It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

How to spot strangers on your computer..and keep them out.

page: 1
7
<<   2 >>

log in

join
share:

posted on Sep, 28 2011 @ 01:11 PM
link   
I do not know if these rumours are facts but it is said that Microsoft has some secret code in their Windows software which enable themn to monitor your computer activities. Some people choose for that reason other operating systems like Ubuntu or Linux.

One of my questions is...is Microsoft capable doing this no matter what firewall you have installed?

An other question I have is.....is it possible to spot 'foreign' activity on your computer? I know little about computers and know that it is possible to see what software is active on a computer. But how to spot the 'foreigner' among all these strange file names is beyond me. Any tips..?

If I am correct you can see this activity in the TaskManager. Is it possible to spot this unwanted activity in the Task Managers Processes and Services tabs? Are there any other ways to look for intruders?

It is possible to scan the computer for all kinds of sh♪t-ware but will that filter out also hackers?

It would be nice if a computer-expert can give a brief explanation about what to pay attention to and how to make sure my (or someone elses) computer will be iron-clad. What is the best firewall software?

Thx.

edit on 28/9/2011 by zatara because: (no reason given)




posted on Sep, 28 2011 @ 01:21 PM
link   
I have to subscribe to this thread.

I'm experiencing a similar problem. My hard drive just chatters like a bunch of monkeys in a jungle whenever I go on the Internet. Also, my Internet speed seems to get slower and slower.

Oh, and I have McAfee installed BTW. (Which still allowed the Google Redirect virus to show up on my computer. Bang up job McAfee! Full system scans after the fact stated everything was hunky-dory. Thanks again McAfee!)

Another weird thing is that a friend of mine says he got notified by his ISP that his bandwidth usage was exceedingly high. I asked him if he had any idea what would cause this (streaming Netflix or something like that). He said there was nothing like that running on his computer. He doesn't even have Netflix on his pc.

I'd also like to know if there is any way of monitoring what a person's Internet input/output was coming/going to.

Is there such a method?
edit on 28-9-2011 by Hessling because: (no reason given)



posted on Sep, 28 2011 @ 01:23 PM
link   
if your programs start glitching or slowing, pull the lead out. virus scan with something other than mcaffee, and learn how to remove temp files.

windows, also has hidden log files all over the place, which is why when I have enough cash i'm going to build a unix supercomputer (no im not joking.)

the best technique i've heard of is auto-rerouting hackers back to their own machines xD personally I wish there was a retaliate button in here somewhere, its about time we actually need one.



posted on Sep, 28 2011 @ 01:24 PM
link   

Originally posted by Hessling
I have to subscribe to this thread.

I'm experiencing a similar problem. My hard drive just chatters like a bunch of monkeys in a jungle whenever I go on the Internet. Also, my Internet speed seems to get slower and slower.

Oh, and I have McAfee installed BTW. (Which still allowed the Google Redirect virus to show up on my computer. Bang up job McAfee! Full system scans after the fact stated everything was hunky-dory. Thanks again McAfee!)

Another weird thing is that a friend of mine says he got notified by his ISP that his bandwidth usage was exceedingly high. I asked him if he had any idea what would cause this (streaming Netflix or something like that). He said there was nothing like that running on his computer. He doesn't even have Netflix on his pc.

I'd also like to know if there is any way of monitoring what a person's Internet input/output was coming/going to.

Is there such a method?
edit on 28-9-2011 by Hessling because: (no reason given)


Sounds to me like you have a virus, or the possibility of your hard drive failing.



posted on Sep, 28 2011 @ 01:26 PM
link   
reply to post by Hessling
 


I have a strong feeling that your friend is using a wireless router and most likely doesn't have a password on it. His neighbor(s) have piggy backed on his internet connection and are the ones probably downloading movies/games..etc. electronics.howstuffworks.com...



posted on Sep, 28 2011 @ 01:31 PM
link   
Hey OP check out this link and get yourself a copy of Malwarebytes even if just for the free trial!

www.online-tech-tips.com...

Hope that helps, it certainly helped me!



posted on Sep, 28 2011 @ 01:34 PM
link   
reply to post by zatara
 





I do not know if these rumours are facts but it is said that Microsoft has some secret code in their Windows software which enable themn to monitor your computer activities.


No, but it does check for activation (depending on your OS version) and does indeed "phone home" but "nothing uniquely identifiable" is shared.




One of my questions is...is Microsoft capable doing this no matter what firewall you have installed?


Yes and no. They can't bypass your firewall, but they can potentially piggyback on normal traffic back to Microsoft. Your router / firewall would show traffic back to Microsoft but not what that traffic actually is.




If I am correct you can see this activity in the TaskManager.


No, only malware from the early 90s will show up there, everything else will be hidden from you, and will not appear in your task manager. Now, some processes might show up in your process list, but they, unless you are talking some 12 year old kid, will be disguised as normal processes.

