The security implications of this software must be devastating. To prevent being defeated by the employee, it'll be essentially a rootkit already. Any black hat that finds a way to gain authorization will basically have a ready-made botnet. Let alone all the personal and corporate data they would be able to ransom and sell.
And the privacy implications. Which is why it's illegal in parts of Europe.
>Any black hat that finds a way to gain authorization will basically have a ready-made botnet.
This has actually happened with viruses, cryptolockers, etc before. Get access to Windows group policy, add the virus to it, see it being spread around.
Not 100% sure, but I think one of Netherlands/Sweden/Finland is on that list. The reason I know this is I work in a multinational firm and there were issues with a monitoring tool. Also, parts of Europe have expectations of privacy even in a work environment, eg. an employer cannot read your work emails, even though they reside on their servers and are part of their "work".
Czech Republic. There are few exceptions to this (power plant control computers, stuff like that), but generally, it's illegal. EU is a bit less restrictive about this, but company-wide, systematic monitoring is forbidden everywhere.
The difference there is that Microsoft has a huge, dedicated security team, and has spent the last ~15 years aggressively improving their security posture, as opposed to some spyware author that decided to go 'legit'.
I think the parent commenter was making the point that if the person with the keys to the kingdom is compromised, so is the kingdom. I was trying to point out that this is the case with any tool that has access to many systems.
