Computer Guide

A Security Breach?
by George Skarbek - 30th May 2006

To look at the e-book in PDF format, Computer Guide, based on these columns click here

Google

Q: I have discovered that somebody has found a password and gained access to information that I thought was confidential. I have installed many security programs on my computer running XP with SP-2. I have three anti-spyware programs, two firewalls and anti-virus software. All software is constantly updated. Could a hacker have got in with this security? I very seldom leave the office unattended and the screen saver with a password starts in two minutes. Can someone find out confidential information in this short period?

A: It is difficult for me to answer as to how this security breach occurred. I think that it is unlikely that a hacker from the outside managed to breach your security. A far more likely explanation is that someone who had access to your computer may have planted some Trojan or keylogger and was able to retrieve the required information later. However, this is not that likely as your security software should have picked up any information being sent out. If they had brief access to your computer later then they could have copied the log file to a floppy and removed the Trojan. Searching for new files immediately afterwards may not have found the Trojan as it would have an older date stamp. If the search is initiated by using the mouse then no log would be present.

Although hackers receive much publicity, the facts are that the vast majority of security breaches occur by employees or ex-employees who still have privileged access to the corporate computers.

A person could run a program such as SIW (System Information for Windows) from a floppy or USB drive. Such a program does not have to be installed on your machine and therefore does not leave a footprint. This program will reveal most passwords used to access web sites and other passwords as well as showing serial numbers of your software. Used on my computer it revealed about 40 items. These included sites, usernames and passwords of many of my commercial web sites. The entire process took approximately 15 seconds from the time that I clicked on the SIW icon. All the results can be copied and saved to a USB drive. Additionally SIW will reveal passwords behind the asterisks. It is also probable that if he obtained your screen saver password and could access your computer later when you are at a meeting. Your entire hard disk could have been copied onto an external USB hard disk and then using programs installed on his computer to break into other secure files or folders at leisure, all without leaving a trace on your computer.

A knowledgeable person who knows what to look for needs only seconds at an unattended computer to find that information, therefore physical security to prevent intruders from using your computer when you are logged on is critical.

This free program, SIW, can be downloaded from:  www3.sympatico.ca/gtopala/about_siw.html. Such a program is of value to all users and not only hackers as this will provide detailed information about all software, hardware and networking aspects of your computer which can be very valuable in case of problems. For example, in a few seconds you can find out what is the software version of your video driver.

Q: I have Windows XP and do all the updates as they come up but in the windows folder I see there are a great number of uninstall files relating to the updates highlighted in blue. Can I delete these or must they stay?

A: This is a good question but regrettably I do not have a definitive answer. I have managed to speak to a senior Microsoft developer who works in the operating system division working on Windows. His advice was that they should not be deleted.

However, I have investigated what is in these folders and found many older files that have since updated several times. As a test I deleted a number of and all is still stable but I feel if I have to go to a distant prior restore point, there may be problems so I decided not to push too far in this area.

So my advice is: If you have a lot of free disk space left, leave these files. If you are short of disk space or you are having problems with backup, such as not being able to fit all onto a DVD and if you are missing out by a little bit, then you could consider deleting them.

Q: My computer has been 'stuffed' by an 'expert' - now I have hundreds of duplicate/triplicate etc files - is there a free program [or reasonable price] download for a home user to identify and delete the duplicates? Net had one [clonemaster] but user reports were bad.

A: There are very many such programs. See: http://www.pcworld.com/downloads/collection/0,collid,1325,00.asp for a small selection.

 

To look at the e-book in PDF format, Computer Guide, based on these columns click here