What you can do about that is, educate yourself on the services and programs you have running that should be running, and keep an eye on anything that pops up out of the blue. A free program called "tcp process port linker" can help you identify ports being used by processes and will usually show a more detailed report of active process than windows does. You can, with the right knowledge, verify processes are what they say they are by the port they are using. (do not confuse these ports with ports you'd open on your router)

Another sign, by process alone, is cpu and memory usage. Sometimes a questionable process will be there disguised as a normal windows process, but is using considerably more cpu cycles than it should be.

I won't comment on firewall software as there is no "best" solution. Almost anything is better than the windows built in firewall, but even that is better than nothing.

A few tips.... (you'll have to google for specific instructions)
find and backup your "hosts" file, keep an eye on this as plenty of malware messes with this causing browser redirects.

Disable autorun feature on everything. All of it. Yes, you will have to click the DVD icon when you insert a disk, or click the USB icon when plugging in an external drive, but it will save you countless hours if you encounter an AUTORUN based attack.

Keep as up to date with patches as you possibly can, by the time a patch is out, someone has already found a way to exploit the hole they patched, do not be lazy with this.

Do not try to "double up" on antivirus or firewall programs, 1 of each, 1 anti virus, 1 firewall. You might also look into free web based virus scans like "bitdefender" as they are updated constantly, and are not stored on your browser so a virus can't affect it the same way as if it was a locally installed application.

If you run a home network or office network, do some light reading on routers and IP logs, keep a list of "approved" client machines by IP, hostname And MAC.

On your router, enable MAC based filtering and only allow the MAC addresses of your known machines. This means you will manually add each new machine to the router MAC access list, but it also throws another step in the "hack". It's not fool proof, spoofing a MAC is step #2 in hacking a network. But the more barriers you create, the less likely they will bother with you.

When dealing with routers, WPA2 minimum, Long pass phrase, no dictionary words, no "1337" speak, and "salt" it with alternate characters like #%&*. the longer and more random the password, the harder it is to "crack" and with that, you aren't cracking anything, WPA2 requires either a bruteforce (every possible combination of characters, could take a hundred million years to complete) or use a dictionary attack, meaning you already have the password stored in a list of words that you run against the router.

Disable "SSID broadcast" on the router so it doesn't show up for everyone unless they are using hacktool type network scanners. (this means you have to specify the SSID (network name) on the client when connecting for the first time, it won't appear in your network list)

but the best possible advice is:

Fire fox with a script blocker like "yesscript" or "noscript" disabling all scripts globally and allowing them on a site by site basis. 90% of your potential infections disappear right there.

After that, don't stray onto the free nudes websites, and never ever click one of those "100 free smilies" popups.



posted on Sep, 28 2011 @ 01:41 PM
link   
if MS did want to raid your drive to see what sort of pr0n and other nasties you had it would pop it as part of the wall of text that no one other than bored legal students will read when installing the operationg system and given that corporate firewalls would need configuring to allow them access at will would generally say its more likely that you forgot to secure your computer than someone on the microsoft campus wanting to see what you did last night on youtube


if you really are paranoid about computers then compile your own linux kernels after checking every single line of code personally as that is the only way to guarantee that your computer is not at risk but the fact that you'll probably need about 10 PHD's worth of technical knowledge may make that a bit less than interesting



posted on Sep, 28 2011 @ 01:46 PM
link   
reply to post by phishyblankwaters
 


Lot of good info in this post


Some other ideas I will throw out (pardon me if they have been stated already)

1. From command prompt run : netstat -an. This will list the listening and active connections on your computer. You will have to research which are legitimate, but it is a good way to see what is going on.
2. Check your logs. Called event viewer in windows.
3. For the guy with the disk thrashing : Do a defrag on your disk.
4. For the guy with shady internet usage: Secure your wireless. Use WPA , and set up mac address filtering.
5. Check user accounts. In command prompt, or from run : nusrmgr.cpl. Verify that guest accounts are disabled, and that Administrator account has a very strong password.



posted on Sep, 28 2011 @ 01:47 PM
link   
reply to post by phishyblankwaters
 


Thats the reply I am searching for, thanks a lot.

At times I have no idea what you are talking about but I will print-out your reply and will google an explanation for some of the computer-lingo.

I am sure this reply will be of use to other ATS memeber too..

Star for you my friend.



posted on Sep, 28 2011 @ 01:50 PM
link   
reply to post by Big Raging Loner
 


Interesting site...the info is also very clear and helpfull.

A star for you. Thx



posted on Sep, 28 2011 @ 01:56 PM
link   
Couple more quick ideas. Be warned that these will reduce functionality on your network:

1. Turn off netbios requests within TCP/IP settings.
2. Turn off remote assistance.
3. Prune services through services.msc.
4. Check msconfig for obvious startup blunders.
5. Change hosts file to read only.
6. Run wireshark on your network and review dump. Have fun!

