There are employers and IT departments out there that take an extreme approach to monitoring what the staff gets up to on company-owned equipment. You may not be able to change the policies of the firm that you work for, but you can at least check if and how you’re being watched.
Obviously, we can’t provide a one-size-fits-all guide as we’re not privy to the inner workings of every single company out there, but we can tell you some of the best methods for finding out whether or not your computer has any spyware on it, and what your options are for dealing with it.
Whether or not you think this is fair, under US law it’s certainly legal for employers to monitor employees on company hardware, even down to the keystroke, if necessary. While it’s certainly polite for employees to be notified of the monitoring that goes on, this is only required in some states—so it might be happening without your knowledge.
Presumably, if you’ve been told that you’re being watched, you don’t need this guide. You might even be able to see the monitoring software running in the corner of the screen.
If not, the best way to see what’s running on a Windows system is the long-serving Task Manager, which you can call up with Ctrl+Shift+Esc (or by searching from it in the taskbar). Switch to the Processes tab: Most spyware tools worth their salt will be able to stay hidden from the Apps list, but check Background processes too, especially for programs using up a lot of system resources.
A quick web search for any entries you don’t recognize might turn up the name of a known spyware application or two—though maybe use your private, personal phone for the searching, while not on company wifi.
The Start-up tab is worth investigating too: Monitoring software will need to be loaded into memory every time the computer reboots, so it should be listed here. Again, you can look up any obscure names you don’t recognize.
Via the Windows command prompt you can check which programs and utilities are accessing the web. Run a search in the taskbar for “cmd”, then right-click on the Command Prompt result and choose Run as administrator (which you may or may not be able to do on a company computer). If and when the window opens, type the command [ netstat -b -n ] and hit Enter.
What you’re looking at are all the executables (programs) accessing the internet from your computer. Again, some detective work might be required to identify the ones that aren’t just labeled “chrome.exe” or something equally easy to interpret.
Another option is to run some kind of on-demand antivirus or antispyware package on your machine, though you’re obviously going to run into problems if you’re limited in terms of what you can install on company computers. Some monitoring tools can be detected in this way and some can’t, but it’s worth a try.
Emsisoft Emergency Kit is one of our favorite tools for this particular job, because it’s free, lightweight, and simple to run. We also like HouseCall from Trend Micro, but it’s geared more towards malware that’s trying to do some actual damage than the spyware we’re talking about here. SuperAntiSpyware is another program that’s always worked well for us, and it’s free for running manual scans.
If you’ve been issued a Mac machine by your employer rather than a Windows one, the principles are the same. In place of Task Manager, there’s Activity Monitor, which you can call up from a Spotlight search (hit Cmd+Space to bring up Spotlight).
The CPU tab is a good place to start, though Network is useful as well: Here you see everything running (and connecting to the network) on macOS, so you can pick out the apps and utilities you know all about and those that are a little more on the suspicious side. If there are any you’re not sure about, run a search on them from your phone (off the company network) or when you get back home.
To check which applications are starting up with macOS, you need to head somewhere else. From the Apple menu click System Preferences and then Users & Groups. Under your username you’ll see a Login items tab, which will show you programs that always start up when you reboot. Spyware programs won’t always be visible here, but you might see something.
As for monitoring programs accessing the web, the macOS equivalent of the command prompt is, of course, the terminal, which you can also find via Spotlight. You’ve got a host of options here, but we’re indebted to OSXDaily for a simple and useful one: Type: [ lsof -nPi | cut -f 1 -d “ “| uniq | tail -n +2 ] to see the name of every app looking to get online.
There are also third-party applications that can help you with your spyware hunting, just like Windows. The aforementioned Trend Micro HouseCall is available for Mac and will do a simple on-demand scan for you, and we’re also big fans of the free KnockKnock: It can find apps launching with macOS, as well as plug-ins, scripts, extensions, and other add-ons you might not know about, making it a fine spyware hunter.
Also worth mentioning is a cool little program called EtreCheck, which takes a peek under the hood of your Mac to report on hardware and software issues as well as any unwelcome software that you might not know about. It can flag potentially suspicious issues that other utilities might not spot.
CleanMyMac X will set you back $90 (or $40 per year), but it’s a very comprehensive clean-up, maintenance, and security program that can keep your Mac safe and performing at top speeds for years to come. With its malware scans and ability to dig into some behind-the-scenes settings, you can also use it to find spyware. As with Windows though, you might not be able to install your own software on a company Mac.
The employer/employee relationship can be a tricky one and you might not think it worth the hassle to start looking for spyware installed on your computer—maybe you’ve got too much work to do to think about it anyway. If you do suspect something has been installed without your knowledge though, the tips above should help you track it down.
If you do discover spyware, then you’re in an even more awkward position than you were at the beginning. You might want to curb your Netflix use in office hours, you might want to request a meeting with the head of IT, or you might want to start looking for new employment, depending on all sorts of other factors (such as whether you were notified about the monitoring in the first place).