After a computer has been hacked it can never be trusted again. So say the pros, and security expert Steve Gibson, of GRC.com, in particular.
"There is no way to know what might have been altered or changed. Any component could be Trojaned, or TimeBombed, or anything. The only thing to do if you want to ever be able to really trust your machine again is to wipe it and start over," says Gibson.
There, you heard it from the man himself. Gibson is one of America's pre-eminent computer security experts.
A Trojan, of course, is a nasty piece of malware that looks harmless but has a program inside that can give someone outside your system remote access or it can contain a virus or spyware. And TimeBombed ? That's just malware on a timer, set to go off at some future time.
Steps You Can Take Immediately After Being Hacked
If you think a hacker has been on your system and you want to take some instant security measures, here are steps you can take to reduce the risk of further visits .
Disconnect While You Assess
The first measure you can take that's instantly effective against a hacker is to disconnect the computer from the Internet. If you have a high-speed Internet connection, locate your modem, usually a box connected to your phone line or cable wire, and turn it off.
Install a Firewall
You have three options when it comes to firewalls:
I detail how to do this at the end of this chapter. On p. 101 , you'll see how to turn on the Windows Firewall or how to install a third-party software firewall. On p. 109 , I detail how to install a hardware firewall, which is built into a home network router.
Assess the Damage
Scan your system with your anti-spyware and antivirus programs to see if anything strange has been installed on your computer. Be sure to update your virus and spyware signatures first. You'll have to turn your Internet connection back on ( briefly ) to update these.
Also look for any new data that has been added or changed. To search for changes, use the Windows search function, following these steps:
This search process might freak you out, especially if you choose Accessed Date, because you'll see many files listed that have been accessed in a 24- hour period.
Remember that Windows accesses many files by itself, even when your computer is idle. So this is not indicative of hacker activity. However, Created Date and Modified Date settings might be useful in determining what files have be created or changed.
Wipe the System and Start Fresh
Remember that wiping your system and restoring it is the best way to start fresh and give yourself piece of mind. It's not a simple task, so steel yourself for a bit of hard work.
You need either a Windows installation CD from a store or the installation CD provided by your computer maker. It might have provided a full copy of Windows or a restore disk that wipes your computer and sets it back to the way it was the day you bought it, including all the preloaded software.
I detail the step-by-step procedure for wiping and restoring your system in Chapter 9, starting on p. 249 .
If you own a Mac, which uses the Mac OS X operating system, be sure to make a backup of all your personal data to CD or DVD first and then follow these steps:
After scrubbing your Mac, check the Mac OS for any updates since you originally installed it. Here's how: