans, keyloggers or backdoors... So, we can consider them some kind of “defector viruses” that have switched to the “light side” and are used not so much for stealing information from a PC to control its operation.

By the way, in the West the practice of introducing tracking software on users’ computers corporate networks and on home PCs is quite common. There is even a separate name for this kind of program - “tracking software”, which allows, at least nominally, to separate them from malicious spyware.

Keyloggers

The most common and, to a certain extent, dangerous type of spyware are keyloggers (from the English “key” - “button” and “logger” - “recorder”). Moreover, these programs can be either independent viruses that are introduced into the system, or specially installed tracking utilities. There is essentially no difference between them.

Keyloggers are designed to record the presses of all buttons on the keyboard (sometimes also the mouse) and save the data to a file. Depending on the operating principle of each specific keylogger, the file may simply be stored on a local hard drive or periodically sent to the person conducting surveillance.

Thus, without suspecting anything, we can “give away” all our passwords to third parties who can use them for any purpose. For example, an attacker could hack our account, change access passwords and/or resell them to someone...

Fortunately, most keyloggers are quickly detected by most antiviruses, since they are suspiciously intercepting data. However, if the keylogger was installed by an administrator, it will most likely be included in the exceptions and will not be detected...

A striking example of a free keylogger is SC-KeyLog:

This keylogger, unfortunately, is detected by the antivirus at the download stage. So, if you decide to install it, temporarily disable the protection until you add the necessary files to the “white list”:

• program executable file (default: C:\Program Files\Soft-Central\SC-KeyLog\SC-KeyLog2.exe);
• executable file of the tracking module, which will be created by you in the specified folder;
• library (DLL file) for hidden data processing, the name of which you also set at the settings stage and which is stored by default in the C:\Windows\System32\ folder.

After installation you will be taken to the setup wizard. Here you can specify the email address to which data files should be sent, the name and location of saving the executable keystroke interception modules mentioned above, as well as the password required to open logs.

When all the settings are made and the keylogger files are included in the list of trusted antivirus programs, everything is ready to work. Here is an example of what you can see in the log file:

As you can see, SC-KeyLog displays the titles of all windows with which the user works, mouse button presses and, in fact, the keyboard (including service keys). It is worth noting that the program cannot determine the layout and displays all texts in English letters, which still need to be converted into a readable Russian-language form (for example,).

However, keylogger functions can be hidden even in popular non-specialized software. A striking example of this is the program for changing the text layout Punto Switcher:

One of additional functions This program is “Diary”, which is activated manually and, in fact, is a real keylogger that intercepts and remembers all data entered from the keyboard. In this case, the text is saved in the desired layout and the only thing missing is intercepting mouse events and pressing special keyboard keys.

The advantage of Punto Switcher as a keylogger is that it is not detected by antivirus software and is installed on many computers. Accordingly, if necessary, you can activate tracking without installing any software or additional tricks!

Complex spies

A keylogger is good if you only need to know what the user enters from the keyboard and what programs he launches. However, this data may not be enough. Therefore, more complex software systems were created for comprehensive espionage. Such spy complexes may include:

• keylogger;
• clipboard interceptor;
• screen spy (takes screenshots at specified intervals);
• program launch and activity recorder;
• sound and video recording system (if there is a microphone or webcam).

So that you can better imagine how such programs work, let's look at a couple free solutions of this direction. And the first of them will be a free Russian-language surveillance system called (attention, antiviruses and browsers can block access to the site!):

The program features include:

• intercepting keyboard keystrokes;
• taking screenshots (too frequent by default);
• monitoring running programs and their activity time;
• Monitoring PC activity and user account.

Alas, this complex for tracking a PC is also detected by antiviruses, so to download and install it you must first disable the protection. During installation, we will need to set a key combination to call the program interface, as well as a password for accessing the collected data. After the installation is complete, add the entire folder with the spyware to the antivirus “white list” (by default C:\Documents and Settings\All Users\ Application Data\Softex) and you can activate the protection back.

Softex Expert Home will launch in background and will not create any shortcuts or active icons anywhere. It will be possible to detect its operation only by pressing the hotkey combination you have specified. In the window that appears, enter the access password, first of all go to the “Settings” section on the “Screenshots” tab and increase the minimum interval between shots, as well as the timer interval (by default, 2 and 10 seconds, respectively).

Such a spy is quite enough to monitor your home computer. In addition to the features already mentioned above, Expert Home has a function for remote viewing of statistics, which allows you to view logs via the Internet. To activate it, just click the button to connect to the server in the “Internet monitoring” section, and then wait for the computer ID and access password to be issued, which you will need to enter on the developers’ website:

It is worth clarifying that in the free mode, statistics are stored on the server for only one day. If you want to access a longer period, you will have to pay from 250 (7 days) to 1000 (30 days) rubles per month.

Another free comprehensive computer monitoring program is:

Despite the fact that the name of the program includes the word “keylogger”, in fact it has much more capabilities. Among them:

The program itself is not detected by the antivirus, however, with active heuristic algorithms, its “suspicious” activity is detected. Therefore, it is best to install and configure it with protection disabled.

During installation preliminary preparation not required (the only thing you need is to choose for whom the program is being installed and whether its icon should be displayed in the tray). However, after installation, you need to add the program folder (by default C:\WINDOWS\system32\Mpk) and its executable file MPKView.exe to the antivirus exclusions.

When you launch it for the first time, the settings window will open. Here we can change the language from English to, for example, Ukrainian (for some reason there is no Russian...), set our own keys for quickly calling the program (by default ALT+CTRL+SHIFT+K) and a password for entering the control panel.

That's all, actually. The main disadvantage free version The program is its limitations in some aspects of tracking (not all programs are available, for example), as well as the lack of the ability to send logs by mail or via FTP. Otherwise, almost everything is good.

Spyware isn't just for desktop computers, but also for mobile platforms. If you want to know what your child is doing on a tablet or smartphone, you can try using the free multi-platform tracking system KidLogger.

