I'd be interested in a tool or list of reliable detection methods for the presence of these programs. Do regular antivirus programs that can be user added detect these by default? I woud assume the one supplied in the company configuration has these whitelisted.
I'm almost inspired enough to create an open source "killer" of these background programs. "Bossware" is one of the most infuriating things I've seen wrt employment in a little while.
Depending on your definition of bossware, this may or may not be practically impossible. If you consider carbon black to be bossware, you would have to exploit the operating system vuln to get around it.
Every once in a blue moon, our security team runs a p99-latency scan on my laptop, that basically bricks it. I’ve tried and failed to kill it, but I’m open to suggestions!
If you have admin on your machine, turn unload the kernel extensions and turn it off. One dirty secret is that many IT departments wont notice or wont care.
Unlike HN readers, most employees do not have admin on their work computer, and for good reason. Doesn't mean they should suffer 'bossware' and most certainly not without informed and explicit consent.
Had a teammate do something similar but much simpler in the past (think limiting execution and FS permissions). This is unlikely to end with management appreciating your initiative.
I would start with presence detection. Removal might be in this specific cases better handled through a process that forces the company to remove it based on rules and regulations if possible. Most employees will not just want to start a tech war with the company admins.
