Hunting for forbidden apps on users’ desktops

Back in the day when I was a network manager – you know, when we used coal-fired servers – it was a tedious, but necessary, project to periodically scan the network for user-installed programs that were forbidden on the network.

We didn’t search users’ local drives, but only because the technology to do so would have been way too expensive. Today, though, there can be legal repercussions if users surreptitiously install software on any enterprise disk drive, local or remote. Copyright violations, sexual harassment incidents and malware (viruses, worms and Trojans) are all things you need to be aware of and remove as soon as they’re found. Simply not looking for them is no excuse, as any good lawyer will tell you.

Some time ago, Novell’s Cool Tools Web site offered “Program Killer” (https://www.novell.com/coolsolutions/tools/1402.html), a client-side program that would sit in the Windows’ system tray and monitor the PC for specified program files. It was written by Joshua Kinard as a reaction to the spread of Napster and other peer-to-peer file sharing applications that not only caused (and still cause) legal headaches but also hog the network bandwidth preventing legitimate enterprise software from performing at its best.

Building on this, Charles Hucks recently released “Program Monitor” (https://www.novell.com/coolsolutions/tools/1896.html), which adds a few new wrinkles to essentially the same idea – a service that monitors running processes on the client desktop machine and unloads them if found.

Both programs were written for school networks (hotbeds of peer-to-peer file sharing), but Hucks’ program allows administrators to specify two separate lists of forbidden applications: one for students and another for teachers.

You could, of course, adapt this to your situation, e.g., one set for workers another for managers, one set for IT another for everyone else, and so on. It will find the programs even if the executable files have been renamed (a favorite trick of those hoping to hide their forbidden activities). It checks the running processes every 30 seconds, and checks the list of forbidden apps every five minutes so that you can easily add or remove items from the watch lists.

Huck’s program comes with full instructions for silent installation and operation (running either from the local drive or a network drive) and can be integrated with ZENworks to ensure that it always runs. If there are things you want to keep off of your network and off of your users’ desktops, then this might be a useful tool for you. While it’s still a work in progress, Hucks says that it’s “used in 3 high schools without any noticeable problems (other than the students getting really annoyed).” Do your users need to be annoyed?