Sniffers

The last, and most insidious, means of espionage can be the so-called sniffers (from the English “sniff” - “sniff out”). This class of programs is scientifically called “traffic analyzers” and is used to intercept and analyze data transmitted over the Internet.

Using a sniffer, an attacker can connect to a user's current web session and use it for his own purposes on behalf of the user himself by replacing data packets. If you are very unlucky, then with the help of a sniffer they can “steal” your logins and passwords for entering any sites where traffic encryption is not used.

Those who are most at risk of becoming a victim of a sniffer are those who use one or another public network to access the Internet (for example, a point Wi-Fi access). Also, users of corporate networks with an overly “entrepreneurial” administrator may be under theoretical threat.

So that you can roughly understand what a sniffer is, I suggest considering a representative of this class of programs developed by the popular team NirSoft:

This sniffer is intended mainly for intercepting data packets on a local PC and serves more for good intentions (like network debugging). But its essence is the same as that of hacker tools.

A person who understands the principles of data transmission over network protocols and understands what kind of information is transmitted in a particular packet, can decrypt its contents and, if desired, replace it by sending a modified request to the server. If the connection is over a simple HTTP channel without encryption, then a hacker can see your passwords right in the sniffer window without having to decode anything!

The problem is aggravated by the fact that previously there were sniffers only for desktop operating systems. Today, for example, there are numerous sniffers for Android. Therefore, an attacker analyzing traffic can be practically anywhere (even at the next table in a cafe with free Wi-Fi! A striking example of a sniffer for Android is mobile version popular sniffer WireShark:

Using this sniffer and the Shark Reader log analysis program, an attacker can intercept data directly from a smartphone or tablet connected to a public access point.

Countering spies

So we learned how the main types of spyware work. And a logical question arises: “How can you protect yourself from surveillance?”... This is a “difficult, but possible” task.

As you can see, almost all spyware programs can be detected by antivirus software. So the first step is to update antivirus databases security software installed on you. In addition, be sure to open the “white list” of your antivirus package and see if it allows files with suspicious names located in system folders.

If you use the mentioned Punto Switcher (or its analogues), be sure to check if someone has turned on “Diary” without your knowledge.

If no suspicious parameters are found either in the antivirus settings or in Punto Switcher, you can resort to scanning the system with special antivirus scanners. I recommend using programs that I have personally tested more than once and .

In addition, you can check those working in this moment processes using special anti-virus task managers. An example of this can be called free utility. This tool allows you not only to see the names and addresses of all running processes, but also to quickly assess the degree of their maliciousness (even potential).

The hardest thing is to counteract sniffers. If you cannot completely refuse to use public networks, then the only type of protection may be the use of sites that support the encrypted HTTPS data transfer protocol (most social networks now have it). If the site or service you need does not support encryption, then, as a last resort, you can organize a secure data transfer tunnel using VPN.

conclusions

As you can see, installing and monitoring any computer is not so difficult. Moreover, this can be done completely free of charge using small programs. Therefore, if you use public networks or work on a PC that is used by several users, then theoretically there is a chance that you are already being monitored.

Excessive carelessness and trust can cost you, at a minimum, the loss of passwords from your accounts on social networks, and, in worst cases, for example, the theft of money in your electronic accounts. Therefore, it is important to follow the principle of “trust but verify.”

If you yourself decide to spy on someone’s computer, then you must honestly warn the user about this. Otherwise, if espionage is detected, you can earn a lot of problems on your head :) Therefore, before you spy, think twice about it!

P.S. Permission is granted to freely copy and quote this article, provided that an open active link to the source is indicated and the authorship of Ruslan Tertyshny is preserved.

Keyloggers or keyboard spies have been around since the early days of computers. They are used in a wide variety of fields of activity. From office applications, when the director wants to know everything his employees are doing, to large-scale spy programs organized by the American NSA.

Tracking programs allow you to perform a very wide range of tasks: take screenshots, monitor via a webcam, record audio from a microphone, determine the geoposition of a laptop, send reports along with files of the specified type, duplicate the browser history in case it is deleted, and do many other things.

The word keylogger itself is a familiar but not entirely correct name. The first PC user tracking utilities actually logged only keystrokes and behaved almost like regular programs. As they developed, they learned to hide their activity better and collect much more data about the actions of the computer user.

The possibility of hidden launch made it possible to classify them as “potentially malicious”, to the delight of antivirus manufacturers. With distribution accessible internet keyloggers now have functions for sending logs and remote control. This gave rise to classifying them as Trojans and backdoors, which is why some authors abandoned the release of updates, while others accepted the challenge and began to look for methods to bypass antiviruses.

The first keylogger was installed by the KGB in 1976 on IBM Selectric typewriters.
at the American embassy and consulate. It was discovered only 8 years later.

Today, spyware has to be hidden not only from the user, but also from anti-virus scanners. Improving camouflage methods has become a mandatory and constant process. Even true hackers rarely had enough patience for it, since they wrote keyloggers mainly for fun. For example, Ghost Spy, the best keylogger of its time, has lost its relevance.

Most other developers began to sell more simple programs For " parental controls" They weakly mask their presence in the system, and for normal operation you usually need to add them to antivirus exceptions and create allowing firewall rules.

Of course, parental control, password interception, and user tracking are far from the only purposes of these programs. There can be many options for use: some keyloggers allow you to search for stolen laptops, simultaneously collecting evidence of guilt and logging all the actions of thieves, and remote listening and connecting to a webcam are excellent security functions.

So let's move on to our review:

THE RAT!

The Rat program, written by a man with the pseudonym HandyCat, is an example of true assembly language art. This is a whole series of keyloggers, some versions even provide remote installation. According to the author, The RatKid fork was originally intended to be a simplified version. However, it soon turned into a separate utility, temporarily even
more powerful than her ancestor. Now the internal competition has been eliminated: The Rat and The RatKid are almost identical. Separately, there is only the old The Rat v.10, optimized for Windows XP. The latest release - The Rat v.13 Lucille was created in May of this year. You can download both the full version and the demo version.

