EfficientLab is a relative newcomer to the surveillance sector, with its software products first gaining notoriety in 2013.
It has an office in Miami, Florida, but the software development side of this solution appears to be based in Belgorod, Russia.
Its products promise to increase productivity, prevent unwanted data thefts, improve efficiency and provide a new level of HR management.
Work Examiner is a software solution that has three distinct components; client, server and console.
The ‘client’ software must be installed on the machines that you wish to track, and the server can either be placed on dedicated server hardware or the logs sent directly to an administration computer.
To view those logs and process reports requires a console app, installed either on the admin machine or dedicated server.
It can also get a screenshot of any live system, and you can see what apps are being used by the client and when they were launched.
But it also records inactivity too, if the mouse isn’t moved or the keyboard pressed for some time.
Work Examiner can also capture and save every email message sent or received through the Gmail, YahooMail, Outlook.com web services, SMTP and POP3 protocols, as well as MS Exchange messages from MS Outlook.
Although, for a small business sending many emails, having it collect complete copies of all communication could double the internet bandwidth needed if the service isn’t running on an internal server.
If that wasn’t enough, Work Examiner also has a key logger, allowing the capture of all keyboard input, including anything typed into a chat panel or even passwords.
Alongside all the tracking code, Work Examiner also has web filtering, allowing even remote systems not going through the internal firewalls to have their destinations limited.
The limitations of this product are headlined by it being exclusively for Windows computers.
Those businesses that use Chromebooks, Apple Macs or Linux systems won’t be able to use this tool on those systems, and there are no mobile platform apps either.
A strong point of this product is the ease of deployment. Getting the client on to machines is straightforward and quick, with an admin login and password the client can rapidly installed from the console, or via a script.
Once installed on the client machine it automatically appears in the console app, and if you used Stealth mode, the only easy way to remove it is via that tool.
From the user perspective, it doesn’t appear as an installed app or as an active process.
As we’ve already mentioned, on the computers the client is installed there is no interface of any kind if it is installed in Stealth mode. Because the purpose of this mode is that employees aren’t meant to know it is on their computer, surely?
While you mull-over that bombshell, the interface on the console application is the only one that those deploying this tool are likely to see.
The lack of a user alerting system creates a situation where employees are tagged as breaking company rules without their knowledge, even if it was unintentional.
Although the web browsing functions do have an optional timer to allow each user 30 minutes of each day for free surfing and inform the user how much of his/her time is left.
It is also possible to have a splash screen appear when the user logs in, for those that want to remind all employees that they are not trusted.
The interface of the Console has a very old-school vibe to it, using a layout and menu system that wouldn’t have looked out of place on Windows 2000.
It’s easy enough to follow for typical IT staff but is unlikely to win any design awards.
What we found a bit worrying about this product is that by default, the Console component has no security or control mechanisms.
Therefore, if anyone has access to the machine it is installed, even briefly, they can look at any system the client is installed on without any further restrictions.
Some login verification would be advisable at a very minimum, and ideally, the console should need an account and password to launch.
For those that have Professional licensing, the product integrates to Active Directory, so it can identify those individuals using the computers better, but it doesn’t use the security components of that service.
Plans and pricing
Work Examiner has two tiers; Standard and Professional. And, they cost the same $60 for those with a very small number of machines to monitor.
But at three or more licences Standard reduces to $45, where this reduction only kicks in at twenty licences on the Professional plan.
The cost is for a perpetual licence and covers the cost of support for the first year. Given how Microsoft likes to change Windows 10 every few seconds, there isn’t a guarantee that this software will keep working. A service contract is probably a necessity.
The cost of a year’s support is $30 for a single license (Standard or Pro) and slides accordingly as the volume increases.
A critical difference with the Professional option is that captured data is secured on a local SQL server, wherewith the Standard plan it gets pulled to the system admins machine.
If you intend to go down the professional path, some server resources need to be made available to run SQL, and the cost of that and maintaining it must be added to the overall costings.
As a product for monitoring employees, Work Examiner ticks most of the boxes.
It’s entirely stealth, so it can’t be shut down by the user. It filters web addresses, tracks application installations and launches. And, it can even key log a system to identify anything that is typed into the system, and when.
The reasonable concern is that with this power comes responsibility and Work Examiner are promoting it as a tool that enables senior people to see ‘who comes early and who is late’. Encouraging employee overworking is thinking that was roundly rejected as ultimately counter-productive by business experts decades ago. Just ask Japan.
We also couldn’t find any reference to the legal implications of monitoring employees without their implicit consent (as defined in work contracts), or that running this tool in some regions might break employment laws or human rights legislation.
And, no warning about the double-edged sword that the capture of data that proves that employees aren’t taking a regular break from the computer screen or are working hours above local employee legislation, could be used to prosecute the company.
None of these subjects is mentioned by the Work Examiner site, leaving customers with almost no ethical or legal guidance at all.
A big selling point is that the product is entirely stealthy, and it is. Depending on how you view these things that could make it more effective since it can’t easily be disabled, or employees won’t know it is on their system. However, what isn’t talked about on the Work Examiner site is the legality of doing that or the detrimental impact on employee trust when this secret tracking inevitably becomes known.
The emphasis is clearly on the purchaser to work out where the legal boundaries of deploying spyware in their region if they care enough to do that.
Putting the ethics of spying on employees aside, Work Examiner does what the makers claim for it on Windows-based computers, even if the solution isn’t elegant or security-minded.
If you want a solution that can monitor systems for unwanted activity, then this tool will do that. But without greater consideration for the workforce and the law, it could also have unintended negative consequences.