Return to: OIT Home : U of M Home
 
 
     
         
     
Gold University of Minnesota M. Skip to main content. University of Minnesota. Home page. One Stop | Directories | Search U of M
     
             
     
Tech Talk logo. Link to home page.
About the Show
Show Schedule
Episodes
Tech Terms
Viewer Questions
 

  • Season 5
  • Season 4
  • Season 3
  • Season 2
  • Season 1

    • Podcasts
    		 
    submit feedback | contact us |
    		  &nbsp  
     
    Tech Talk Home>>Viewer Questions>>

    Protecting Your Data

    On this page:
  • Question
  • Answer
  • Follow-up question
  • Follow-up answer
    •  
      &nbsp    

    Question

    Is there a way to tell if someone has remotely stolen any private information (such as passwords, account numbers, etc.) from your computer? For example, if a hacker has stolen such information, will he always leave some sort of a trace that could be detected by antivirus software or by spyware/adware detection software?

    — A viewer

    Answer

    A "Tech Talk" staff member responded:

    Unfortunately, there is very little that can be done to track what someone may have obtained if they cracked into your computer. There may be some logs in your system showing what was done. It takes a fair amount of expertise to be able to read the logs and decypher what they mean, but even then there will probably be no definitive information about what may or may not have been obtained. As always, the best advice is to proactively work at keeping intruders away by being careful with how you access information on the Internet, including being ultracautious about attachments you receive in e-mail. Using a good antivirus program is crucial. Using a firewall to block intruders can help keep them away. Keeping up-to-date with security patches that come from Apple or Microsoft will also help protect your system. Finally, if you have information that is important on your computer, information that could lead to theft of your identity in one way or another, the best practice is to remove it from your computer completely. If you need it there periodically, copy it to another medium such as a CD-ROM, ZIP disc, floppy disc, thumb drive, or another form that you can use only when it's absolutely needed.

    Thank you for your interest in TechTalk!

    Sincerely,

    Tech Talk Staff

    		 
     

    Follow-up question

    Thank you for your response. I think you answered a different question from what I asked. I apologize if my question was not clear enough. I asked whether there is a way to tell whether or not a person has cracked into the computer remotely, and your response pertained to tracking what was stolen, under the assumption that someone did indeed break into the computer. So the first question that needs to be answered is whether there is a way to tell whether or not someone broke into the computer remotely, which is a question that I don't think you answered. In other words, the first question to be answered has either a "Yes" or "No" answer. Did someone break into the computer remotely or not, and I thought that perhaps the only way to tell is if they left some sort of a trace. So basically are you saying that they can break in remotely and not leave any trace, and therefore one would never know whether the answer is "Yes" or "No"? If that is the case, then how would you know whether your antivirus program and firewall are working properly?

    Also, you mentioned that the best practice is not to store any private information on your computer. Can you tell me, does some information that I type in on web sites get stored anyway, without me knowing it? For example, if I log into my account on my bank's web site, does the account number and password get stored somewhere on my computer, even though I myself have not taken any steps to store it on my computer? I do try to delete the "Temporary Internet Files" periodically, thinking perhaps maybe such information is stored there. Is such information stored there or elsewhere on my computer?

    I do try to keep updated on my antivirus program and Windows security updates, but in my particular case, a bunch of Windows security updates had come out on June 14th, and I hadn't updated yet by June 16th, and I had an incident on that date that led me to believe some information might have been stolen, but I don't know for sure or not. All I know was that I got a couple days behind in my Windows Updates, and then all of a sudden something happened.

    — A viewer

    Follow-up answer

    A "Tech Talk" staff member responded:

    Thanks for your follow-up questions.

    Using tools available to a system administrator and assuming that full logging has been turned on (something that is not set by default) it is often possible to tell if someone has logged into your system. None of the tools available to the typical user will make it easier to tell if this has happened. It takes a fairly trained eye to look for the specific items in the system logs that would indicate that someone has cracked into your system. A firewall program is only as good as how it's been configured. It's possible to lock it down so tightly that nothing can get into your machine. However, you would normally set it up to allow certain types of services or certain Internet sites to have access to your system, but then only for specific purposes. Further, you would be able to configure the firewall to identify all attempts to connect to your system. Again, these logs can be difficult to read, but they will provide you with clues as to whether someone attempted to connect to your system and whether they were allowed access or were turned away. Careful interpretation is needed, however, as it's fairly easy to misconstrue those reports.

    And yes, it is possible for someone or something to crack into your computer without leaving a trace.

    Note that anti virus programs, in general, would not detect intruders nor shut them out. They normally work only to detect viruses that might attempt to attack your machine and sometimes will block ads, but these programs have a very different purpose than a firewall would have.

    It is possible for private information to be stored on your computer, but usually if there are rogues out there they will grab the private information and send it to their creator rather than just store it on your computer. That is why you need to be cautious about what you do on the Internet. You may want to check with your bank to find out of their software stores anything like this on your computer. My personal feeling is it's good practice to get rid of the temporary files. I have found a nifty program called CleanUp! that will rid your system of all sorts of things beyond the folder with the Temporary Internet Files. If you decide to take a look at this, search for it using Google and download it. Then, before running it for the first time, make sure you have backups of any files you absolutely need. It's my understanding that it deletes any files with the underscore character as part of the name. NOTE: Be cautious with this program and observe the recommendations and advice the author provides. I've had a lot of luck with this program, but there is a chance it could destroy important information.

    It's hard to say if anything happened as a result of the two days between when the patch was published and when you were able to apply it. Be aware that the vulnerability that it might have fixed was there for a long time, so if someone attacked your computer it could very well have happened prior to June 14.

    Thanks again for your interest in TechTalk.

    Sincerely,

    Tech Talk Staff

    		 
     
    		  &nbsp  
             
         
     
     
     
     
    ©2007 by the Regents of the University of Minnesota. All rights reserved. Trouble seeing the text? | Contact U of M | Privacy
     
    The University of Minnesota is an equal opportunity educator and employer. Permissions and Copyright Information

    Page updated Friday, 16-Sep-2005 10:20:28 CDT.