How to feel confident a computer hasn’t been compromised?

We have a ‘public’ computer in the house. It runs stock Windows firewall and antivirus and runs Firefox with AdBlock and Ghostery, but not NoScript. It has the free versions of MalwareBytes and Spybot. When people visit I try and keep a Linux VM running with an open browser, but that’s far from 100 percent.

My in-laws are from Russia and frequently visit random sites linked by friends. Not to single them out, but they have stereotypical levels of credulity in visiting sites, and HolyShitWouldYouPleaseStopVisitingSitesInThe.ruDomain! When friends and relatives visit, they are excited to show pictures on a convenient USB flash drive (from Russia). That’s what gives me the most unease, but the computer is there for friends, sitters, etc. as well, so it’s pretty much a public PC as far as I’m concerned.

I’m not too concerned about data, although it can link down to our work NAS if you enter the right user/pass so that’s not far from mind. What I’m mostly concerned about is inputting names and passwords either for the server or for online services. I wouldn’t go to a bank’s site, but I do want to enter my Google and email credentials to check on things while we’re in the kitchen.

None of the basic scans have turned up anything. Assuming we’re not being specifically targeted, at what point would you feel comfortable using the PC to log into things?

In the endless tradition of trying to be helpful without answering your question:

Do you have two-factor authentication set up for any email accounts you’d like to use? That should mitigate (I hesitate to say “eliminate”) any risk from a keylogger or other garden-variety malware. Even if your password is compromised, nobody should be able to get into your email from any remote computer.

Right after I boot it myself from a LiveCD USB image of CentOS.

Standard practices:

  1. Do not allow applications and browsers to save username/password/browser cookie information between sessions.
  2. Log into the system as a standard user, not an administrator. Log in as the administrative account only when necessary (install software, etc…). By default, standard users GENERALLY cannot install software that persists in running between reboots.
  3. If necessary, Windows contains an account named “Guest”. It has slightly fewer privileges than a standard user (this is usually not necessary and doesn’t generally afford that much more system security than logging in as a standard user).

If you feel confident that your computer hasn’t been compromised then you are a member of the target audience for hackers.

Boot from a Live CD. Run Windows in a VM that’s reloaded from read-only media after every use. It’s the only way to be sure.

The key to feeling such confidence was in not about knowing the dangers, 99.9% of the people who feel confident that their computer hasn’t been compromised are simply ignorant of the subject.

Alas, it seems you now know too much. Now you can only reminisce about the days when you were blissfully ignorant enough to feel that confidence.

Build it anew. Lock the machine down using GPEDIT.MSC. Take an image of the PC. Reimage the PC after a visit.

Beyond that the PC needs to be on either a physically different network - typically via a router - or a separate VLAN from the other PCs in the house.

I would definitely wipe it. Set up a guest or at least non-admin account. Keep anti-malware and security patches current. And having it on a VLAN is a great idea.

Something like this is what we do with really public computers at our County Library system: users can download things, save cookies, passwords, etc. But all of that is erased and the system is reset to a specific, clean starting state when each new user logs on.

So far, that seems to work pretty well. The problems we’ve seen is when two users share a computer, and the second one takes over without logging in as a new user – then malware from the first user can infect the second user. Doesn’t seem to happen very often, or they don’t complain to us about it.

More common problems come from users who don’t understand that these are public machines, with nothing saved – they complain that they can’t find the document they worked on last week and saved their only copy on this machine. (And they don’t learn – they do it again the next week!)

Microsoft used to have a thing called Steady State which would have been just the ticket, but they discontinued it. A quick Google indicates that Reboot Restore and Deep Freeze may be good replacements.

Note that for the truly paranoid, the restoring-known-good-image thing isn’t enough.

E.g., the NSA has malware that infects the firmware on hard drives. Wipe and restore doesn’t get rid of that. And there are currently no publicly available tools to check if the firmware on a drive is bad and replace it with a saved copy.

Routers are a major target of some malware programs. If a home computer is infected, it makes it much easier to infect the firmware of the local network. It’s usually easy to restore a router’s firmware. Unfortunately, most router companies do a terrible job of providing updated firmware that eliminates the holes that these programs exploit.

If your router is infected, a lot of problems can ensue regardless of what you’ve done on your PC.

Have a nice day.:o

You can be confident that your computer has never been compromised if it’s never been powered or connected to anything. Unless it was compromised at the factory. :smack:

In a related sense, you can be confident you’ll not get run over by a car by staying inside your entire life. Unless a car jumps the curb and plows into the house you’re cowering in.

See also “Reflections on Trusting Trust”, by Ken Thompson (Communications of the ACM, August, 1984).

My steps to computer security:

  1. Don’t do stupid things with your computer.

  2. Keep vigilant, and act when you suspect something is wrong.

  3. Use the appropriate tools to diagnose and fix a problem and verify the fix.

Do this and you don’t need to be tinfoil hat scared of the malvirusbot hackerworms.

There’s so many ways to infect a computer, there’s no way to know you’re really safe. The more often sketchy sites are visited, the more likely you’re infected. But even regular sites are sometimes hit by hackers and visitors may be infected. Russian hackers are very smart and motivated. Who knows what they can come up with.

One way to help your browsing be more secure is to use a program which creates a virtual sandbox around your browser program like sandboxie. When you launch the browser in the sandbox, anything it writes to the disk goes to a scratch location which is deleted when the browser closes. The browser doesn’t know anything about this. It thinks it’s writing to the normal computer environment. Any viruses downloaded will end up in the sandbox and get deleted later. The disadvantage of running in the sandbox is that everything is forgotten when you close the sandboxed browser. Things like history, bookmarks, saved passwords, etc only last during the session.

As for your USB, you can turn off auto play so that your computer won’t automatically run the init programs on the stick when you put it in the computer.

The safest thing might be to get a cheapo computer from craigslist for them to use. Many of the independent computer shops around here have desktop systems for around $100.

One problem with having in-laws use the computer is they are probably very likely to click buttons on popup dialog boxes that they shouldn’t. I know my in-laws are pretty likely to click OK on any dialog just so that it gets off the screen, even if it says “Click OK to install viruses and encrypt everything and have to pay me $100 to decrypt.”