Can someone else access your pc?

[Liz]

A friend of mine has someone who does her computer updates and repairs. Sometimes he works from his home office. When he works from his office, she has to be on the pc initially for him to access it, but I think he can do the rest without her being there (not sure). This person is a long-time friend of hers and trustworthy. However, it got me to thinking.

Up until now I thought computers could only be accessed from another site through software or networking which would involve installing software on all computers involved. I know parents access their children’s computers and can follow their online trails – but I believe this also takes software. I think business offices access all their computers through networking which also involves software, or has that changed? I am so behind in the world of technology.

My question is – how easy is it for someone to access your computer and online account without your permission – and without installing software? I know I don’t use my password anymore because I’m the only one who uses the computer. My secretary used to use it, but she isn’t here anymore.

[Anbesol]

It essentially does require installing a software program and being accessed through a network infrastructure. Thing is, viruses - namely trojans, are capable of opening a network 'back door' in your computer. The trojan's planted are often discreet and don't provide a software gui (or, in the case of weather bug, it does). If you track your ip log's in your router, this is one way to determine activity. In XP they are usually detectable by simply looking through your windows task manager and seeing if its a listed process. Depending on your set up, there may be up to a few dozen different processes running, but if you hunt through the names of each set up program and determine origin or application you can determine if there is a rogue program. For example, looking through my processes, there is a program called "wmplayer.exe", I have my media player open, its the genuine program and isn't source to any software problems. There is another one, "PPUiP6600DMon.exe", this I know is genuine canon software drivers for my printer. I hope that illustrates what I'm saying.

The other possibility for a "hack", though its less invasive and problematic than the aforementioned, is hacking your activity or programs (email) through servers. Every web site is susceptible to this, and some have better security than others. But this kind of 'access' is really only access to your online actions, and nothing to do with your own home PC/program use. The big problem with this is online banking - I have even personally been sent a few fraudulent ebay/paypal/bank pages to my email, where they report to be from one of the companies but in fact are actually not, asking for my information and login. Common sense avoids this problem, if someone asks you for your password or information, make sure its on a secure site (the 's' in https), and make sure its the genuine original site.

Conclusion: Buy a Mac.

[Liz]

Anbesol -

Thanks for the info....

I think I'm the only one among my group of friends that thinks banking online is a good thing. Most of them don't think it's safe....In a way, I think it's safer because you can see your balance and activity anytime you want. However, to each his own.

I was just surprised when I found out that someone can access another person's computer and make changes so easily from another computer miles away. However, in order to do this, someone has to be at the computer being accessed. It still seems strange to me.

A few years ago when I was the director of a residence for homeless women, we provided computers and gave them access to the internet - with limits. We purchased some kind of software that was really made for parents who wanted to limit their childrens' online activity. The residents knew the rules and were aware of the software that would limit their activity. However, the software continuously caused the computers to crash so we removed it. I think the problem was us to be honest - we just didn't know what we were doing. Also, the software wasn't refined at that time.

So ........no one can hack into a "Mac?"

Liz

[mwfanelli2]

I think I'm the only one among my group of friends that thinks banking online is a good thing. Most of them don't think it's safe....In a way, I think it's safer because you can see your balance and activity anytime you want. However, to each his own.

I have been banking online for about 15 years (started with a credit union). In all that time, no online activity was ever hacked.

I was just surprised when I found out that someone can access another person's computer and make changes so easily from another computer miles away. However, in order to do this, someone has to be at the computer being accessed. It still seems strange to me.

You have to allow this. Dell did the same thing when I had a problem, the tech took over the machine. But, I had to enter my password and tell the firewall that it was OK to access my machine remotely. Dell installs software to do this. You can uninstall it or ask that it not be put on the system at all. It's a good thing if you only allow trusted people in.

A few years ago when I was the director of a residence for homeless women, we provided computers and gave them access to the internet - with limits. We purchased some kind of software that was really made for parents who wanted to limit their childrens' online activity. The residents knew the rules and were aware of the software that would limit their activity. However, the software continuously caused the computers to crash so we removed it. I think the problem was us to be honest - we just didn't know what we were doing. Also, the software wasn't refined at that time.

