A Techworld story nailed a worrying problem: "Employees are lazy, slipshod rabble", who each burn an hour of company time every day surfing the Web. One answer to the problem of policing this problem is Spector CNE – corporate spyware for the caring network administrator. Spector CNE uses a server/client agent model to give finely-tunable access to staff (in)activity on a per-machine, or per-user basis. Spector CNE's Control Center application manages to install the client remotely without relying on Active Directory and without triggering those clues that warn users that an application is being installed on their desktop. All Spector CNE requires is domain administrator rights or local administrator rights to each client. It can then access the hidden administrative share at the root of the client's hard drive and the Scheduled Tasks share. Install started badly... it failed with set-up ceasing to respond once it got to create the Data Vault files – where Spector CNE stores captured user data – on the server. A second attempt went better and after install we'd acquired two extra programs: Spector CNE control Center and Spector CNE Viewer. But when we ran the Spector CNE Control Center, it appeared to die with no error message. We were about to uninstall Spector CNE a few minutes later when the application appeared. After install the next task is to configure clients. Spector's approach to client configuration is elegant: the "Manage Computers" node in its Control Center boasts a right-click option called "Deployment Utility". Selecting this fires up a deployment wizard that proposes what activities to monitor. Once the wizard completes, it writes the settings to a "settings.ini" file and prompts you to use settings.ini to build a set-up file for clients. Called "spsetup_Settings.sds", this file is pushed out to the clients and drives remote installation. Irritating
Correct client licensing is clearly a concern for Spector... Firing up the Spector CNE Deployment Utility also fires up a dialog box that forces administrators to agree to Spector's License Agreement, or refuse it, or to review the agreement itself. Agreeing to the licence brings up the same product serial number box we saw when we first installed Spector CNE. Only this time, it is pre-populated with the licence number we typed in when we originally installed the product. In other words, Spector CNE is asking us to agree to something it knows we have already agreed to. That's not a back-breaker - but it is irritating. Our client deployment utility creator failed with the same coquettish silence shown by the main installation program, leaving just a blank white rectangle against our desktop and a static hourglass. Eventually, the window's title bar appended the "Not Responding" text to the Spector CNE - client Deploy Utility title bar. The fix was simple: run the utility again. This time it ran perfectly and speedily. A lot of thought has gone into ensuring you can fine-tune your data capture – without filling your hard drive if you don’t. For example, the desktop snapshot capture facility defaults to taking snapshots every 30 seconds but the images will, by default, be deleted over a rolling five days. The same attention to detail is visible in the next dialog, where e-mail capture includes webmail but doesn't capture attachments unless you set it to do so. If you do, Spector CNE deletes data after ten days and limits the captured email data to a maximum of ten megabytes – unless you tell it otherwise. A keyword capture feature forces Spector CNE to react if it detects users typing certain keywords. It can be set to immediately e-mail someone or, by default, to start capturing screenshots every five seconds for a minute after a keyword is detected. There's also a nice ability to create a warning message that users see at logon, which may help protect the company from breach of privacy claims. You can also limit data capture to specific applications or limit it to specific users. The website access screen allows you to either block or allow access to chosen websites and you can import and export that website list. Spector CNE also captures access to shared folders and local folder access. The area where troubles are most likely to occur is in pushing out the client configuration file where the network is in workgroup mode or where users have been allowed to disable domain administrator access. The Administrator on Spector's server must have Administrator rights on each client. Therefore you must have – or create – an identical user on each client and the server computer, with identical letter case and an identical password. That may not be how your network is actually configured because Windows Server does not care if you log on as "BOFH" or "bofh" and so you may not have worried about case when you created local accounts at the console. Another reason you may not be able to install the client file is that Windows 9x and ME requires that administrative access to C$ be enabled manually. During install, we hit a dialog box that warned: "ERROR: Reserving Spector License for client6" The fix was simple. Highlight client6 in Control Center's "Manage Computers", right click on it, select "All Tasks", select "Diagnostics", and then work through the various tests. Client6 passed them all! Clearly this is a license issue. Select "Manage Computers", right click and select "All Tasks", select "License Summary" and note from the licence summary that we have burned through all the licences we had paid for. Looking at the data we are capturing, it's clear that the biggest problem is going to be working through captured data. It includes:
  • Screenshots
  • Mail
  • Chat and instant messages
  • Keystrokes
  • Access to website, shares and local folders
  • Programs used
  • Specified keywords
You have to hope that all you have to do is hand the files over to the police rather than have to scour through them yourself. Also be aware that if you are going to use Spector CNE to monitor users in a branch office through a firewall, you will need to open port 16770 to view client activity in real-time. The outgoing data vault stream will also need port 16769. You should also open port 2468 for the Spector CNE server to communicate with clients.

OUR VERDICT

Monitoring staff usage of company network infrastructure is a wise step given the effects on productivity of free Internet access. Spector CNE solves the mass-deployment challenge while enabling highly configurable - and extensive - data gathering.