Detekt, a free tool for Windows to detect surveillance spyware

Martin Brinkmann
Nov 20, 2014
Updated • Sep 21, 2018
Software
|
38

Detekt is a free tool for computers and devices running Windows operating systems that scans for traces of surveillance spyware on the system.

Designed to provide journalists and human rights activists with a program to detect potential surveillance spyware on computer systems, it can be downloaded and used by anyone running Windows computers.

The program, developed and released by a group of human rights and technology organizations including Amnesty International, the Electronic Frontier Foundation, Digitale Gesellschaft and Privacy International, will alert users if it detects intrusion tools on the PC it is run on.

Update: The original website the program was published on is no longer available. You can download the last version that was released from third-party download portals such as Major Geeks. Please note that Detekt may not detect newer threats due to the lack of updates since 2015.

Detekt

Detekt is simple to use. It needs to be started with elevated rights, which can be done with a right-click on the program and the selection of run as administrator after download.  The application is compatible with Windows XP SP3 as well and you can run it with a simple double-click on systems running this version of Windows.

The file itself has a size of around 26 Megabytes and the program itself is portable which means that it does not have to be installed before it can be run. The source code of the program is made available as well.

The developers suggest that you cut the Internet connection before you run Detekt on a system and close all open programs as well. This is done to avoid false positives and improve the performance of the scan.

The scan itself takes a while to complete and it is a bit irritating that the window refreshes every five seconds in that time. You can minimize the Detekt window during the scan though to avoid seeing those refreshes all the time.

The scan may or may not find spyware on the computer. It needs to be noted that even if it does not find any it does not necessarily mean that there is none.  Spyware may have been designed to avoid detection or specifically Detekt's scanning algorithm.

Scan will highlight potential surveillance software that it discovered during the scan.

detect surveillance software

This may include the name the surveillance software is known by and a short description of what it does and who uses it.

The official website offers assistance when it comes to the next step if surveillance software was detected during the scan. The main suggestion is to stop using the computer immediately and cut off its network and Internet connections.  Several email addresses from organizations such as the EFF are provided that may also be able to help.

Closing Words

Detekt is not a surefire way to find surveillance software on a computer system. While that is the case, it can be used as one of the defensive mechanisms that you have in place to protect your computer and data from third-party access.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 1 votes
Software Name
Detekt
Operating System
Windows
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. wyxnsbdfgfsdsg said on September 21, 2018 at 10:22 am
    Reply

    What happened to detekt? The resistsurveillance.org website no longer exists. Is there a alternative to detekt?

    The software and the website have been wiped from the Internet.

  2. rscaru said on December 26, 2015 at 12:59 pm
    Reply

    More than 12 hours and it is yet going on…

  3. A Question said on December 13, 2014 at 11:31 am
    Reply

    Bitdefender won’t allow me to run this. What should I do?

    1. Martin Brinkmann said on December 13, 2014 at 12:14 pm
      Reply

      Most programs have a whitelist option, Birdefender should have one.

  4. PJ said on November 25, 2014 at 9:18 am
    Reply

    @ Martin (Nov 25, 2014 at 8:40 am) … Hmm, why no reply button under your comment ?

    Anyway, I’d just downloaded the newest release (Detekt v1.8) but have yet to run it, because I don’t understand why v1.7 was trying to go online.

    It appears that the issues of blank white screen AND Detekt trying to connect to the internet are not unique to the version I tried. Just saw that user gkeraunen had reported the same 2 issues wrt Detekt v1.1 four days ago. In response, the developer claimed that “[t]here is nothing connecting to the outside”:

    Issue#20: Detekt 1.1 causes firewall alert, listens on TCP ports 19180 and 1201, sends on TCP port 1201 (GitHub)

    Besides the above, there have been other users also reporting a blank white screen, although it is not clear if their firewalls (if any was enabled when Detekt was being run) were triggered.

    1. Martin Brinkmann said on November 25, 2014 at 9:45 am
      Reply

      Replies are limited to 3 levels.

  5. Stacie said on November 25, 2014 at 5:18 am
    Reply

    I cannot find detekt on my computer to uninstall it and I can’t get anyone to tell me. Help!!

    1. PJ said on November 25, 2014 at 9:44 am
      Reply

      @ Stacie — Detekt.exe is a portable file. When run, it doesn’t install itself on your PC, hence there is no need to uninstall anything. If you want it removed, just delete the downloaded file from where you previously saved it.

      If you had forgotten the saved location, or had accidentally dragged the file into another folder w/o realizing it, just use Windows Explorer to find “detekt” (ie. the default filename, assuming you didn’t change it).

      If you can’t find the file (26.5–27 MB in size) at all, a possibility is that you had already deleted it.