This is what TheRat control panel looks like

Each The Rat distribution is an archive within an archive. Inside the .zip there is a self-extracting WinRAR module, password protected. In the demo it says: TheRatKlg. To find out the password for full version, you must contact HandyCat at the address indicated on the website. After unpacking the archive, you will receive two executable files: RatCenter.exe - control center and RatExtractor.exe - log viewer. There is also detailed help and a license file.

The entire file set is 1.6 MB, but most of this space is in GUI control center. Due to the packer, the keylogger itself fits into 20 KB of code, and the unpacked version - into 50 KB. It works with any keyboard layout, including Arabic and Japanese. Compatibility tested for everyone Windows versions from XP to 8.1. It has not yet been tested on the “ten”, but it should work.

By default, the option to notify the user about being tracked is checked in the settings. In the demo version, it does not turn off, and every time Windows is restarted, a corresponding program window appears on the screen with a single OK button. In the full version, unmasking can be disabled. In addition, it has another unique component - a program for merging multiple files, FileConnector. It can attach a keylogger to any executable or multimedia file. The result of FileConnector will always be a new executable containing the code of the source program and The Rat.

True, this is only relevant for spying on inexperienced users who will not be confused by the sudden appearance of the .exe extension. Restrictions: the source and destination files must contain only Latin characters and numbers in the name.

The main purpose of FileConnector is to simplify remote installation using social engineering. For example, you can send the user a cool game or a self-extracting archive with important documents with a keylogger attached. The full version of The Rat also uses an executable file packer/encryptor to reduce the size of the add-on and make it harder to detect.

TheRat can also be a sniffer

In addition to all the traditional keylogger functions, The Rat can track activity in pre-selected application windows and respond to keywords, take screenshots at a specified time interval or every time you press the Enter key. This significantly reduces the amount of garbage in the logs and simplifies their transfer. Fully featured
the version additionally performs the tasks of a sniffer: it logs all work on the Internet in as much detail as possible and local network. Unlike other keyloggers, The Rat can intercept the substitution of stored passwords and data from autofilled forms.

The Rat also has an interesting local search engine feature. It can secretly find one or more files using a predefined mask, and then send copies of them along with the log by mail or to FTP specified in the Rat(Kid)Center settings. I will describe below how to search for FTP with anonymous login and recording capabilities.

Get the latest list FTP servers The Shodan shadow internet search engine will help us. A list of anonymous FTPs is generated upon request 230 Anonymous access granted . Choose the first one you like and try to upload a file to it. If it works, share the link with a friend or check the next one. During the test, two suitable servers were found in two minutes, using a free Shodan account.

Many of the old keyloggers are no longer relevant due to the transition of SMTP servers to secure connections. The Rat supports the TLS protocol, and therefore is able to send logs through modern email services. If the keylogger user has physical access to the monitored computer, then another non-trivial method of obtaining the log will be useful to him - autocopying. Starting from the eleventh version, Rat(Kid) Center can create a flash drive, which, when inserted into USB, will automatically record the keylogger log.

Key Feature everyone latest versions TheRat - work on the principle of disembodied viruses. At launch of The RatKid, as well as The Rat v.11 and higher, do not create separate executable files. It is launched once from the control center or a modified executable, and then completely hides traces of its presence and exists only in random access memory. Any
A regular shutdown and even a reboot by briefly pressing Reset leaves it in the system. You can remove The Rat(Kid) using the separate Rat(Kid) Finder utility included with the corresponding full version. She discovers herself keylogger, finds the log it created, allows you to change settings and find out the hot keys to disable the keylogger.
An alternative option for unloading it is to immediately de-energize the computer. It only works if no additional security measures were taken when installing the keylogger. On desktop systems, this will require unplugging the power cord, and on laptops, the battery.

Simply turning it off with a button is useless. A “rat” of fifty kilobytes in size can be easily stored not only in RAM, but also in the cache of the processor, drive, CMOS and any other available memory that will not be reset if there is a standby power source.

If The Rat was attached to any executable file from the autorun list, then to remove the keyboard interceptor after turning off the computer you will have to first load another OS and find a modified executable. This is best done by disk auditors (AVZ, for example, has this function) and programs that can calculate hash functions.

For example, Autoruns will check not only them, but also the digital signatures of startup objects, and send all suspicious files to the VirusTotal online verification service. However, this is not a panacea. A small keylogger file will not necessarily be embedded in another. It can exist as a satellite - for example, in alternative NTFS streams.

The advantages of The Rat also include its invisibility in the list of processes for all known viewers, the complete absence of entries in the registry, the ability to bypass some software firewalls (including those that check file checksums) and the ability to self-destruct at a specified time, leaving no traces and no reboot required.

The keylogger has one drawback - predictable and significant: currently its files are detected by most antiviruses. Therefore, before using them on the target computer, they will have to be modified by packers with the function of encrypting or obfuscation of the code.

SPYGO

SpyGo is a fundamentally different keylogger for Windows (from XP to 8.1, the 64-bit version is also supported). It uses much less aggressive behavior. Because of this, it is relatively easy to detect, but it is considered completely legal. Its author does not even hide behind a nickname - he is a programmer Anton Kartashov from the city of Berdsk, Novosibirsk region. He is trying to develop the project not so much as hacker software for espionage, but as a legal monitoring tool.


The developer is doing everything possible to avoid SpyGo from being included in antivirus databases. Although the distribution is encrypted using Enigma Protector, it has digital signature Spygo Software, certified by the Comodo certification authority. So far, only two out of fifty scanners swear at SpyGo (more precisely, at the packer), and even then at the level of paranoid heuristics.

This keyboard interceptor Available in Lite, Home and Ultima Editions. The latest release (3.6 build 50315) was released in June of this year. The differences between versions relate mainly to advanced functions. In Lite and Home, remote listening via a microphone and determining the location of the monitored laptop are not available. Also, in these versions all remote functions do not work: remote viewing of logs, broadcasting over the network of what is displayed on the screen
images, monitoring via a webcam, managing the program itself and uninstalling it. IN Lite versions There is also no function for delivering reports (by email or FTP) and instant notification by email about visiting websites marked as “undesirable”.

