create a keystroke logger

[Steve Y.]

I've been asked by senior management to create and deploy a keystroke logger
application (log to a local or network folder). Active directory already
blocks the target users from opening task manager (they won't be able to see
it running) so it needs to be straight forward and just capture key strokes
(not "F" keys or shifts, alts, ctrls, etc). Any ideas how to do this? I
need to get up something pretty quickly and have been told nothing can be
purchased. So I'm thinking a console app or something? I can use 1.1 or
2.0 if necessary. Round one can be quick and dirty and down the road we can
make it do more. Thanks - Steve

 

[Marina Levit [MVP]]

Yuck, I find these kinds of tactics by management to monitor their employees
disgusting. If they have reason not to trust their employees, perhaps they
shouldn't be employing them. If people are getting their work done, they
should be left alone.

 

[zacks]

Yuck, I find these kinds of tactics by management to monitor their employees
disgusting. If they have reason not to trust their employees, perhaps they
shouldn't be employing them. If people are getting their work done, they
should be left alone.

Besides, aren't there a number of out of the box applications that do
this? Why re-create the wheel?

 

[Robinson]

I've been asked by senior management to create and deploy a keystroke

logger application (log to a local or network folder). Active directory
already blocks the target users from opening task manager (they won't be
able to see it running) so it needs to be straight forward and just
capture key strokes (not "F" keys or shifts, alts, ctrls, etc). Any ideas
how to do this? I need to get up something pretty quickly and have been
told nothing can be purchased. So I'm thinking a console app or
something? I can use 1.1 or 2.0 if necessary. Round one can be quick and
dirty and down the road we can make it do more. Thanks - Steve

I'm always suspicious when I see these kind of posts in this newsgroup and I
for one am not minded to offer any assistance.

 

[Marina Levit [MVP]]

Presumably because his bosses don't want to pay for it, so they want it
written in house instead.

 

[John Browning]

Presumably because his bosses don't want to pay for it, so they want it

written in house instead.

Which will cost more money than purchasing a package. BTW, employers
frequently have plenty of cause for these types of tactics but it's a
double-edge sword.

 

[Marina Levit [MVP]]

Well, they think it will be cheaper. They also think monitoring key strokes
is a good thing to do.

I doubt they have cause to deploy this application for every employee. If
they have an issue with one employee, they need to deal with that person
directly.

 

[Mark Rae]

I'm always suspicious when I see these kind of posts in this newsgroup and
I for one am not minded to offer any assistance.

Likewise - for all we know, this guy could be running an Internet cafe and
hoping to capture passwords, credit card details etc...

 

[John Browning]

I doubt they have cause to deploy this application for every employee. If

they have an issue with one employee, they need to deal with that person
directly.

How can you tell which employee to check ahead of time. Many employees waste
an incredible amount of time sending personal email, conducting online
banking and other personal web activity, doing personal work at their desk,
etc (and not just during their lunch). This is very expensive. Employees
have also been known to breach their company's security (inadvertently or
otherwise), cause potential legal or finanical problems for their company,
launch frivolous lawsuits against their company, etc. The company can often
protect itself by using such methods. Employees don't like it of course (a
natural human response) and this can hurt the company in other ways. The
whole thing is really a balancing act however - respecting your employees
while protecting your company and ensuring that employees are doing their
work (and to this end, I don't think such tactics are inherently
disrespectful or demeaning - people react otherwise of course but if it's
all done in the open and the company is fair and respectful to its employees
in general then there's usually little reason to be bothered by it).

 

[Robinson]

whole thing is really a balancing act however - respecting your employees

while protecting your company and ensuring that employees are doing their
work (and to this end, I don't think such tactics are inherently
disrespectful or demeaning - people react otherwise of course but if it's

If your manager needs a keylogger to check to see if you are doing your
work, then he's clearly a complete idiot.

How can you tell which employee to check ahead of time. Many employees
waste an incredible amount of time sending personal email, conducting
online banking and other personal web activity, doing personal work at
their desk, etc (and not just during their lunch). This is very
expensive....