This type of software is prone to crashing. I doubt it has anything to do with you. Vista has parental controls built in but I haven't needed to look at them.

So ........no one can hack into a "Mac?"

LOL! The Mac is one of the easiest machines to hack. At a recent security conference, Apple Leopard was hacked in just two minutes! It took two days to hack Vista (using an Adobe product) and never at all for Ubuntu Linux. Trust me, there are going to be many surprised Mac users one day. Apple is starting to attract attention it has never had before.

The bottom line is that no technology is totally safe or foolproof.

[bluesguy]

For what's it worth, no machine is absolutely secure from a knowledgeable and determined person.
But after saying that, there are a lot of things that can be done to make your PC more secure so that a hacker has to really work to gain access. run several good virus/malware pgms and keep the dat files up to date, install a good firewall, make sure your router is secure if you have a homenetwork.
change passwords frequently, and the beat goes on. For online banking, set up alerts that can notify you to all accesses to your accounts, setup credit card alerts to notify you of purchase limits that you can set. note: it has been proven by the xperts that in an office setting, they can acquire your password in about 60 minutes of looking around in your cube.

bluesguy

[Liz]

Thanks Michael and Bluesguy... it's good to get a little education once in a while.

You have to allow this. Dell did the same thing when I had a problem, the tech took over the machine. But, I had to enter my password and tell the firewall that it was OK to access my machine remotely. Dell installs software to do this. You can uninstall it or ask that it not be put on the system at all. It's a good thing if you only allow trusted people in.

Yes, I had to do something similar to this with Verizon when I had an online problem a while back, except they just needed to work with me online. BUT! we had a worse problem the next time I had an online problem. That time it took over 5 hours for Verizon to find the problem. I was literally on the phone with them for 5 hours! I nearly lost my sanity! And I couldn't believe what the problem was! The person who helped me out the previous time had actually changed my password - he never told me he did it - or what it was! That was scarey!

As far as I know, the person that fixed my friend's computer from his home didn't install any software in her computer beforehand. Also, she doesn't use a password to get into her computer. However, she did have to be sitting at her computer at the time he initiated it from his computer. So, how did he do it without software? Did the fact that she doesn't use a password make a difference? I don't use a password just to get into my pc either as I'm the only one who uses it.

One more question - what about online? Do you need software installed on both computers in order for someone to access your online account? Some of the computers in the building where I presently work are networked, so I assume they use the networking software.

Thanks for the info - I'm learning quite a bit here.

Liz

[another view]

LOL! The Mac is one of the easiest machines to hack. At a recent security conference, Apple Leopard was hacked in just two minutes! It took two days to hack Vista (using an Adobe product) and never at all for Ubuntu Linux. Trust me, there are going to be many surprised Mac users one day. Apple is starting to attract attention it has never had before.

The bottom line is that no technology is totally safe or foolproof.

I do agree with the last line, but remember that the Leopard hack thing being brought up here before. Seems to me there was more to the story (hacker got to keep brand new MacBook Air if he did it, etc). For those of us who don't really get into the nuts and bolts of the thing, I can tell you in the last year it's been really nice not having to fix a computer. The worst thing that happened to me was that it lost my home wireless connection, so I had to look up the password on another computer. I think I can live with that sixty-second problem. And Mac will always ask for your system password (which you may or may not need to even turn the thing on - your choice, in settings) before it'll install any software.

Same for Windows? Nope. I have had my work PC worked on remotely and it's kind of a strange experience watching someone miles away control your PC. I think I just had to click "yes" to something and they were into it, but the IT dept probably installed the software before I got the machine. Still, how easy would it be to accidentally click that versus actually typing in your password (that it will not automatically remember for you)? :skep:

[mwfanelli2]

As far as I know, the person that fixed my friend's computer from his home didn't install any software in her computer beforehand. Also, she doesn't use a password to get into her computer. However, she did have to be sitting at her computer at the time he initiated it from his computer. So, how did he do it without software?

Remote login must be setup in advance. There is no default for it.

One more question - what about online? Do you need software installed on both computers in order for someone to access your online account?
Liz

Online accounts only need the password. You can access online sites from any browser on any computer. I do it all the time. Make sure your password is weird and non-predictable and not a word(s) found in a dictionary.

