PC is being "hacked"

I have a client who is convinced that her laptop was being "hacked" via the internet. She'd call me up and say "he's stealing my data and changing my passwords". First, I have a VERY hard time believing that someone with the skills to do this would spend their time breaking in to a random home user's PC just to change passwords and "steal" music from her iTunes folder when they could be using their skills to steal something worthwhile from a multinational corporation (for example). Second, she has never done any online banking or shopping so this "hacker" never would have had access to her account numbers. Third, when I first looked at this laptop 2 months ago, I saw absolutely no sign of anything malicious, but I'm willing to admit that perhaps I missed something, or didn't recognize the signs of a "hacked" PC. So, I'm pretty sure that this "hacker" is non-existent and that I'm dealing w/ a case paranoia, but lets say the PC is being "hacked" from the outside; what can I install to not only prevent "him" from "stealing data", but also to (more importantly) make my client feel safe. I have already completely wiped the hard drive: all partitions were first wiped with 5 passes each of random data; then all partitions (there were 3 total) were removed and the entire drive was again wiped with alternating passes of zeroes, ones, and random data for a period of 48 hours. I had to assure the client that not a shred of data was left on the PC, including our "hacker's" backdoors and "his" secret passwords. I have just finished reloading Windows 7 using brand new factory sealed recovery discs from the manufacturer (she would not allow any other discs in to the PC). She already has purchased the full version of MalwareBytes; what will run alongside of it that's noob friendly that will help prevent "him" from "hacking" the PC again? I'm thinking a good free firewall should do it, but I don't know if this would actually stop a real and obviously determined "hacker". Any input will be appreciated.

Thanks!

 

I don't believe that ANY combination of programs, paid for or free, are going to deter someone that has the knowledge and determination.:cry
Our own Federal Government, with the best defenses around, are constantly being attacked and gotten through.rolleyes
If you can succeed in making your clients TOTALLY invulnerable, give them the selection you use. You would be a hero with a day named for you and kids would get out of school.

 

From MajorGeeks, and freeware: http://majorgeeks.com/download6234.html?2010-06-02

 

Yeah - I was considering Comodo.... I just don't know if the client can deal with all the activity (or questions) a firewall will generate during the first 2-3 weeks while it's "learning".... but I guess if she wants security, she'll have to learn to deal with it....

 

I have found that Comodo doesn't nag you that much if your other programs are installed prior to Comodo itself being installed.
It seems to believe that the programs already there are safe.

 

Um... increase her medication?

To be honest, that sound like a serious case of severe paranoia, and in most cases like this it's caused by having watched too much TV and movies in combination with having absolutely no clue how technology works. Actually, these days, it's enough just to watch the news... rolleyes

The problem here is only partly lack of protection software, it's also a lack of knowledge. Your client, like several people I've talked to, knows enough to have a vague idea of the nameless risks of going online, but they have no idea about the specifics, how the technology works, and they know even less about how to defend themselves. They know they are clueless and that makes them even more afraid. Enter the paranoia.

Granted, your client is worse than the cases I've dealt with, but here's what I did to deal with the situation and calm them down, in most cases thankfully in the long term:

1. Make sure she understands and genuinely believes that you have nothing but her best in mind. She can trust unequivocally that anything you do is with her best interests and her computer's security at heart. In my situations I deal with friends who already trust me, so this is easy for me. With a paying client it may take a bit more work, though in your case you seem to have accomplished it already. When the paranoia became too much she came back to you. Obviously you made a good impression.

2. This is the hard part: Gently force her to calm down to the point where she can think rationally about this. Staying calm in the face of the "hacking" makes it a lot easier for her to approach this from a more rational and logical standpoint, where she's not paralyzed by her paranoia to the point where she panics the way she seems to now.

3. Help her internalize and fully understand that no one who is actually serious about it is interested in hacking someone like her. This is always difficult for my friends to understand... they don't like being forced to realize that the rest of the world just doesn't see them as being nearly as important as they are, but once it gets through, it's amazingly effective. Yes, your computer can be hacked by someone determined and knowledgeable enough, but why would that someone waste time on you when they get so much more money from hacking a large corporation or bank.

4. Teach her how to spot the real threats, and how to avoid them. This is very important. You don't want to leave your client with a false sense of security, that only leaves her vulnerable. And of course, you want to give her the tools to nuke real threats. Comodo, Malwarebytes, and so on.

