CStacy@REAGAN.AI.MIT.EDU (Christopher C. Stacy) (02/28/89)
Date: Thu, 23 Feb 89 10:41:46 PST From: Peter Scott <PJS@naif.JPL.NASA.GOV> Subject: Reach Out and Spy on Someone To: RISKS-LIST@KL.SRI.COM An article in _Digital Review_, February 20, under the title "Reach Out And Help Someone" reviews a package for VAX/VMS called Video, from Performance Software. The subtitle says, "...system managers and training coordinators can keep an eye on user activity". Among other things, this package allows anyone with appropriate privileges to see what anyone else is typing and receiving on their terminal (passwords excepted, I suspect), or to "take over" another terminal and broadcast their own commands to it. You can also record terminal sessions and play them back at leisure. "With the Video Seer utility, system managers can monitor terminal sessions to detect system abuse or simply to identify performance drains on their systems." Oh joy. The ITS operating system (created about 15 years ago on PDP-10s, still in use today) allows users to spy on each others screens anonymously, and also to type on each others consoles. I believe that some other old systems (such as PLATO) may have had similar capabilities. On ITS, I found these features invaluable for assisting users who were having trouble, for observing students, and also for monitoring system intruders. ITS did not implement any system security, and anyone could Spy, read anyone's files, etc. Spying is similar to the capability on most systems of some privileged user(s) being able to access anyone's files and mailboxes without their knowledge. The information privacy issues and potential abuses are probably exactly the same. If access to someone's files is like access to their desk drawers or their locker, spying on them is like looking over their shoulder. There are clearly legitimate ways in which these capabilities can be used, notably in educational settings; it's all a matter of the involved parties understanding and agreeing to the situation. As a security tool, spying is only useful for monitoring the session of an intruder in action; having a security officer to sit around spying on users at random would be ridiculously ineffiecient, and would violate security principles. Monitoring the sessions of users on a keystroke basis is fairly obviously a pretty stupid way to conduct either a machine performance or operator productivity analysis. There may be some legislation somewhere about using these sorts of capabilities, and I imagine that the unions have an opnion on the matter.
EVERHART%ARISIA.decnet@GE-CRD.ARPA (02/28/89)
There have been several programs on the DECUS VAX SIG tapes and in other places for this purpose over the years. Best one so far is WATCH which was on the Fall '88 tapes (complete with source). It allows you to monitor what goes on at any other terminal, except DECnet remote terminals (whose internal architecture is very different from all other examples.) When used in conjunction with PHOTO one can very easily obtain a machine readable log of someone else's session. If used also in conjunction with BOSS, one can do this without giving up one's terminal. This involves some extra processes and system diddling, but is not too heavy a load even for a 750. However, watching someone's terminal sessions is not something that's desirable overall due to the generation of lots of junk information. The best way to handle people who are suspect seemed to be to force them in their logins to fire up PHOTO with a logfile that can be read later as needed, then log the session out if PHOTO finished. A logfile created in this way could perhaps be transferred via mail to a holding area where it could be examined and would be outside the security domain of the victim. Since it would be open during the entire session, it could not be deleted from the photo session. (Batch or the like are another matter; a short window would have to exist.) This avoids need for things like WATCH. However, WATCH is very handy for dialins, both to ensure they are attempting nothing dangerous and to offer help as needed. It needs hefty privs to run, but since it's PD, the capability exists in essentially ALL VMS installations. Does Unix have a similar capability? Is it PD? Glenn Everhart everhart%Arisia.decnet@ge-crd.arpa