Data mining? Does anyone work in a corporation with "Shadow" technology?

There is much discussion about the NSC and "data maining" ...They look for keywords and then intercept the message or email. But are they really that backward? I presently work in a place where they have the technology to tap right into your computer and watch your mouse movements. They see everything except your hand on the mouse. They can see how you move the mouse and what you click on. They can even record it and watch it later to see what you are clicking on your computer. After all, that is company property - it is not your personal computer.

But, that said, why should we think that NSC and intelligence does not have the same technology tenfold? All they need is your IP address and then they can spy on you anytime they want - not just your email but all your computer movements...even this "Screw them!" that I just printed. Anybody else work with this type of technology?

doesn't mean they can "spy on you anytime they want'.

Just doesn't work that way. If you have software installed on your computer which transmits your mouse movements, it's a different story.

If you search C:/ drive for "shadow.*" it pulls up such a program? What does it do?

Personally I don't trust MS products and thus don't use them.

Just an example--when you install Windows Media Player on a Mac it's not a straight plug-in type download. You download software first, which contacts the MS website and then downloads the player.

What's the harm? The software you downloaded could easily scan your entire hard disk and transmit data back to MS. It bypasses all of the security features implemented in browsers to prevent hackers from getting access to your files. A program like this could install just the type of program you're talking about--one which transmits every mouse movement over the web.

I have a great restore program, so I just renamed both of them (which should essentially make them unusable without losing them). We will see if that screws anything up in the near future.

can do SHADOW copies of your hard drive. Like point in time backups. Volume shadow copies.
SHADOW is also a terminal services term used to by administrators to assist users by sharing a terminal sessions (like remote control)

If you are curious as to what a file does you should google it first.

I found that as with all MS programs the only thing of interest is that it says NOT TO MESS with this program. So I got offline and ran a couple of tests.

First since I have a third party restore program, it works even when the files are renamed.

Second, unfortunately, Windows recreates the file upon reboot. So, I think I am going to try putting a blank file name shadow.exe in there and see what happens.

Last the file description in properties, specifically says remote operation software. . .

I will post again once I find out how a blank file responds to normal things like rebooting, restoring, and getting on line.. . . . . bbl

to this file? There is a remote control tool that uses this name. However Microsoft also uses this on xp and 2k3 server to allow legit remote access. Windows will put protected files back if you delete them, however a sophisticated hack can do the same.

c:\windows\?

This is the legit path.

C:\WINDOWS\SYSTEM32\DLLCACHE\SHADOW.EXE

careful using a blank exe, the os could try to execute it and cause tha machine to crash.

The paths are
C:\Windows\system32\shadow.exe

and C:\Windows\system32\dllcache\shadow.exe

Now upon more diligent googling I found a site http://www.spywaredb.com/remove-winshadow/

It has two options, one a spyware program that will remove it, and a long format as to how to remove it that seems a bit "scary" to say the least.

But its intro also lets you know how scary having shadow on your puter is in the first place and how easily someone can be monitoring you.

snip
WinShadow is one of Commercial RAT spywares.
Finding it on your computer means that your computer is infected with Commercial RAT and crucial data could be endangered or even lost.
WinShadow description by publisher:
Vendor: ´allows one or more client computers to connect to a host computer, creating a remote control session over the Internet or private WAN/LAN network. The client session is a window displaying the desktop of the host, & via it, the client can access any file & run programs on the host computer. The winShadow Server Manager runs as an icon in the System Tray. Using the winShadow Server Manager, you can: º ´Quick Connect´ to a host. º Run winShadow Neighborhood. º Invite a remote computer to become a client for this computer (useful if this computer is behind a firewall). º Stop & start the winShadow Server. º Configure the host properties for this computer.´
>> Delete WinShadow automatically - Download SpySweeper
snip

So I decided that before I do anything else I would try to locate it in system configuration, wherein SERVICES I find two shadow services being run. . . so I unclicked those two and I am debating on whether to try the long hand self delete contained at the above link or the SpySweeper free download.

it is capable of stopping the "intrusions" by outside sources. I have had Zone Alarm for many years now. It seems to block all incoming inquiries, because once I get offline the list of blocked incoming queries is HUGE. Particularly if I use the "Engage Internet Lock" option. This option locks everything that is PASS Lock approved. For example, Firefox is passlock approved in my settings, so long as I am open to DU, fine, I can browe, chat, and reply. . . .BUT I cannot go to any other domain until I release the Lock. Granted it is a bit of a hassle to lock and unlock as I go from site to site, but generally I only frequent a few sites anyway, so for me it seems worthy.

However I have no way of knowing if others are really being locked out, or is it only certain types of inquiries relating to my bios and "sensitive" material. I would be interested in running a test with someone who has access of these shadow programs to see if you can in fact "see" everything I am doing online while zone alarm is supposedly locking everything out.

many things. Especially bs viruses and hacks. But like your home if someone really wants to get in they will. If they are good you will never know they were there.

Is available to companies to monitor all aspects of use of their property (computers). Terminal monitoring, content monitoring, email monitoring,etc are all available.

Most companies monitor for things that will get them sued or for people who blatantly fuck off on the job. Some companies do nothing.

Yes they can but there are many more citizens than people who can monitor the data.

received an automated notice that a notation was entered into her personnel file regarding inappropriate language in an email. She had exchanged email with our daughter in which she jokingly said she was going to sell our grand son to the highest bidder. Wife returned with "If I don't get last look I'll kill you!"

The software picked up the sentence as a threat and automatically placed the notation. Wife had to go to HR and show them the entire exchange to get it expunged.