I realize that all the above is very difficult to accomplish during one short meeting with a client, so take it with a grain of salt. I mainly wrote it all down because the best way to prevent her from coming back again in two months with another "hacker" attacking her is to educate her and calm her down, in addition to providing good software that protects her computer... we're all in favor of repeat customers, but only to a point, right?

How very incompetent of it.

I've found in the past, when installing firewalls for frightened friends that taking half an hour to sit with them and show them what an alert looks like and what to look for, goes a long way towards achieving several of the steps above. You can do it over and over, with several different programs, under the guise of instructing, while in reality what you're doing is training the thing for them so that the only alerts that will come up in the future is from new apps or from intrusions.

I've found ZoneAlarm to be very noob friendly. The colors are bright and look harmless, and if you configure the interface right it becomes very simple to understand and use. BE AWARE that the free version will from time to time display a very frightening advertisement exaggerating that you are not protected from viruses and you must buy the full version. So the free version = very bad for your client.

 

And, of course, the easy and standard way of defeating most 'hackers': have your client surf as an anonymous, restricted access user.

 

to Mimsy
Not if the firewall is running HIPS and the programs are on Comodos white-list.

 

If you’re concerned about your PC’s security, using a host-based Intrusion Prevention Systems (HIPS) is a great addition to your protection regime. A HIPS prevents unknown programs from altering any part of your system without permission. Therefore, malware is automatically prevented from being installed.




HIPS is said to be superior to detection-based software such as traditional antivirus applications, because it will stop any type of malware regardless of whether it has ever been seen before. Thus a HIPS can protect against even zero-day malware, ie malware that has just been created and for which no detection signature yet exists.



However, using traditional antivirus software alongside a HIPS is still a good idea, just in case you mistakenly allow a malicious file access to your computer. With a traditional AV in the loop, in theory the threat is eliminated before the HIPS even gets a chance to examine the suspect file. Of course this assumes that the malware has already been analyzed by the AV vendor and a signature for it sent to users via their update process. This is not always the case.



One major difficulty with most HIPS is that configuring it can take a while, and you’ll need to answer lots of questions about the programs you run and the way that you use your PC. In the early stages of using the system, you would find yourself having to click the “yes, this is OK” button every time you run an app for the first time. In response to this, HIPS vendors have developed extensive whitelists, ie databases of known trusted programs. The idea is that, if a program is known to be safe, or is produced by a trusted vendor, then the user should not have to answer any questions about it.



Comodo Firewall is one of the best-known HIPS firewalls, and on top of that it's completely free. You can also choose to download Comodo Antivirus. If you decide not to then be aware that the firewall component does work fine with whichever AV software you choose. Just remember that it’s important that you never run more than one antivirus package at the same time, as they will cause conflicts and possibly crash your computer.

 

Very true LOL

Burn her a Linux Live CD, and have her use it for any internet activity. Hehe!

Cheers..

 

True.. good point.

 

I think what I like about the Comodo Firewall Defense + is it`s simplicity. I had never used a firewall before putting this one on the wife`s xp computer next to Avast 5/Malwarebytes/and SuperAntispyware about a month ago, and let me tell you it has to be simple for her to work with it. Have had no problems. If your client wants to be assured that threats are being blocked , all she has to do is double click the Comodo shield icon, and on the summary page she can see the total number of network threats blocked, and the number of threats blocked by the proactive defense. I could kind of act like a security blanket for her if she can see first hand that things are being blocked. I turned the wifes computer on 20 minutes ago and when I looked at Comodos summary page. It has blocked 35 items in that short period of time. I have to admit, it is nice to see that threats are being blocked.

 

Thanks for all the input everyone!!!

Right now we're considering going with a paid application.... why paid instead of free? My boss is convinced that a paid product will be 'better' than a free one, and that it will make the client feel more secure (if she's paying for something, it has to be better than the free stuff). If I remember correctly, several years ago, the paid version of ZoneAlarm firewall could track the incoming 'attacks' and (according to my boss) would tell the user where the attack was coming from (ie; country, ISP, etc). I know that all you need is an IP address and you can find out where it's based, but I guess we want this feature bundled in to the firewall so the user doesn't have to research the IP address herself. Does the paid version of ZoneAlarm firewall still do this? Did it ever do this? Are there any firewall products out there that do this? How about some recommendations of a good paid firewall app (if it includes antivirus, that's OK) that does NOT eat up resources like Norton, McAfee, Kaspersky.....