  6. NTM said on November 22, 2014 at 11:26 pm
    Reply

    how long does the scan take to complete because I started the scan it’s been running and after a while the refreshing stopped and right now nothing is going on but it still shows its scanning and I had waited for almost 30 minutes it still is not done and actually i hit the manual blue Refresh.. What should i do.. Win 7 ultimate dell inspiron 1464..

    1. Martin Brinkmann said on November 23, 2014 at 9:03 am
      Reply

      It depends. If it takes too long (say over an hour or so), then something is likely wrong. It may be a bug. I’d restart and check again, and if it still does not work, file a bug or wait for a new version to come out.

      1. PJ said on November 25, 2014 at 1:36 am
        Reply

        I tried Detekt (v1.7) on Win 7 SP1 Home Premium (64-bit), but it doesn’t seem to work. It merely opens a blank white window (screenshot).

        When I right-click the white space of the Detekt window, there is a “Reload” button with blue refresh arrows, but clicking it doesn’t initiate any action. Detekt also generates a 0 byte empty text file in the folder where Detekt is launched.

        More interestingly though, my firewall alerted that Detekt tried connecting to the internet when I first launched it. But as advised by user instructions, I was disconnected from the internet at that time.

      2. Martin Brinkmann said on November 25, 2014 at 8:40 am
        Reply

        When you run Detect you get a window with a “reload” button and it auto-refreshes in 5 second intervals while it runs. Your copy seems to be stuck somehow and does not start at all which is kinda strange.

        I don’t have any advice on how to cope with this other than to wait for an update to come out. Sorry that I cannot be of help to you.

        Oh, just saw there is an update that was related 5 hours ago. Maybe that fixes it?

  7. Mark Miller said on November 22, 2014 at 4:02 pm
    Reply

    The lack of privacy when using a computer makes me want to shutdown my computers, and, never use one again!!!

  8. GFE554 said on November 21, 2014 at 2:39 pm
    Reply

    Open source? Check.
    Written primarily in Python? Check.
    Has a GitHub page? Check. https://github.com/botherder/detekt

    https://github.com/botherder/detekt/issues is the official technical support channel for Detekt.

    Why Win8.1 x64 is currently not supported by Detekt: “Windows 8.1 64bit is currently not supported because the tool appears to be unable to complete the execution and just goes on forever. This issue needs to be investigated and resolved as soon as possible.” (quoted from software’s GitHub page)

    Interesting: The software’s main developer Claudio Guarnieri (aka ‘nex’/’botherder’) is also the leader of the team behind the open source automated malware analysis system Cuckoo Sandbox, a member of The Honeynet Project, and has written a command-line utility for use with VirusTotal.

    1. InterestedBystander said on November 21, 2014 at 6:24 pm
      Reply

      Thems good cred all right. For Linux, LMD seems an option — though of course the risks are a couple of orders of magnitude lower on Linux. And serious users should be using non-persistent OS anyway.

  9. beng said on November 21, 2014 at 12:49 pm
    Reply

    I tried to run it in Windows XP SP3 but it just opens a black white Detekt window (“Detekt” is written in the window title bar but the inside of the window is just white), with no user interface inside it. Does not seem to be working in Windows XP SP3,

  10. Rey said on November 21, 2014 at 8:49 am
    Reply

    Andrew , do really think that I give 2 squirts of du, du for them sorry S.O.Bs well I don’t I warned the first time . They left me alone for a couple of months , now they start again bullsh$t I have no pitty for bullies . People who think that they are above anyone eles , are those that take justice into their hands . Even giants fall in a country that’s suppose to be equal .

    1. Andrew said on November 21, 2014 at 10:09 am
      Reply

      Bro, I think you’re paranoid like crazy…

      p.s. I heard the reply button works well on this site.

  11. Pants said on November 21, 2014 at 2:30 am
    Reply

    What really begs the question here .. is WTF doesn’t readily available AVs detect these (and yeah .. malware, schmalware, virus, schmirus … don’t go there .. essentially the same diff).

    “Detekt scans computers for infection patterns associated with several families of remote access Trojans (RATs): DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.” … “FinFisher FinSpy and HackingTeam RCS, were created by commercial entities and are sold to law enforcement and other government agencies”

    Draw your own conclusions. Just as well the pants on my head are made of tinfoil :P

    [GODAMNNNnit .. every single post (for the last 2 months) takes me five or ten attempts to post .. that “you are posting too quickly” message – can’t you just whitelist my ip range Martin :) ]

  12. Rey said on November 20, 2014 at 6:46 pm
    Reply

    In regards to running wrong program , not so. And as for Microsoft being on top of the totem pole yea , open your eyes, this isn’t the first time they’ve done this crap to me . When windows 8 first came out , I refuse to upgrade cause I could not afford it . I upgraded my windows 7 with windows 7 upgrade from Microsoft all was find until I ran some deep scans on root kit and found all the programs that had been altered and were directed to no other that the culprit at hand. With their windows updates is how they manage to hijack my system, and locked it to where I can not uninstall the crap that they put into PC. And yes my logs were deleted, but I have the files . Surely that’s more than they would expect , but I knew from first incident what to expect from them . For that I say open your eyes !!

