If you catch a new 'ripple' at any time during the day, quickly open a console window (start -> run -> cmd) and type netstat -a. This gives you a list of currently open TCP/IP connections. If there are active (not just listening) connections on port 3389 then someone maybe checking in on you via windows Remote Desktop. 5900? VNC. Check out any funky connections on other ports that may be trojans or backdoor apps. Record the connected IP and hunt them down.

Less ninja-ish things to do:

Check if remote desktop is enabled: control panel -> system -> remote. It will not show up in your process list as it is a service.

Check if VNC is installed as a service or an application.

Go through your services list (control panel -> admin tools - services) item by item and look for fishy, automatically enabled services.

You should probably be running an antivirus product as well, but in light of that you should at least occasionally scan your system with stinger.
posted by datacenter refugee at 3:03 PM on July 7, 2006

Your suspicious activity can be explained in many ways that do not necessarily lead to pananoia. Are you able to set your own desktop background/settings? A periodic refresh can be a result of Active Desktop settings being applied via Group Policy in a Windows environment that is typically used to distribute information to staff and students.

As to the slower desktop speeds, a lot of antivirus software runs periodic checks on workstations that can affect performance. Also, the Windows update client can cause a slight slowdown when checking for updates. There are desktop management clients (altiris, ghost) that are used to distribute software updates to workstations in the organization that require periodic checks to the server services etc. that can also affect performance.

All that aside, in any organization with a somewhat competent IT staff assume that your activity is being monitored. In any large organization, the amount of data that is produced by any inline scanning software is enormous. Even if you are being "monitored", it is usually in order to pinpoint issues that affect the overall institution and not what one person is doing on their workstation.
posted by purephase at 3:03 PM on July 7, 2006

Interesting question. Would it be too much derail to ask the exact same question, but in regards to Macintosh systems?
posted by UnclePlayground at 3:13 PM on July 7, 2006

I work at a univ and our usage is definitely monitored.

I think they could read all emails and track all internet sites (God help me if they do), but mainly what they are looking for is drags on the system, like files that take up too much memory and programs that IT doesn't support.

Our IT guy came buy a few weeks ago and asked me to move all my iTunes files off my drive on the server, so obviously he was able to go into my drive and see what was taking up space. Our IT guys know everybody's passwords but they use the knowledge for good, not evil.
posted by Sweetie Darling at 3:29 PM on July 7, 2006

The computers at my work are definitely monitored and I'm told that they are itching for someone to make an example of...

That being said, I happily browse MetaFilter and other sites all day, but nothing inappropriate.

They also do virus scans and push updates over the network and these can occasionally slow my machine down. I have JBuilder, Toad, PowerBuilder, TextPad, IE, Firefox and Winamp running at any given time so I notice when something else is hogging resources.

The wednesday at noon virus scans are the killer though. If I don't avoid it by changing my system clock, my build times quadruple. Thankfully Ask.MeFi still loads quickly :)
posted by utsutsu at 3:37 PM on July 7, 2006

Are you using Kazaa? It will "ripple" desktop icons.
posted by null terminated at 3:51 PM on July 7, 2006

I sometimes get the same ripple effect when I copy a large amount of files from one Windows Explorer window to another. After the copy, the destination Explorer window refreshes and will sometimes cause the desktop to refresh, thus rippling the desktop icons. It also happens when I change something in my desktop appearance settings (like my desktop background). This happens both on and off a network.
posted by phrayzee at 5:23 PM on July 7, 2006

Call the Helpdesk. Ask them if the University monitors Internet usage. You can tell them that you are researching breast/testicular cancer for a close relative and don't want to cause troubles, if you feel awkward, or that you have been discussing academic freedom in your department. The Helpdeskers are highly skilled abusers of bandwidth, so they'll know.

If they are monitoring your usage, you probably wouldn't know it. When I worked for a company that did monitoring, it was not noticeable by users.

The ripple is likely caused by the Explorer (Windows Explorer, the file manager, not quite IE) refreshing, or even stopping and starting again. You can look in the event log (My computer, right-click, choose manage, choose event viewer), and see if there's anything interesting with the correct time-stamp.
posted by theora55 at 6:26 PM on July 7, 2006

Moreso in a corporate environment than an educational one, just assume you are being monitored (even if they say they aren't) and don't do or say anything using their equipment/net connection that you wouldn't want to get caught doing or saying.
posted by robbie01 at 6:57 PM on July 7, 2006 [1 favorite]

I work for a IT consultant, so I have been involved with a couple of corporate networks including the usage policies and security.

First ask the helpdesk but they may not know. Virtually every organization I've been involved with doesn't monitor employee network usage, but can if necessary. I've worked for very large companies and can only recall one firing over something like this. Evidence was gathered against the fired guy by checking firewall logs not directly monitoring usage.

People have strange visions of day-to-day IT life. Most times you are too busy to go on fishing expeditions for a few contraband files - it is a poor use of resources and seldom "adds value" - "adding value" is a mantra of IT departments.

Security threats are usually logged by something running on the servers and it is probably read by someone in IT -. This can and does include fire-sharing programs (this hogs bandwidth) , and hacking and password cracking tools. If I find a security threat, the next thing I do is try to figure out if it was installed on purpose - having something this, installed on purpose is likely to get IT security on your case.

Some organizations worry about drive space so MP3 collections are not something to store. Network drives are usually backed up and backing your music is not a good use of resources. Some IT departments don't like it.

A word to the wise. If a help desk person or desktop support person tells you it may be a good idea to remove something do it. They are trying to be low-key about something serious.
posted by Deep Dish at 8:11 PM on July 7, 2006

Your computer usage can be transparently and (essentially) undetectably monitored by any competent IT professional with administrative access to the network. The question of observable symptoms is as much as anything a red herring, if you're actually concerned about monitoring in general rather than wondering whether a specific process happens to be running.
posted by cortex at 12:43 AM on July 8, 2006

I'm amazed at how much I find myself saying this on MeFi...

If you're using someone else's machine in a corporate or academic setting, just assume you're being watched and act accordingly. Any institution with geeks even close to being worth their salt is watching you because it's easy to do and it cuts down their liability a little bit.

Even if they say they're not watching.
Even if your supervisor is really nice.
Even if everyone else is doing the same stuff you are.
Even if the utility you ran didn't find a snoop bot.

If it's an institutional PC, (and even possibly a personal machine on the institution's network) they're watching. The only time you should do things you don't want them to see you doing is when you don't care about the consequences.
posted by SlyBevel at 2:46 AM on July 8, 2006 [1 favorite]

Can't you just ask your IT guys if you are being monitored?
posted by Orange Goblin at 4:47 AM on July 8, 2006

To Uncle Playground: if parent were on a Mac, the process would usually show in the Activity monitor - I think as ARD, which stands for Apple Remote Desktop, the app used to make the system available to the administrator.

There is an option to show or hide the little set of binoculars that shows the status of ARD in the top menu. If "the Man" wanted to be completely sneaky, they could set that to be invisible so they only way to know is to check processes.

I've found ARD to be transparent, that is most often you have no visual indication aas a user that the admin has just started monitoring you so you'd be guessing most of the time whether the tool is on or not. Perhaps any Mac admins there have any other input or experience?
posted by iTristan at 6:26 AM on July 8, 2006

It's legal for employers to monitor what's done on their equipment, so just assume they are, to be safe. You probably won't ever get in trouble if you're doing your job at work.
posted by JamesMessick at 8:21 AM on July 8, 2006

This thread is closed to new comments.