They are installing this on the network in a month.

Basically it inventories software on all the machines on the network, and therefore can identify software they don't want you to have. Yahoo, AIM, Trillian, whatever.

If this goes through, I am going to be one bored bastard. My work is cyclical and cleaning the office between projects gets boring.

Do any IT people on AO use/know this software?

I'm trying to figure out how it scans, how often it scans, and if there is a way to get around it / trick it.

Any help is appreciated.

Im not certain of this product, but many look for the following;

Known ports listening on the target machine.
Checking for software installed in the default directory structure.
Listening to network traffic, seeing what is going to where and from where.

For any network based software (IM programs) you are pretty much screwed since they can just analyze network traffic and look for specific port ranges. Since the IP packet carries the host IP along with target IP and port there isnt much you can do about that. Most companies just kill the outgoing packets at the firewall but that doesnt keep you from installing.

As for scanning you can pretty much assume that any heavy scanning of machines is going to occur during non-peak hours, but this is typically going to be system scans. Scanning a system is remotely will create allot of network traffic and is somewhat frowned on during business hours. However it does occur and when your hard disk start going nuts and the lights on your network card starting blinking like mad for no reason that is usually a good sign something is going on.

Aaron



They are installing this on the network in a month.

Basically it inventories software on all the machines on the network, and therefore can identify software they don't want you to have. Yahoo, AIM, Trillian, whatever.

If this goes through, I am going to be one bored bastard. My work is cyclical and cleaning the office between projects gets boring.

Do any IT people on AO use/know this software?

I'm trying to figure out how it scans, how often it scans, and if there is a way to get around it / trick it.

Any help is appreciated.

http://www.microsoft.com/windowsserversystem/virtualserver/evaluation/trial/default.mspx
Build your OS as a virtual machine so it won't be inventoried as long as your OS doesn't run the login script to install.

The software will probably scan directory structures but it's faster to scan the registry hives.
The software will probably be executed as part of the login script or an installation package. There will probably be a program running as a process that monitors but that seems pointless to continually monitor. Maybe it'll report back once every few days.

http://www.altiris.com/products/clientmgmt/

you may want to try installing a software firewall on your machine, something like sygate.

also, disable netbios and disable SNMP on you desktop. that may keep you out of the crosshairs until an IT admin realizes he cant audit your machine, and goes to the desktop and figures out why.

My work uses it. They way it work is that a client is installed on all computers and sends information to the ALtiris server. IT can inventory software and some hardware. It logs your IP address, the last person who logged on, control computers, and can also install software.

The problem is they have user privs down pretty tight on workstations, theres tons of software I can't install due to the access restrictions.

Borking the client is always an option. Just gotta figure out what dll to corrupt and problem is solved till they get off their lazy butts and come fix it.

Also, I'm wondering if the client keeps a log file, or sends data directly to the server. If theres a locally-based log file it sends in once per day or so, well, that makes things easy.

You can run Firefox from a zip file on a cdrom or USB Jumpdrive. So at least you can still surf the net.

As for trillian, aim, and such, you'll probably have to connect into a remote machine and use desktop sharing software such as VNC that doesnt require an install and the EXE can be renamed to something benign like Notepad.exe

You can run Firefox from a zip file on a cdrom or USB Jumpdrive. So at least you can still surf the net.

As for trillian, aim, and such, you'll probably have to connect into a remote machine and use desktop sharing software such as VNC that doesnt require an install and the EXE can be renamed to something benign like Notepad.exe

I'm a BIG fan of Remote Desktop Conection. If you have Windows XP on your work machine, chances are pretty good you have the RDP client installed. Try Start > Run > "mstsc" > OK.

I use Dynamic DNS on my broadband connection so I don't have to remember my ever-changing IP, open port 3389 and pass it to a machine setup to accept RDP sessions. It's all pretty easy to set up and you can do anything on your remote computer you could do on your local (except maybe print or save to a disk), but I have FTP setup so I can download any files to my local PC to print or transfer.

Obviously, you'll need to keep a machine turned on an what-not.

I'm also a fan of AIM's web-based client, AIM Express. It's Java and runs very well.

Hope this helps ~ David

Yeah I think I'll be stuck to using java-based AIM / Yahoo for a while, and if I want to run anything that could get me in trouble, just rename it to something that won't put up a flag.

I have Win2K at work currently, but this PC is ancient, so hopefully if I get a new PC soon, it'll have remote desktop.