    1. Jared said on November 24, 2014 at 12:23 pm
      Reply

      I believe you’ve lost your damn mind, Rey. To your credit, however, it happens rather easily on this frakkin planet….

    2. Pants said on November 21, 2014 at 2:40 am
      Reply

      “You keep using that word. I do not think it means what you think it means”

      Just think for a second. If MS was found to be doing this it would DESTROY their entire business. Do you seriously think they would jeopardize their integrity over hacking pitiful end users. While we’ve seen some incredible stupid things large corporations have done (Verizon & AT&T with X-UIDH tracking, Sony with the music CD rootkit, various opt-out policies etc), this would be a catastrophic disaster if found out and clearly not worth the risk, let alone even contemplated. Even the NSA can’t keep it’s secrets secret. It’s just INCONCEIVABLE.

      Andrew suggested Linux, but I’m gonna say that’s not really an option for you. You clearly have no idea on how OS architecture works.

    3. Andrew said on November 20, 2014 at 7:43 pm
      Reply

      Sounds like you downloaded some Malware actually… I’d hardly blame Microsoft for that.

      Unless you can give examples of the “crap” they installed into your computer…

  13. someone said on November 20, 2014 at 5:13 pm
    Reply

    Software Name: Defekt
    Better change that ;-)

    Also too bad 8.1 64bit isn’t supported yet.

    1. Martin Brinkmann said on November 20, 2014 at 5:23 pm
      Reply

      Ha, sorry about that. Fixed.

      1. Anon said on November 20, 2014 at 5:57 pm
        Reply

        Ran the troubleshooter and it has changed the compatibility settings to “Run this prog in compatibility mode for Windows 8” and it works fine …… thanks for the prog.

      2. Martin Brinkmann said on November 20, 2014 at 5:59 pm
        Reply

        Interesting, good to know. Thanks!

      3. Anon said on November 20, 2014 at 5:42 pm
        Reply

        does not work with Windows 8.1 64bit …. got message “unsupported version of Windows”

  14. Arthur R Ott said on November 20, 2014 at 4:51 pm
    Reply

    Ran the program on my Toshiba laptop with the original Win 7 installed the and got “not genuine message” also.
    Not sure how to get rid of it?

  15. jasray said on November 20, 2014 at 4:30 pm
    Reply

    Likewise–You are running an unsupported version of Windows (8.1 64bit).

    1. Kannon said on November 27, 2014 at 9:54 pm
      Reply

      It works in compatibility mode. You just need to right-click on the executable and select compatibility mode. The automatic settings worked for me.

  16. Hy said on November 20, 2014 at 3:14 pm
    Reply

    Thanks very much for posting this! Read about it yesterday on the BBC website and went and downloaded it.

  17. exrelayman said on November 20, 2014 at 3:10 pm
    Reply

    Alas, didn’t work for me. Failed to scan because it says I am running an unsupported version of windows. But I bought my Windows 8 pc new from Amazon and registered it with Gateway, so nothing should be wrong about my windows version. Too bad.

  18. Rey said on November 20, 2014 at 3:03 pm
    Reply

    Say how would this software work if my programs are lock by Microsoft because I don’t and never comply to their bs homegroup , file sharing ? And my system is triggered to not let me get on line by systems protection. My SpyBot anti virus and my Kaspersky are both control by Microsoft. Is there any kind of help for this sort of issues when companies like this intentionally sabatog a persons computer ? Let me know what I can about I have proof against Microsoft .

    1. Trebuchette said on November 21, 2014 at 7:16 pm
      Reply

      Control Panel, Uninstall Programs, find and double-click Kapersky and go through the uninstall, then do the same for Spybot Search & Destroy.

      You might also want to get rid of system32 in your Windows folder. It’s a resource hog fo real doh!

      1. Andrew said on November 24, 2014 at 7:11 pm
        Reply

        Kurt, he linked it to the meme page, so obviously he was joking.

        Have a laugh will ya?

      2. Kurt Oestreich said on November 24, 2014 at 6:26 pm
        Reply

        DO NOT delete your system32 folder under windows.

        If you do, you will need to reinstall windows. It is a critical directory, and has been since Windows 3.1 and possibly even earlier.

        Trebuchette is being irresponsible in instructing users to delete system32. He may claim he was joking. I suggest that he delete his system32 folder, and then upload a youtube video of how wonderful his computer works afterwards.

    2. Andrew said on November 20, 2014 at 5:57 pm
      Reply

      uh… wow… Are you saying you work for Microsoft and they locked it all down? That’s not your computer then. If you’re talking about your computer, then you might want to relax and learn how to use the OS before making all these acquisitions (Microsoft is “sabatog”ing your computer? really?). Or install Linux…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.