All for now. I think Phishy pretty much covered the most likely avenues of attack.
edit on 28-9-2011 by sixswornsermon because: add one more good idea



posted on Sep, 28 2011 @ 01:56 PM
link   
Thanks for all the information so far


Any advice for my webcam coming on for a few seconds at a time? There are a series of beeps, and then the light next to the webcam flashes on and off several times. This series repeats itself maybe 5 times and then quits. Happens once or twice a day.



posted on Sep, 28 2011 @ 02:00 PM
link   
reply to post by Alora
 


Put some tape over it!

Low tech, but almost infallible.
edit on 28-9-2011 by sixswornsermon because: sp



posted on Sep, 28 2011 @ 02:07 PM
link   
Ubuntu is a linux distributable.

While its true that Microsoft does have back door access ,
they generally don't use it unless there's some sort of emergency
and I've never heard or read of them using that through the net ,it might be done locally.

Ultimately you determine if you let anyone in.

All that aside ,would any of you really think they could backdoor everyone?
There are just way too many users out there to keep track of.

Safest way is to either not use the internet ,or have a filter on it.
Or you could do as I do and reserve a computer offline and use another for internet access.



posted on Sep, 28 2011 @ 02:19 PM
link   
reply to post by Mystic Technician
 


Valid point.

None of my production computers are EVER connected to internet.

Can't hack something with no connection!



posted on Sep, 28 2011 @ 02:21 PM
link   
If you think Microsoft is bad, Apple is worse. I don't even trust the current free Ubuntu anymore. It's got a major security issue embedded in it. It allows applications to write to the new BIOS chip features and switch off your hardware via the Bios.

There is no secure Operating System anymore.

You have to run Virtual Machine. Run Ubuntu for example from a CD...and have your hard drive unplugged. Thus no drive for a hacker to access.

Use thumb drives to insert files/photos/music on.

Disable wireless everything. Physically rip your wireless card from your laptop. Somebody could use your own laptops wireless card as 'radar' and see inside your home. Physically rip the microphone/webcam from your laptop.


Somebody's been looking inside your home via your laptops webcam and you didn't even know it.

Shut down your router/modem when you are not using the internet. Or else.



posted on Sep, 28 2011 @ 02:26 PM
link   
reply to post by sixswornsermon
 

Some excellent advice for the OP from both yourself and phishyblankwaters. Just like to add a couple of notes about using netstat commands if I may.

OP, there are quite lot of commands you can run that begin with "netstat". To get a list of a fair number of them and an explanation of what they do, open the start > "run" box as mentioned before and after typing in cmd to get the screen, type "netstat ?" (without the quotes, but with the space between netstat and the question mark). You'll then get something like this:


People often wonder if anyone might be listening in on their computer when it's switched on and connected to the internet. One way to see is by shutting off your browser and then using the "netstat -a" command. (Again, no quotes.)
In this case, it should show that any connections are in a "close wait" or "time wait" configuration. If this the case then it's good news. If however it shows any as "established" (and you don't have a browser open and are not downloading anything -- as some downloads can continue after a browser is shut down), then it suggests something is actively in communciation with your computer. In that case, get some advice to see if it's anything you need to worry about.

Just give it a try. Run the netstat -a command with your browser open and you'll get a list showing some "established" connections. Leave the cmd window open, (the black box like above), but now shut down the browser and then run netstat -a again and compare the two lists.

If you get anything worrying then let us know. I am nowhere near as good at this as some of the other members here, though. Just passing on what I've found to be useful.

Oh btw here's a post on bleeping computer (dot) com that's called Tracing a Hacker. It also goes into details about what ports are often used by various trojans and so on, and various other hints.

A couple of members might have said it already but I must emphasize: don't click on any suspect "things", either on websites or even in emails from friends. If you wish, right-click on them and copy the link details into notepad so that you know what they are. Sometimes the real link has no connection to what the link "text" shows.

Here's an example. Although this link text says Click HERE for your SPECIAL OFFER! it really just takes you back to the ATS main page.
But try this: open notepad, then right-click on the above link and select "copy link location" then paste it into the notepad -- and you'll get the real link details. The advantage of this is that you can find out what the link is without really using it.

Now, you probably know how to do that sort of link coding anyway, but not all our readers do -- which is why I mentioned it. The point is that we have to be careful when clicking on links if the source is not totally trustworthy. They are one of the top ways that viruses, trojans and other nasties get into computers. Also, if you ever get a file sent to you in an email and it's one a friend has "forwarded" because it's really cool/funny etc, be very wary. Again, check the file's properties and especially if it's a ".exe" file, it could be very risky to click on it.

Best regards,

Mike
edit on 28/9/11 by JustMike because: I added a few lil' details.



posted on Sep, 28 2011 @ 02:40 PM
link   
reply to post by JustMike
 


Nice explanation on netstat commands.

For the really paranoid:

Don't forget that a competent intruder would alter logs to cover their tracks, and alter default windows forensic tools to hide connections and running processes.



posted on Sep, 28 2011 @ 02:53 PM
link   
Just check out what is 'Onenote' .

Its a programme automatically running on your computer which sends all your 'history' to a file you dont get to access .



new topics

top topics



 
7
<<   2 >>

log in

join