See above. If work is measured by the number of keypresses, then once
again, the manager is a complete idiot. I think you need to study how
permissive environments and personal responsibility affect worker
productivity before you bring Expense into the equation.

 

[Marina Levit [MVP]]

If the employe gets his/her work done, then it is irrelevant as to what else
that person is doing as long as it not illegal. In terms of security,
companies can simply configure the workstations appropriately and/or block
certain sites if they wish.

If there is a particular employee suspected of wrongdoing or slacking, you
deal with that person directly.

 

[Guest]

Which will cost more money than purchasing a package. BTW, employers
frequently have plenty of cause for these types of tactics but it's a
double-edge sword.

Hmm good opportunity to put in a back door

 

[John Browning]

If the employe gets his/her work done, then it is irrelevant as to what

else that person is doing ...

Just the complete opposite in fact. When work is done, you move onto the
next task. You don't say to yourself, "hey, I finished an hour early so now
I can pay my bills online". An employee is at their company to work, not
take care of personal business on their employer's time and expense (within
reason).

In terms of security, companies can simply configure the workstations
appropriately and/or block certain sites if they wish.

Which sites? All known banks, blogs, recipe sites, etc. You effectively have
to cut-off all Internet access and external email. Security is also more
than just what web sites you visit. An employee can release private company
info by email for instance (accidentally or otherwise), send private company
files to their home (innocently perhaps), etc.

If there is a particular employee suspected of wrongdoing or slacking, you
deal with that person directly.

The problem usually isn't one serious transgressor. It's the totality of all
the wasted time and resources by the supposedly mainstream (conscientious)
employees (most of whom have in-out boxes filled with personal email, often
use the web when they shouldn't, are guilty of using the office printer for
personal use, etc.).

 

[John Browning]

If your manager needs a keylogger to check to see if you are doing your

work, then he's clearly a complete idiot.


See above. If work is measured by the number of keypresses, then once
again, the manager is a complete idiot. I think you need to study how
permissive environments and personal responsibility affect worker
productivity before you bring Expense into the equation.

Logging keystrokes is usually overkill but many (maybe even most) employees
are irresponsible nevertheless. How you go about tackling the problem is a
religious issue. If people knew they were being monitored however I suspect
most would curtail their behaviour.

 

[Samuel R. Neff]

Just the complete opposite in fact. When work is done, you move onto the
next task. You don't say to yourself, "hey, I finished an hour early so now
I can pay my bills online". An employee is at their company to work, not
take care of personal business on their employer's time and expense (within
reason).

But the issue of doing personal things on company time has to be
balanced with what personal time people spend at work. Most people,
especially in our field, work more than the traditional 40 hours a
week. So when someone is spending 45, 50, 60 hours a week at work,
it's perfectly acceptable for them to use some of that time on
personal things like e-mail and paying bills.

However, I have heard numerous stories of aggregious abuse where
someone for example works 4-6 hours a day on an open source project.
When their manager looks at their computer it looks like they're
programming but they're not really programming for the company's
product. The manager in this instance installed a key logger and it
made firing the employee a lot easier (both in terms of being
absolutely sure they were wasting as much time as suspected and having
emperical evidence).


btw, does answering newsgroup questions count as work-time or
personal-time?

Sam

 

[Christopher Ireland]

Logging keystrokes is usually overkill but many (maybe even most)
employees are irresponsible nevertheless.

LOL

Chris.

 

[John Browning]

btw, does answering newsgroup questions count as work-time or

personal-time?

I'm self-employed so can waste as much time as I want

 

[Guest]

If your manager needs a keylogger to check to see if you are doing
your work, then he's clearly a complete idiot.

Could be for legal purposes. Evidence?

 

[Mark Rae]

I'm self-employed so can waste as much time as I want

Likewise - on both counts... ;-)

And I work from home - hurrah!

 

[cbmeeks]

Exactly. These posts piss me off.

To the original poster: Go learn how to "hack" somewhere else and
leave Usenet alone.