And Mac will always ask for your system password (which you may or may not need to even turn the thing on - your choice, in settings) before it'll install any software.

Same with UAC on Vista. I wrote something here a couple of days ago that illustrates this. I am not sure how its set up on a Mac (Vista is automatic): I installed software from the web on a computer lab Mac (Tiger) two weeks ago that I believe I should have had no access to do. It certainly failed on the lab's XP machine.

Same for Windows? Nope. I have had my work PC worked on remotely and it's kind of a strange experience watching someone miles away control your PC. I think I just had to click "yes" to something and they were into it, but the IT dept probably installed the software before I got the machine. Still, how easy would it be to accidentally click that versus actually typing in your password (that it will not automatically remember for you)?

When I worked at a Mac shop, automatic remote logins and downloads were done all the time by the night crew. No passwords needed. It has nothing at all to do with what OS you are running, just the software that is installed.

As for that hacking contest... the Mac was cracked super quickly using only Apple software that Apple supplies automatically with Leopard. Yes, each machine was awarded to the guy(s) who hacked it and the MacAir was a cute prize. But it still took two days of hard work and third-party software to hack Vista. Nothing, over three days, could break into Ubuntu. Regardless of how anyone spins this, it speaks very poorly of security and Apple. A claim, by the way, that some people have been screaming about for a long time.

[Liz]

Thanks, Michael.....I appreciate the info. I'm going to be getting a new computer - I want to do everything right for a change.......not just leave it up to whoever installs the software and let it go at that as I usually do.

Liz

[mwfanelli2]

Thanks, Michael.....I appreciate the info. I'm going to be getting a new computer - I want to do everything right for a change.......not just leave it up to whoever installs the software and let it go at that as I usually do.

Liz

Just a note: if you buy from Dell, I have read that they will forgo their normal mindless collection of junk preloaded software (demos, annoying utilities, downright advertisements). You have to call them and ask. Especially make sure they skip any anti-virus junk, install your own.

I did not know about this when I bought my computer a couple of years ago. Took me forever to clean it up!

[Anbesol]

LOL! The Mac is one of the easiest machines to hack. At a recent security conference, Apple Leopard was hacked in just two minutes! It took two days to hack Vista (using an Adobe product) and never at all for Ubuntu Linux. Trust me, there are going to be many surprised Mac users one day. Apple is starting to attract attention it has never had before.

What are you talking about, what "hack".. More importantly, how was it planted?

[mwfanelli2]

What are you talking about, what "hack".. More importantly, how was it planted?

Do a search on this forum. My post included a link to the details.

Oh, OK. I'm just sitting here anyway!

Hacked!

[Medley]

What are you talking about, what "hack".. More importantly, how was it planted?

The security conference was a three day event. In the first day, the only attacks that were allowed were remote attacks on the OS itself, requiring no input from the computer's user. None of the three systems was successfully hacked.

Day two of the conference allowed the attacks to be expanded to the applications installed on the system by default. The MacBook Air was successfully hacked through a day-zero (previously unreported) vulnerability in the web browsing application Safari. The hacker in question, Charlie Miller, hosted a malicious website privately, then accessed it from the MacBook Air, and, in two minutes, was able to take full control of the machine remotely.

What this mean to you and me is that we would have to follow a link to this website (using Safari) and remain there for two minutes while the malware downloaded itself.

Newsflash for all the PC users flaunting this: when my cpu comes under even moderate use, the fan speed increases. If it does so for no reason that I can see, I simply click on the "Turn Airport Off" link on my status bar, thereby severing any possible internet connection. No internet, no download. Then I do a system check to see what the problem was. Taking nothing away from from Mr. Miller's accomplishment, a moderately intelligent user could avoid this "hack".

Furthermore, a firewall would have rendered remote operation impossible without a user bypass. But since a firewall is not installed on a Mac system by default, there was none present.

At any rate, day three of the conference allowed the attacks to be expanded even more by allowing attacks from "popular" (as defined by the security conference) third-party applications. On day three, Vista was successfully hacked through the latest (as of that date) version of Adobe Flash.