We tested the Ultima Edition, which does almost everything. Of course, among the implemented functions there is recording of keystrokes and copying text from the clipboard. SpyGo also logs general statistics about computer use: the time it was turned on and off, the launch of certain programs and actions in them. The keylogger watches the browser especially closely: it collects statistics on sites visited and tracks search queries. Among additional features there is the creation of screenshots (works also in games and when watching movies), receiving photos from a webcam, creating a log of all operations with files in a selected directory or on the entire disk, as well as connecting removable media.

Among ordinary users, the most popular features now include monitoring the actions of their household members in in social networks and reading their correspondence in different messengers. SpyGo can do all this and records it in the log in a row or by catching only individual phrases using keywords.

This is what SpyGo logs look like

SpyGo is also interesting because it can be launched in certain time and perform selective monitoring - this helps reduce the log size. All logs are encrypted. It is assumed that they can only be viewed from SpyGo. Recorded events are grouped into tabs in the report. They create a fairly accurate picture of the user's experience, but there are also discrepancies. For example, in the AVZ utility we simply performed a quick scan, and in the “Keys pressed” section of the log file the strange text “eeeeeee…” was displayed on two lines. In other programs, confirmation of an action by clicking the mouse corresponded to a record of entering “y”, which fits into the console logic of operation.

Antivirus easily finds SpyGo

Initially, the program operates explicitly. The installation wizard even creates a shortcut on the desktop, and in the settings there is a separate option “Notify the user of this computer about monitoring.” If you check it, a warning text will be displayed when you turn on the computer. This was done in order to avoid accusations of illegal surveillance. For example, everyone is already accustomed to the “Video surveillance is underway” stickers and the auto-informer phrases “All conversations are being recorded.” It's the same here: corporate politics and the struggle for discipline.

The “quiet” mode, natural for the keylogger, is turned on manually after the first launch. It removes the program window, hides it from the taskbar, list installed programs and in every possible way masks activity. You can return the SpyGo window by pressing a preset key combination (by default this is ). If you forgot the tricky combo, you can restart the installation of the program and see a working copy of it (or a password entry window, if one is specified). This is not done in the spirit of a ninja, but it helps those suffering from sclerosis.

Adding a library when installing a program

Hiding a running program works both in the system process manager and in its advanced analogues like Process Explorer. Popular antiviruses also ignore the work of the keylogger, but it is instantly identified by the AVZ analyzer as a masquerading process.

IN file system The keylogger doesn't really hide at all. It only sets the "hidden" attribute on its directory, so that it will not be visible in Explorer with default settings. Naturally, he remains visible to others file managers to the standard address C:ProgramDataSGOsgo.exe. You can specify a different installation path, but this helps little - the executable is always the same, otherwise it would be defined as a polymorphic virus.
A comparison of the startup sections before and after installing SpyGo shows the addition of the RTDLib32.dll library. Antiviruses let it through, but it sticks out quite clearly in the system.

There are many different keyloggers you can find, and each of them is interesting to study. However, in the end, any of them will be an analogue of the toothy The Rat or the cute SpyGo. These two different approaches to writing dual-use utilities will always coexist. If you need to protect your laptop, keep an eye on your child or a careless employee, feel free to install SpyGo and control all actions via user-friendly interface. If complete secrecy is required, use the assembler “Rat” as a basis and hide it from antiviruses during installation as best you can. Then she will run on her own, gnawing holes even in powerful protection. The Rat is exceptionally difficult to detect on a live system, and this keylogger is well worth the effort. Chances are you'll be able to write your own by the time you fully understand it.

How can you find out what your child or employee is doing on the computer? What sites does he visit, with whom does he communicate, what and to whom does he write?

For this purpose, there are spy programs - a special type of software that, unnoticed by the user, collects information about all his actions. Computer spy software will solve this problem.

Spyware for a computer should not be confused with a Trojan: the first is absolutely legitimate and is installed with the knowledge of the administrator, the second gets onto the PC illegally and carries out hidden malicious activities.

However, hackers can also use legitimate tracking programs.

Spyware applications are most often installed by business managers and system administrators to monitor employees, parents to spy on children, jealous spouses, etc. At the same time, the “victim” may know that she is being monitored, but most often she does not know.

Review and comparison of five popular spyware programs

NeoSpy

NeoSpy is a universal keyboard, screen and user activity spy program. NeoSpy works invisibly and can hide its presence even during installation.

The user who installs the program has the opportunity to choose one of two installation modes - administrator and hidden. In the first mode, the program is installed openly - it creates a shortcut on the desktop and a folder in the Program Files directory, in the second - hidden.

Application processes are not displayed in the manager Windows tasks and third-party task managers.

The functionality of NeoSpy is quite wide and the program can be used both as home monitoring and in offices to monitor employees.

The spy program is distributed in three versions under a shareware license. The price is 820-1990 rubles, but it can also work for free (even in hidden mode) with restrictions when viewing reports.

What NeoSpy can do:

• monitor the keyboard;
• monitor website visits;
• show the user’s screen in real time via the Internet from another computer or tablet;
• take screenshots and save images from your webcam;
• monitor system events (turning on, shutting down, computer downtime, connecting removable media);
• intercept the contents of the clipboard;
• Monitor the use of Internet instant messengers, record Skype calls;
• intercept data sent for printing and copied to external media;
• keep statistics of computer work;
• send laptop coordinates (calculated over Wi-Fi).

Thanks to the Russian-language interface, a wide range of functions, correct keyboard interception and a completely hidden operating mode in the system, NeoSpy receives the maximum rating when choosing programs for user control.

Real Spy Monitor

The next spy is Real Spy Monitor. This English-language program not only has tracking functions, but can also block certain actions on the computer. Therefore, it is often used as a parental control tool.