THANKS again everyone!

 

Well, I guess if you have a client that has more money than they need, and wants to spread it around, I wouldn`t stand in their way. Have a look at Comodo Internet Security Complete 2011($70.00, if she spends that much you think she will feel as if she is being protected?). Has all the bells and whistles including $15.000 dollar ID theft protection. Found at the Comodo site.

 

Thanks for the suggestion of the Comodo Complete!!! It's exactly what we need in this situation! Because of the 'questionable' mental status of the client, I was happy see that Comodo stands behind this software with an ID theft "warranty", and has a virus-free guarantee, PLUS 24/7/365 support. This gets us "off the hook" for the next time she gets "hacked". I think we all know that it will "happen" again (if you know what I mean).

Thanks everyone....

 

If you're looking to buy something, I just got my hands on the latest issue of MaximumPC and they gave a very glowing review of Kaspersky. They tested it at the default settings and claim that it's so obviously designed for the paranoid user that it's a marvel it didn't come with a tinfoil beanie...

I immediately thought of your thread when I read the review at work earlier. Its' in the current issue, so not available on their website yet, but trust me, it sounds like it's EXACTLY what your client needs. I'll try to dig up some place to link to, if you're interested.

 

if you want her to feel safe then take her to https://www.grc.com/x/ne.dll?bh0bkyd2 ...this is gibson research center and an app called sheilds up...it will scan your puter for open ports that a hacker could abuse...and if your closed right up it will tell you you are running in stealth mode...give it a shot and see if your puter has open ports...

 

I agree with Mimsy, a friend of mine has just purchased KIS 2011 and it has sorted his probs out for him in an instant, really worth the money he paid for it !

 

I don't believe it is possible to be 100% secure and still go online.
Following what has been suggested concerning firewall and others is about the best you can get.
If you can get your client to understand and accept that, then you have done your job.

 

*raises hand* One over here. :wave

At least I think I do... I unchecked the box next to "Turn UPnP on" in the Advanced Settings section of my new router's configuration utility, because the detailed description of what it does looks like something that just begs to be abused. What you just said wasn't mentioned though, so thanks for the extra info. I'm always interested in learning more.

I agree. One of the things that might make me turn the UPnP back on is that online multi-player on the consoles works considerably better when that's enabled. Steadier connection and so on.

You can get 100% security, or 100% online freedom. Where the sweet spot in between is, is something each one has to decide on their own.

 

We went with the Comodo Internet Security Complete 2011.... the funny thing is, she called me about 3-4 hours after taking the PC home. She immediately said "he's coming in through the radio!", so I said "Huh? What makes you think this?", and she said "it said it right on the screen! there was a list of people that were coming in on the radio!", and I said "Huh? Read to me exactly what you see on the screen", and she said "I turned the computer off so he couldn't get anything". Now, keep in mind the PC was been completely and totally wiped. There is nothing on there to "get", unless "he" wants to steal Notepad or Paint. So I had her turn on the computer, and I said "now, do what you did to bring up this list of people coming in on the -ahem- radio". She proceeds to start describing the window that you see when trying to connect to a wireless router. She had convinced herself that the 3 or 4 wireless connections that appeared in that window were "him coming in through the radio". I had to calm her down and explain that other people in this city, and apparently in her neighborhood have wireless routers too, and that she was simply seeing their routers. To this she said "why?", and I said "if you can't see the available routers, how would you even connect to your own? or how would you connect to a public hotspot like at Starbucks or the library?", to this, she said "Oh". There was a large feeling and inflection of "Geez, I feel really stupid" when she said "Oh".

roflmao

(BTW - I swear this is all 100% true!)

 

Why does she think her computer connects through the radio...? :confused

 

dlb, looks like you picked the right one. :major

Check out the attachment below, for Matousec's tests of Firewalls.

Products' ratings
http://www.matousec.com/projects/proactive-security-challenge/results.php

Comodo is FREE and on top.
Check out http://www.matousec.com/projects/proactive-security-challenge/results.php

ZA Extreme Security, for example, came in at 8th, and only just over half of the Comodo Product score.

Bazza

 

Think you've got yourself some kinda :heli :banghead:foolish sort a person here, but everyone to their own !

 

dlb,

I hope that this is a well paying customer, and that you aren't fielding these calls on your own time! :major