Helping people with computers... one answer at a time.

The news is grim if someone's broken into your computer, but there are steps to take to prevent it from happening again.

My computers' security has been compromised. How can I rid my computer of a remote intruder. I've had this computer for about 5 or 6 years. ... I found out about the nefarious activities only after the person left my company. Although I can't think of anything of value, this person is extremely clever and smart. If getting rid of my computer and replacing it with a new one is the only way to unequivocally extract this 'spectator' I'll do it in a heartbeat. However - what safeguards must be in place from day 1 with a new computer to prevent the same thing from happening again, plus prevent any and all intrusions imparting absolute confidence in the security of my personal computer?

A tricky problem, to be sure. Someone breaks in, you know they're smart, but you don't what they did. Can you clean up and how do you keep it from happening again?

The news really isn't good.

There's a school of thought that says if your computer has been compromised, you have really only one option: reformat. That's a drastic step, but if your intruder is as adept as you indicate, it may be the best approach. If they're really good, they could leave hooks that you could never find.

In your shoes, I'd do the following:

  • disconnect from the net

  • reformat/rebuild the machine

  • rename the administrator account and give it a strong password

  • get thee behind a firewall, and avoid opening any incoming ports you don't absolutely have to.

  • make sure to get ALL the latest security patches.

  • USE the administrator account as little as possible. Create user level accounts for actual day-to-day usage. Again, strong passwords all around.

  • Turn off all unnecessary services; Remote Desktop being the most obvious.

  • Consider an outgoing firewall (something like ZoneAlarm) to trap and/or monitor outgoing traffic.

  • Lastly: remember physical security. Another old adage is that if it's not physically secure, it's not secure. If someone can walk up to it, insert a floppy and reboot, then all the other security is for naught.

Readers: do you have additional tips for security? Add your comments below.

Article C2199 - October 7, 2004 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Recent Comments
22 Comments
Maria
March 27, 2009 5:25 PM

I too had my computer access compromised as a remote user on the company's PC in my home. Someone hijacked my e-mail address, both personal and my work Lotus Notes accounts, andn were sending damaging e-mails to others with my address. I have always used either Verizon or Comcast high-speed, but I was pushed to try "remote access," which I believe was constantly trying to be setup on the PC, which would not work. I could not stay connected at all, until I put a router between my cable modem and the PC, but then I was "slammed" every 15 minutes until I took the router off. Because of all this, my work reputation has been ruined, my skill reputation has been ruined, and I am finding it extremely difficult to rebuild my reputation. I have been "black-balled" out of the business that I was in, and now can only find part-time work doing menial tasks in the same field; however, my bosses have perceived me to be unintelligent. I will graduate with a bachelor's degree in a technology field, and actually have an associate degree in a technology field. HELP! HOW DO I REINVENT MYSELF AND REGAIN MY WORK REPUTATION SO THAT I CAN FIND A DECENT JOB? Will I need to completely start over? I have been sent into almost finanacial ruin because of these lies and underhanded tactics at my former employer. The techs at work were constantly "reformatting" the PC, which was work's, but I couldn't even do my job -- it was like there were constantly two people (at least) connected on with me at all times. My cable company administrator told me that he was watching my connection and help me one time when the PC "crashed." We found some kind of ancient NT error -- it took down everything. After I didn't have to connect to that employer anymore, IMMEDIATELY my problems disappeared.

jackie
March 16, 2010 3:35 AM

I work in an office and i have found that a person who has adminstrator access has went into my computer over ridded my codes and taken away a programme that was set up on my system . He did this when i was on my day off. Should he have come and said he wanted to go into my computer , and explained why he was taking this programme away as this programme was part of my job. Our firm is closing down due to retirement , but surely he just cannot go in without saying. He could have waited till i returned the next day and i would have let him in under my codes. Why have personnel coeds if someone can just go in and over ride them, when they want to.

Administrative access is administrative access, and this serves as a good reminder that your work computer does not belong to you.
Leo
17-Mar-2010

Bobby
May 7, 2010 7:57 AM

I have a question. I think someone might be looking at my email files using Outlook web access. I believe they already have teh usernames and passwords.
Is there a way to track who is looking at my messages?

You'd have to check with your email service provider.
Leo
08-May-2010

hated by the ex
September 13, 2011 4:11 PM

This is not a comment, but a question and im on my wits end... So my ex-hubbs and i are divorced for over 3 years, we have to communicate because of the child we have together, however i noticed at first that some emails between me and him dissapeard from my email account.. first i was like damn i must have deleted them in accident, then more and more disapeared... now he seems to know on social sites what i post etc... even though we blocked each other and my profile is on private..and we also do not have any friends in common... i recently had my email account suspended etc because of weird activity.. was able to get it back.. the list of things is long, now my question is, i know my ex is a IT specialist and works for a internet security firm, i am almost certain he hacked into my computer thrue my ip adress, is there a way i can find this out for sure? and if, what can i do to stop it and / or prevent it from happening again...
thanks

Mark J
September 13, 2011 6:11 PM

@Hated
If I suspected that someone was illegally accessing my computer, I would go to the police. They also deal with computer crimes.