For each account In the Real Spy Monitor settings, you can create your own ban policy, for example, on visiting certain sites.

Unfortunately, due to the lack of an English-language interface, it is more difficult to understand the operation of Real Spy Monitor, despite the graphical thumbnails for the buttons.

The program is also paid. The license costs from $39.95.

Real Spy Monitor features:

• interception of keystrokes, clipboard contents, system events, websites, instant messengers, mail;
• work in semi-hidden mode (without an active window, but with the process displayed in the task manager);
• working with multiple accounts;
• selective autostart for different accounts.

In general, many users like Real Spy Monitor; the disadvantages include the high cost, lack of a Russian-language interface, and display of the process in the task manager.

Actual Spy

The developers position Actual Spy as a keylogger (keylogger), although the program can do more than just record keystrokes.

It monitors the contents of the clipboard, takes screenshots, monitors site visits, and other things that are included in the main set of spies we examined.

When installed, Actual Spy creates a shortcut in the Start menu so it can be noticed by the user. The launch also occurs openly - to hide the program window you need to press certain keys.

Actual Spy's capabilities are not much different from those of its competitors. Among the shortcomings, users noted that it correctly records keystrokes only in the English layout.

SpyGo

SpyGo - spy kit for home use. Can also be used in offices to monitor employees.

To start monitoring, just click the “Start” button in SpyGo.

SpyGo is distributed under a shareware license and costs 990-2990 rubles depending on the set of functions.

In trial versions, monitoring duration is limited to 20 minutes per day, and sending reports to email and FTP is not available.

Main features of SpyGo:

• keystroke monitoring;
• recording all actions on the computer (launching programs, operations with files, etc.);
• control of visits to web resources (history, search queries, frequently visited sites, duration of stay on the site);
• recording what is happening on the screen;
• saving the contents of the clipboard;
• listening to the environment (if there is a microphone);
• monitoring of system events (times of turning on and off the computer, downtime, connecting flash drives, disks, etc.).

Important! The disadvantages of SpyGo, according to users, include the fact that it does not support all versions of Windows, when sending reports it often throws errors and is quite easily unmasked.

Snitch

Snitch - the name of this program translates as “snitch”, and is very unfriendly towards the user. Snitch spies on computer activities. It works hidden, does not require complex settings and has little effect on system performance.

The program is released in a single version.

Features and Features of Snitch:

• monitoring of the keyboard, clipboard, system events, web surfing and communication in instant messengers;
• compilation of summary reports and graphs of monitored events;
• undemanding network configuration;
• protection against unauthorized termination of the program process;
• surveillance is carried out even in the absence of access to the network.

Among the shortcomings, you can notice conflicts with antiviruses

How to detect a spy on your computer?

Finding spyware on a computer that doesn’t show itself outwardly is difficult, but not impossible.

So, despite their legitimacy, the applications we reviewed can be recognized by special antiviruses,“tailored” for searching for spyware (Trojans with spying functions), so we recommend adding the installed program to the exclusion list of such antiviruses.

And if you do not need to remove the spy, but only need to disguise your actions from it, you can use anti-spying tools that, despite actively spying on you, will prevent the interception of keyboard events and screenshots.

Then your correspondence and passwords will not fall into the wrong hands.

Have you ever felt worried about the safety of confidential data on your computer? Do not rush to answer that you do not have confidential information. If you think that there is “nothing to steal” from you, you are most likely mistaken. If you have made a purchase at least once in an online store, paying with a credit card or electronic money, then your computer is already bait for a potential thief. The problem exists, and an ideal solution for it has not yet been invented. Of course have various ways protection of confidential data, for example, restricting access rights in the system, anti-virus software, firewalls, etc. We have repeatedly talked about many of them on the pages of 3dnews. However, relying entirely on an antivirus and a password protection system would be somewhat presumptuous. In addition to the danger of a virus attack, there is a threat of a completely different kind, caused by the human factor. What happens when you are away from work? Perhaps, while you are finishing your cup of coffee at the buffet, during your lunch break at work, someone is reading your correspondence on e-mail?

Having got someone else's computer at his disposal, even for a few minutes, an experienced user can easily find out all the information he is interested in - the history of negotiations via ICQ and e-mail, a list of passwords used in the system, links to resources that the user viewed, not to mention access to documents on disk. Utilities that help spy will be discussed in this review. Such programs can be used both at work to control the working time of employees, and at home as a means of parental control or as a tool for obtaining information about the personal life of your spouse. Note that due to the specifics of how spyware works, antiviruses and firewalls are often very suspicious of them, often mistaking them for malware. The developers of some utilities even place a corresponding notice on their websites. However, in most cases, it is enough to configure the firewall once, and it will no longer respond to spyware.

Power Spy 2009

Developer: eMatrixSoft
Distribution size: 5 MB
Spreading: shareware Power Spy can be called a universal spy. It is suitable for monitoring employee workplaces, monitoring your child’s activities on the computer, and finding out what your wife is doing on her home PC in your absence. The program can record all keystrokes, save screenshots of windows opened by the user, record the addresses of websites visited, intercept messages sent by e-mail, as well as through instant messaging systems (MSN Messenger, Windows Live Messenger, ICQ, AOL Messenger, AIM, Yahoo! Messenger, Windows Messenger and Skype text chat). In addition, it is possible to save all windows opened by the user, applications launched, passwords typed and information entered into the clipboard.

In stealth mode, Power Spy is completely invisible to the user and does not appear in the list running applications, does not show an icon in the system tray, it is not in the list of installed programs and in the Start menu, and in addition, the folder in which Power Spy was installed is also hidden. To interrupt the program or uninstall it, you need to enter a password, and you can delete the program using its window. The administrator can open the program window with the collected data by pressing a specific key combination. Information about computer activity is presented in a convenient form: screenshots can be viewed in slide show mode, information about keystrokes is organized chronologically by application and window, and the Email tab displays the text of all emails that the user has read and sent. In addition, the program saves the contents of all documents that users have worked with. Moreover, if the file was opened several times, then Power Spy will save it only once, which allows you to reduce the size of the report. In addition, you can configure Power Spy to send reports via email in HTML format or upload them to an FTP server.

