Friday, December 8, 2006

Basic Home Computer Security Question #2 How do I know if my machine has been compromised?

This question is as excellent as it is difficult to answer. There are so many different ways a machine can be compromised, and so many different clues that it’s kind of hard to define. One of the main reasons this is a difficult question to answer is that hackers normally cover their tracks when a compromise a machine. This means that they can delete messages and logs or run programs that hide processes are files that they may be using. I’ll go with some bullet points here.
- The first thing I normally do is scan my machine to see if there is any malicious software on it such as viruses, spyware, adware or Trojans. You can do this one of many ways. What I usually do is go to a web site such as trend micro and run their scanner tool which will scan my machine remotely. This tool will come back and tell me if I have any known software on my machine that is classified as malware. There are other utilities besides trend micro. Just to name the few: Spy Doctor, Ad Aware, and also Microsoft Defender is very good.
- Getting a little more complex you can simply use the netstat utility on your PC and see any network ports are open that shouldn’t be open. This is tough because you get a list of open ports and you will need to compare that against the ports that should be open. You will need to compare each port on your list to what Google shows as being the correct usage for that port, and then compare those results to what you have installed on your computer. Check the sysinternals web site, which now redirects to a Microsoft site for tools that can help you with this process. TCP view is a nice utility that tells you the ports are open and the application that has support open. That you need to be aware that an attack can be a very tricky thing and whoever wrote the attack code may be using an existing System file which could fool these types of applications.
- One of the most common ways to tell if your computer is compromised is if it suddenly starts to run very sluggishly. In this case again he would run the scans and take the same steps outlined above.
The best way to ensure that you are not currently compromise is to rebuild your operating system off-line, install a personal firewall and install antivirus software before bringing the machine back online.

1 comment:

Anonymous said...

Nice Blog. I will keep reading. Please visit my blog at:

The Internet Marketing Genius, Carael Knight