Because the participants of the conference remain under a nondisclosure agreement until the flaws have been reported to the appropriate companies and fixes found, it remains uncertain wether the Flash attack would have been successful on either of the other two systems. Moot point since it will have been fixed before anyone finds out.

So yes, it's theoretically possible that your Mac could be hacked, and controlled remotely. I'd still consider it highly unlikely though, a fact borne out by the fact that it's been four MONTHS since the security conference, and the conference is still the only incidence that one can point to to suggest failings with the Mac architecture. Any PC users care to compare that with problems with Vista in the last four months???


I know, I know, "just you wait".........


........it's gonna happen............



........sometime...............



.......maybe not tomorrow.........



....... but sometime..........



....... soon........


I'll be here, using my Mac unabashedly (and intelligently).

- Joe U.

[mwfanelli2]

The security conference was a three day event. In the first day, the only attacks that were allowed were remote attacks on the OS itself, requiring no input from the computer's user. None of the three systems was successfully hacked.

Day two of the conference allowed the attacks to be expanded to the applications installed on the system by default. The MacBook Air was successfully hacked through a day-zero (previously unreported) vulnerability in the web browsing application Safari. The hacker in question, Charlie Miller, hosted a malicious website privately, then accessed it from the MacBook Air, and, in two minutes, was able to take full control of the machine remotely.

What this mean to you and me is that we would have to follow a link to this website (using Safari) and remain there for two minutes while the malware downloaded itself.

Newsflash for all the PC users flaunting this: when my cpu comes under even moderate use, the fan speed increases. If it does so for no reason that I can see, I simply click on the "Turn Airport Off" link on my status bar, thereby severing any possible internet connection. No internet, no download. Then I do a system check to see what the problem was. Taking nothing away from from Mr. Miller's accomplishment, a moderately intelligent user could avoid this "hack".

Furthermore, a firewall would have rendered remote operation impossible without a user bypass. But since a firewall is not installed on a Mac system by default, there was none present.

At any rate, day three of the conference allowed the attacks to be expanded even more by allowing attacks from "popular" (as defined by the security conference) third-party applications. On day three, Vista was successfully hacked through the latest (as of that date) version of Adobe Flash.

Because the participants of the conference remain under a nondisclosure agreement until the flaws have been reported to the appropriate companies and fixes found, it remains uncertain wether the Flash attack would have been successful on either of the other two systems. Moot point since it will have been fixed before anyone finds out.

So yes, it's theoretically possible that your Mac could be hacked, and controlled remotely. I'd still consider it highly unlikely though, a fact borne out by the fact that it's been four MONTHS since the security conference, and the conference is still the only incidence that one can point to to suggest failings with the Mac architecture. Any PC users care to compare that with problems with Vista in the last four months???


I know, I know, "just you wait".........


........it's gonna happen............



........sometime...............



.......maybe not tomorrow.........



....... but sometime..........



....... soon........


I'll be here, using my Mac unabashedly (and intelligently).

- Joe U.

Not having a firewall by default says a lot about Apple's attitude about Mac security. A firewall is a basic piece of software or hardware for all computers.

My internet connection is set to be the last thing that loads (yes, Vista has that ability). But, even then, that's just paranoia.

Sorry, there was a leak: Adobe's bug affects all versions of OS.

People DO link to and download stuff all the time without knowing why. The fact that Windows gets hit so often is because it is the major OS around and that's what this malicious software is targeting now. Like it or not, MacOS is getting noticed. By the way, a Mac is based on Unix: what happened to the sudo command to prevent automatic installs? Oops, they left it out.

I wonder why no one was able to hack into Ubuntu at all with anything? The last day was a free-for-all, yet nothing cracked Ubuntu. Hmm.

What "Vista bugs in the last 4 months"?

Look, if you like MacOS fine. That's personal preference If you like keeping your security head firmly in the sand, fine. If you believe that Apple and all of it's products are invincible, fine. That's what being a fanboy, rather than a logical realist, is all about.

As I said before, ALL TECHNOLOGY IS VULNERABLE. WORSE YET, USERS ARE THE WEAKEST LINK. That last part is independent of the vender, OS, or the technology be it home computers, mainframes, telephones, satellite TV down links, etc.