Real Spy Monitor 2.89

Developer: ShareStar
Distribution size: 1.4 MB
Spreading: shareware Another utility that will help you keep track of who is doing what and when on the computer. The program supports working with multiple accounts Windows records and, when compiling a report, indicates which user performed certain actions. During the program setup process, you can select accounts that will automatically launch the program.

Reports compiled by Real Spy Monitor include information about all keys pressed and the titles of the windows in which typing was performed; about sites visited (addresses, headers, loading time); about opened windows (title, path to the program executable file) and files; about launched applications indicating start and close times. In addition, the program records messages exchanged between users of IM clients and can take screenshots at specified intervals. The collected information can be viewed in the program window (called by a keyboard shortcut), and also received in the form of an HTML report. To search for information among a large number of log files, a search is provided, and there is a function for automatically cleaning outdated data.

If you use a program to monitor the activities of children, then appreciate the ability to install filters on applications launched and sites opened. In the Real Spy Monitor settings, you can specify the path to executable files that cannot be launched by a particular user. As for sites, you can block certain resources by adding the full address of the resource to the “black” list, or keyword, which the program will look for on the page. For young children, you can set more severe restrictions - allowing access only to those sites that are on the “white” list.

Maxapt QuickEye 2.8.8

Developer: STBP "Maksapt"
Distribution size: 5 MB
Spreading: shareware If some other programs in this review can be equally successfully used for monitoring the actions of company employees and for tracking users on a home PC, then Maxapt QuickEye is aimed primarily at corporate users. Its main focus is on tools for viewing and analyzing reports. Thanks to this, the boss can quickly find out how much time each employee was actively working on the computer and what programs he was running. Interestingly, Maxapt QuickEye doesn't just capture open applications, but also takes into account whether active work was carried out with them. Thus, if the application window was open all day, but the user only worked with it for half an hour, then Maxapt QuickEye will display this in the report.

In the Maxapt QuickEye window, the applications that users work with are grouped into categories. Thus, by going to the “Games” or “Internet Communication” category, you can see on which computer such programs were active and for how long. All data can be presented in the form of a table grouped by computer or by time. In addition, you can see the report in the form of a chart or graph.

Reports provided by Maxapt QuickEye also contain information about the presence of employees at the workplace. The program records the moments of entry into operating system, turning off the computer, putting it into sleep mode, and then automatically calculates how many hours and minutes the employee spent at the computer. In this case, the time when the computer was in sleep mode is subtracted from the total time when the computer was turned on. With Maxapt QuickEye, you can not only receive reports on how employees spend their working time, but also limit the use of certain applications. Using the utility, you can create a list of allowed and prohibited programs for each employee, and set a working time schedule.

Mipko Employee Monitor 5.0.4

Developer: LLC "Mipko"
Distribution size: 4.8 MB
Spreading: shareware Previously, the Mipko Employee Monitor program was called KGB Keylogger. The main advantage of this utility over various keyloggers is that activity monitoring can be done remotely. Even during the installation process, the installation program warns about the presence of an antivirus in the system and the need to configure it accordingly by adding Mipko Employee Monitor to the list of trusted applications or exceptions.

The program is very flexible in working with multiple users; in this sense, Mipko Employee Monitor is an indispensable tool for a system administrator. For each user whose computers you want to monitor, you can set different variants monitoring. So, for example, for one user you can set up tracking only the text typed, for another - to track only visited websites, for a third - to keep statistics on running programs, etc. The program can work using alarm mode. This means that when the user types certain words, Mipko Employee Monitor marks the user's activity with an alarm icon, and, with appropriate program settings, sends a warning message to the administrator by email or uploads it to an FTP server. The program is perfectly camouflaged; its monitor cannot be detected either in the list of running processes or in the list of services. To display or hide Mipko Employee Monitor, you must command line Windows, type runmipko or use the keyboard shortcut. Mipko Employee Monitor allows you to use tracking filters. Thus, you can create a list of programs whose activity needs to be monitored, but other running applications will not be monitored. The log size for each user being monitored can be strictly limited. By default, the program stores records about user activities for up to 90 days; if necessary, this period can be increased or decreased.

The information about user activity that this program collects would be incomplete without the ability to take screenshots. The snapshot can be taken of only the active window or the entire work area screen. By the way, on configurations with multiple monitors you can also take screenshots. When capturing the entire work area, the image is obtained in the form of two combined screenshots - the first and second monitors. The screen is captured either at certain intervals or when a new window is opened. In the absence of any activity, the creation of screenshots automatically stops so as not to generate identical and useless screenshots. Mipko Employee Monitor intercepts messages in all popular programs for instant messaging - ICQ, Yahoo! Messenger, AIM, Windows Live Messenger, Miranda IM, Skype, Google Talk, Mail.Ru Agent, Qip.

Actual Spy 3.0

Developer: Keylogger Actual Spy Software
Distribution size: 1.6 MB
Spreading: shareware Using this program you can get information about different types of active use of your computer. Thus, it monitors the contents of the clipboard, stores information about the time when applications are launched and closed, takes screenshots of the desktop at certain intervals, and keeps track of the time the computer is turned on/off and rebooted. Actual Spy monitors keystrokes and sites visited, and also monitors documents sent for printing. The program saves changes to files and directories and records any links used by the browser.

The program is hidden using a keyboard shortcut and is then not visible either in the tray or in the list of running applications. Despite this "disguise", Actual Spy reveals itself by adding a corresponding entry to the list of programs in the Start menu, so if you decide to use this keylogger, do not forget to delete the folder of the same name in the menu. The user activity report can be saved in text or HTML format, on one or more pages. When viewing the report generated by Actual Spy, a flaw in the program immediately catches your eye - it only accepts keystrokes in the English keyboard. Therefore, if it becomes necessary to read, say, the text email in Russian, reading will turn into solving a rebus. However, Russian text copied to the clipboard is displayed correctly. Please note that the demo version of the program can perform its functions for forty minutes. Sometimes this is enough to protect your work computer during your lunch break.

