Helping people with computers... one answer at a time.

While it seems like temporarily unplugging from the internet would block much of what malware might do, in reality it doesn't stop much.

I have a file on a USB which contains my bank details. Presently I switch off the router and load this file from the USB, work on it, disconnect the USB and switch on the router.

This is a bit tiresome. I have Avira and Threatfire protection.

If I leave the file on the computer itself, will the software listed above and the router protect me from anyone on the Internet entering my computer and reading my files?

There are really two questions here:

1) Does disconnecting help?

2) Do you have enough protection against malware?

The answers are: not really, and maybe - maybe not.

I think there may also be a misconception about how malware works.

Hackers Aren't "Reaching In" From the Net

There's a common fear that hackers randomly connect to your machine while your using it and suck up all your data or important files.

That's not at all how the vast majority of data theft occurs.

For one thing, you have a router. No one can "reach into" your computer uninvited. That's what a NAT Router acting as a firewall prevents completely.

"The common thread above is malware, and the possibility that your machine was indeed infected with malware..."

Disconnecting your router or disconnecting from the network prevents the same thing that your router is already protecting you against quite well.

No, for a hacker to access your data he either has to be sent the data somehow, or he has to be "invited" in to your computer somehow.

That's where malware comes in.

Malware: The Hacker's Invitation

For a hacker to have access to what you're doing, either of two things have to happen:

  • You had to let him in. In reality, of course, it's not you at all, but malware that has already infected your machine. Once your machine is infected malware can easily establish a connection to an overseas hacker and invite him in. That person could then do whatever he wants on your machine.

  • You sent the hacker your data. Once again this isn't you, of course, but malware on your machine. In practice hackers aren't interested in going out to machines one at a time and poking around; that's much too time consuming. What they prefer is to have hundreds if not thousands of machines automatically sending them sensitive data when they can.

While pulling the network plug could stop the direct-connect hacker in his tracks, he could have left behind a present: malware that automatically reports back.

And it's that kind of malware that you're more likely to run into on your own, without the hackers direct intervention.

Why Disconnecting Doesn't Help

Let's take a keylogger as an example.

Sending each keystroke you type across the net as you type it is pretty inefficient, and actually makes it easier to detect that there's a keylogger installed. While there are probably keyloggers that do that, more robust ones will do something different.

What's more likely is that the keylogger will simply quietly collect data as you type. It won't send it right away, it'll just collect the keystrokes, and perhaps mouse clicks and screen shots, and wait.

At some point, when it's accumulated enough data it then sends that bundle of data off to hacker headquarters. It might be a direct connection, it might be via email, it might be via any number of means.

But the key point here is that while you were typing and working on your sensitive data the malware wasn't using the network at all; it was just collecting data. It's not until sometime later - after you've probably reconnected your network - that the malware finally sends off the fruits of its labor.

The keylogger's an easy to understand example, but it applies to almost any malware whose aim is to steal data. Many are in fact quite tolerant of network problems and if the network is disconnected when it tries to upload your date, they'll often just wait a while until you've reconnected.

Disconnect all you want; the malware will wait.

Are You Protected?

The common thread above is malware, and the possibility that your machine was indeed infected with malware sometime before you began working on your sensitive documents.

No malware, no problem.

Which makes the second question I'm asking all that much more important: are you protected?

The software you have installed seems reasonable.

But there's so much more to internet safety than just installing a couple of anti-malware packages; Are they keeping themselves up to date? Are they configured properly?

You have a firewall in that you're behind a router (I'm assuming it's a NAT router, since most are). That's great.

Are you keeping your machine up-to-date with the latest patches and updates?

Do you know how to recognize phishing scams? Bogus email? Do you regularly open attachments from people you don't know, or that you weren't expecting? Do you like to visit "questionable" websites? Download illegal music or videos?

Do you use free open WiFi hotspots and know you know how to keep your computer safe when you're doing so?

Do you use weak passwords, or even worse - the same lame password everywhere?

All of those things, and a few more, can compromise your computer and result in malware infections, account theft or other scenarios that you just don't want to have happen.

Are you protected?

I have no idea. The answer to that is about much more than what's installed on your machine.

Article C4687 - December 23, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Wasisnt
December 27, 2010 11:33 AM

There are a bunch of free and effective anti spyware programs that you can download and install. Some of the better ones are Malwarebytes and Spybot.
http://www.onlinecomputertips.com/spyware/

Combofix works really good if you already have an infection such as one of those fake antivirus programs.
http://www.onlinecomputertips.com/spyware/combofix.html

Patrick
December 29, 2010 6:06 AM

"Are you protected? I have no idea. The answer to that is about much more than what's installed on your machine."

Very true!..

Imho keeping your computer 100% threathfree is, in the end, impossible unless you never ever link to the outside world. Be it directly via the internet or a local network, or indirectly by installing third party software or data using transportable media.

Apart from basic protection shemes one needs a thorough knowledge of soft- and hardware nowadays ànd to keep updated via trusted sites. But that is far from enough...

(A few?) years of sometimes painfull experience is a "must" in learning to get "the feel" or "taste" for what is potentially harmfull or harmless, training your intuition so to speak. And even very experienced users get into trouble again one time sooner or later. E.g. even backups may be infected without you being aware of it in time...

So finally a lot also depends on the personality of a user and his/her sense of responsibility. There really is no free lunch on the net but you can minimize the cost of a good meal ;-)

Greetz,
Patrick.

"There really is no free lunch on the net but you can minimize the cost of a good meal." - Love that. Well said. Smile
Leo
29-Dec-2010

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.