[Medley]

.







...........still waiting...................











- Joe U.

[mwfanelli2]

I love it! When you can't address the issues with intelligence, resort to childishness. You are an extremely bad example of a Mac supporter. It's time to grow up, leave your parent's home, and head out into the big bad world. Maybe then, you'll know enough about the good things related to MacOS, none of which you bothered to mention.

By the way, I have worked on, in my previous 25-30 years of IT experience, IBM 360 using an O29 keypunch card input, DEC System 10 and 20, Cyber CDCs, VAX/VMS, PDP-8, PDP-11, Sun UNIX on their Enterprise servers, Linux, all the Windows OS, Mac OS from 7.x onwards, I know something about security and computer OSs. Probably a lot more than you could ever hope to know. Each has strengths and weaknesses. No one OS/hardware is the "best" solution or the most complete.

By the way, did you read this?

http://db.tidbits.com/article/9706

Ouch!

[dumpy]

. By the way, a Mac is based on Unix: what happened to the sudo command to prevent automatic installs? Oops, they left it out.

I wonder why no one was able to hack into Ubuntu at all with anything? The last day was a free-for-all, yet nothing cracked Ubuntu. Hmm.

The more I use Linux, the more I realize the importance of something like sudo as a safeguard. (For the windows folks, it pretty much means no "users" have admin rights without entering a password, kind of like "run as")
In most flavors of linux, users are by default users, not admins. Sure you can set windows up this way, but who ever does? I'm guessing you can configure a mac this way too.

So why don't the mainstream OSes do this?:idea: To me it seeems like it would solve a lot of problems. It might seem like a pain at first, but after a while you really do get used to it.

[Medley]

You are an extremely bad example of a Mac supporter. It's time to grow up, leave your parent's home, and head out into the big bad world. Maybe then, you'll know enough about the good things related to MacOS

Personal attacks, combined with an accusation of childishness? You'll pardon me if I don't dignify them with a response.

I'm not doubting your intelligence Michael, so I see no need to post our resume's here. I happen to agree with you on several points. There is no one best system, and I don't think you'll find that I said anything different.

However, I don't agree with your statement that "Mac is one of the easiest machines to hack." That is certainly not, nor has it ever been, my experience. I simply pointed out that there has been exactly one major security breach of OSX in the last four months, and none in recent years before that. Those are the facts. Anything else is conjecture and hype. Are there, and have there been security concerns for the OS? Of course there have, just as there have been for any OS. However, users are relatively unconcerned about problems- except as it affects their computer system or network. That's why there are folks out there who make a living doing this kind of stuff, because most of the rest of the world doesn't want to. THAT, more than anything, is the problem. The biggest enemy of any security system is complacency, and it's one that you won't find in my system sir. Vigilance is the best security tool. With it, you can turn risk into information and opportunity.

So yes, I've read the information in that link. It's about a month old now. In terms of internet security, that means it's ancient news. Just because Apple hasn't addressed the problem does not mean that the problem hasn't been addressed. There are several patches out there now, but by and large they're grassroots efforts. It makes sense when you think about it though, the patch is only as reliable as its source. I got mine from an IT and risk management corporation that I'm very familiar with- familiar enough to trust it even more than Apple (which isn't saying a lot, now that I think about it).

So if I have one criticism of the security conference where the Airbook was hacked, it's that, to my way of thinking, it was unrealistic. If you're out there using a default system- ANY default system- with default software, you get what you deserve. That's the FIRST thing a rookie hacker learns to hack.

- Joe U.

[walterick]

Guys I'm going to have to step in here again and say:

ALL PERSONAL ATTACKS MUST STOP!!

We must be able to disagree civilly in this forum or we are in danger of losing it!

Thank you for your cooperation!
Rick

[Medley]

Agreed Rick. If I've said anything that Michael or anyone else has taken as a personal attack, they have my personal apologies.

- Joe U.

[Photo-John]

Agreed Rick. If I've said anything that Michael or anyone else has taken as a personal attack, they have my personal apologies.

- Joe U.

Thanks, Joe