NeoSpy 3.0

Developer: MC-Soft Software
Distribution size: 2.7 MB
Spreading: shareware

The most important thing for a spy program is not to give yourself away. The NeoSpy developers made sure that after installation the program is invisible on the computer. When installing the utility, you can select administrator or hidden installation. In the latter case, shortcuts will not be created in the Start menu and on the desktop, the folder with the program will be hidden, it will not be visible in the list installed applications. To run NeoSpy, the administrator will need to use the Start>Run command. NeoSpy can intercept messages sent using various IM clients. It is gratifying that not only clients popular among English-speaking users are supported, but also those that are installed by the majority of Russians. We are talking about Qip, Miranda and Mail.ru Agent. In addition, NeoSpy copes with intercepting messages sent using &RQ, ICQ, SIM and other programs.

Using NeoSpy you can collect information about all applications that run on your computer. The program saves the start and launch time, the path to the executable file, and the window title. In addition, the report will indicate whether a screenshot was taken for each program. Screenshots can be viewed in a built-in utility with easy navigation tools. The module for viewing screenshots has a special scale indicating time, so if you want to find out what the user was doing at the computer at a certain time, just move the slider on this scale to the desired position. Using NeoSpy, you can monitor Internet activity on your computer. The program not only saves the addresses of visited sites, but also records when you connected to and disconnected from the Internet (of course, if the connection is not permanent), and tracks the amount of incoming and outgoing Internet traffic. By and large, NeoSpy makes it possible to track all the actions that were performed on the computer. Thus, the program saves everything that was typed on the keyboard, stores data that was entered into the clipboard, tracks changes in files, the creation of new files and their deletion. In addition, if necessary, you can save full list applications installed on the computer.

Modem Spy 4.0

Developer: SoftCab
Distribution size: 380 kb
Spreading: shareware This program offers a completely different method of "spying" - telephone. If a modem is connected to your computer, then using a small utility called Modem Spy you can record all telephone conversations. A very convenient feature, especially if your desk phone does not have this capability. Record telephone conversations can be performed in automatic mode, while the program will keep statistics of telephone conversations in a special call log. During the recording process, the interlocutor's audio will not sound too quiet, since the program uses automatic adjustment signal amplification.

Audio recordings can be saved in any audio format - MP3, WAV, etc. Recorded telephone conversations can be played through a sound card or played directly into the telephone line. Modem Spy can record conversations, even using modem models that only support data transfer (data modem). To do this, you need to connect the modem and line input sound card using a special adapter. You can also use Super Spy mode, in which calls will be recorded without the user noticing. Another feature of the program is recording from a microphone in voice recorder mode. Directly from the Modem Spy program, you can send your recordings by email. If specifications modem allow, the program can determine the number caller. You can record conversations without the knowledge of the remote subscriber, or with his prior notification by enabling the appropriate program setting. Modem Spy has many options that allow you to fine-tune your modem to work with telephone line- correctly detect a busy signal, detect silence in a conversation and cut it to obtain a file with smaller size, enable recording after a certain call, etc.

WillingWebcam 4.7

Developer: Willing Software
Distribution size: 4.6 MB
Spreading: shareware If we're talking about telephone spying, we can't help but mention video surveillance. It can be carried out using a webcam connected to a computer. This simple device, which many are accustomed to using to communicate with friends, may well be a real spy. You can turn a webcam into a spying device, for example, using the WillingWebcam program. Using it, you can remotely monitor what is happening near the computer next to which the webcam is installed. WillingWebcam can take pictures continuously at regular intervals or only when movement is detected in the frame. The resulting photos can be sent by email or uploaded to an FTP server. In addition, WillingWebcam can notify the user about the appearance of new pictures in other ways: by sending an SMS, launching another application, or playing an audio file.

Videos recorded using the program and photographs taken can be accompanied by text messages, as well as an indication of the recording time. In addition, there are many effects available that can be used to improve image quality, for example, increase clarity. WillingWebcam has a built-in module for viewing images and video files, organized like an Explorer. In it you can view thumbnails of images, play saved videos, select different modes view the list of files. If desired, images can be viewed in full screen mode. WillingWebcam can work in hidden mode. In this case, it will not be visible either on the taskbar or in the system tray. To exit the program from this mode, the default key combination is used, but it can be changed to another.

Elite Keylogger 4.1

Developer: WideStep Security Software
Distribution size: 5.3 MB
Spreading: shareware WideStep Security Software company releases three versions of its keyloggers - Family Quick Keylogger, Perfect Handy Keylogger and Elite Keylogger. Last option is the most functional and has the most features. For example, the Elite version is absolutely not detected by antiviruses, while Perfect Handy Keylogger is detected, but not by all antivirus packages, and Family Quick Keylogger is detected by any antivirus program. Due to the fact that the keylogger works at a low level of the system kernel, it does not slow down Windows work and provides good compatibility with antivirus programs. And yet, when running Elite Keylogger for the first time, Kaspersky Internet Security 2009 was suspicious of the new object and recommended sending it to quarantine.

The appearance of Elite Keylogger suggests that it is intended not just for tracking the user, but for continuous monitoring of activity over a long period of time. You can view activity statistics in the program by day using the calendar built into the program. Elite Keylogger allows you to define lists Windows users, which should or, conversely, should not be monitored.

Elite Keylogger monitors the operation of Internet messengers ICQ, MSN, AIM, AOL and Yahoo, monitors email, application activity and printed documents. The program can send the monitoring result by email, upload it to an FTP server or copy it to specified folder on a network drive. In the program, you can set a period of time, after which all user activity logs will be automatically deleted. You can also install maximum size activity report, and also set the size of the log file, upon reaching which it will be sent by email. We draw your attention to one detail - if you want to remove this keylogger, you cannot use standard tool installing or removing programs (Add or remove programs), or even using special utilities that control Windows startup, this cannot be done. In order to uninstall Elite Keylogger, you need to go to the Options section and use the Uninstall keylogger button in the interface of the utility itself.

Conclusion

Those wishing to try a utility for monitoring user activity may notice that there is quite a large selection. The demand for such software is consistently high. First of all, such applications are in demand by organizations and firms where strict discipline reigns and strict requirements are imposed on employees regarding what they do at their workplaces. If recently the term “keylogger” meant a utility that recorded keystrokes, today such applications make it possible to monitor almost any type of activity - mouse clicks, launching programs, changing system settings, etc. Moreover, using the programs described in this article , control can be carried out remotely, tracking in real time what the user is doing, which window is active, what text he is typing and even with whom he is talking on the phone. Those who are concerned about privacy may be advised to use comprehensive protection (for example, an antivirus package and a activity monitoring utility) and rely mainly on themselves. Because for every lock, a thief, unfortunately, has a master key.

Using special utilities, spy programs, you can monitor the actions of employees during working hours or children in your absence. They use spy programs in enterprises and offices, at home to check children or spouses. The user will not notice such a utility, but you will see all his active activities. A computer spy will show with whom a person corresponds, what sites he visits, and with whom he is friends.
Spyware has nothing in common with a Trojan. The first utilities are installed on the computer system administrator and are legitimate, while the latter appear illegitimately, act secretly and cause harm. If you are wary of criminals, know that they can monitor your activities using legitimate software.

Most often, for example, in enterprises, employees do not know that their Internet surfing is being monitored special utilities. But there are exceptions: employees are warned about monitoring them.

NeoSpy

NeoSpy is a universal utility with which you can monitor the user. It spies on the monitor and keyboard, and also monitors the user's actions. Its presence on a computer is difficult to detect if you install it using hidden mode. In this case, the program will not detect itself during installation. It will not appear in the task manager either. You can also select administrator mode, but in this case the utility is visible: there is an icon on the desktop and a folder.

The universal spy is functional and intended for a wide range of users: it can be installed both in an enterprise and at home.

There are three versions of NeoSpy spyware: two paid versions with various possibilities and free. For the third version, you can even select a hidden tracking mode. The only limitation is free program- analysis of reports.

NeoSpy can do the following:

• watch the keyboard;
• control Internet surfing;
• monitor the user’s monitor online and show the results on another computer or mobile device;
• create and save screen and web camera images;
• monitor computer startup/shutdown, duration of downtime, use of disks and flash drives;
• copy information from intermediate storage (buffer);
• collect and analyze statistical data;
• save information about documents that are sent for printing or copied to disks and flash drives;
• monitor exchange programs text messages and save calls on Skype;
• report the location of a laptop computer (using a wireless network).

Users like this universal spy for its functional parameters, Russian-language interface, hidden mode of use, and excellent interception of keystroke events.

Real Spy Monitor

This spyware is often used by adults to monitor their children. Although the program does not have a Russian-language interface, it has great functionality than the previous one. Real Spy Monitor can not only monitor the user’s work on the computer, but also, given the specified parameters, prohibit certain actions. This is what attracts parents who want to control their children.

In Real Spy Monitor, you can create multiple accounts and manage them in different ways. For example, for the first account you can block some Internet services, and for the second account - others. User interface created on graphic miniatures and, despite the lack of Russian language support, setting up this spy program is simple. This utility does not have a free version. To use the spy, you will have to pay about $40.

Real Spy Monitor can do the following:

• intercept keystroke events, information from intermediate storage, turning on/off and duration of computer downtime, monitor surfing, email and other messages;
• work with multiple accounts that can be configured in different ways;
• monitor user actions in semi-hidden mode (spy is displayed in the manager, but does not have an active window);
• run selectively along with system startup for different accounts.

Real Spy Monitor - functional program with great possibilities. Disadvantages include the lack of support for the Russian language and the free version, a semi-hidden mode with display in active processes.

SpyGo

SpyGo created for use at home, but you can also monitor employees using this spy. The utility is easy to use: the “Start” key starts tracking. Reports can be received by e-mail or via File Transfer Protocol. Software prices vary and more features, the more expensive. There are also trial version- 25-minute observation per day, but without sending results.

SpyGo spy can do the following:

• intercept keypress events;
• control surfing on the network, analyzing data about resources, requests in search engines, time spent on the site, history;
• record everything the user does with programs and files, monitor installations and uninstallations of applications;
• record everything that happens on the screen;
• intercept information from intermediate storage;
• monitor the switching on/off and duration of computer downtime, and removable media;
• listen to conversations in an apartment or office (a microphone must be connected).

SpyGo has some disadvantages: it does not work on all versions of Windows, sometimes it does not send observation results, and it can exit hidden mode. But, despite this, the program is loved by users for its simple operation and wide functionality.

Snitch

Spyware Snitch has only one version and is excellent at monitoring users and “snitching” on them. The program is very easy to set up, does not load the computer and monitors the user in hidden mode.

The Snitch utility can do the following:

• intercept keystroke events, information from intermediate storage, monitor the switching on/off and duration of computer downtime, as well as surfing the Internet, “read” text messages;
• control program processes, protecting against actions of intruders, for example, forced termination;
• monitor user actions even if the computer is not connected to the Internet;
• analyze events and create detailed reports and graphs;
• does not require specific network settings.

The only disadvantage of spyware software that is noticed by users is a conflict with some antivirus programs.

How to detect a spy on your computer?

A spy operating in stealth mode is not easy to detect. Before installation, add it to the exclusion list to avoid conflicts with the antivirus. Some programs find viruses that spy on users.

You can deceive the spy utility using special protection tools. They prevent the spy from intercepting keystroke events and screenshots, although he continues to actively monitor the activity. This is especially true for employees of enterprises who do not want outsiders to find out about their confidential information (passwords, messages).