So my buddy gets his computer broken into (not hacked - the attacker wasn't that capable) by someone we'll call The Bad Guy. The Bad Guy got a keystroke logger somewhere and sent it to my buddy as an email attachment, which was opened in Outlook (see alternative app/OS suggestions below). Then the Bad Guy spends the next three or four weeks getting info from the logger, collecting passwords, user names, account names and such. Then the Bad Guy hits my buddy all at once (probably during hours when my buddy was known to be off shift and sleeping). My buddy's websites are trashed, his email accounts are hijacked and deleted, and many subscriptions and memberships were cancelled since the attacker could now pose as the membership-holder.
If we leave out online banking fraud (which apparently has not occurred), this situation would be about as bad as it gets. Let's make a list of everything that the victim now has to do to pick up the pieces of his online presence and certain aspects of his personal life.
0. Obtain a different, non-compromised computer.
1. Set up new personal and business email accounts (probably at a paid provider as opposed to at some free service), then inform important contacts via telephone or web forms on their sites.
2. Set up new Facebook, MySpace, LinkdIn, Classmates.com or whatever pages and rebuild all contacts lists.
3. Find account numbers, financial transaction records or bills that prove my buddy's identity to the website hosting company. Re-establish access to the website and rebuild it from scratch (all files deleted and replaced by garbage).
4. Image the hard drive of the compromised computer for later reference and/or legal action if desired and possible. Wipe the compromised computer and rebuild from backups, from OS/driver CDs/DVDs if such exist, or by paying the computer maker or authorized repair place to do it.
5. Bring back all personally created documents and work from backups if such were done. Bring back all application programs from install CDs if possessed.
My readers know me as a Linux guy and will anticipate certain suggestions of mine, but let me think like a Windows guy for a bit. I'm confident that I can do this, and am motivated to do so since many of my colleagues spend most of their time in that world. Now, if I'm a Windows person, I would still need to change my ways somewhat. Let's see how adaptation is possible. My buddy is like most people in that he's only concerned with the work that he needs a computer to do, not with security issues on the machine itself. That's how the problem starts and here's a proposed new strategy:
1. Use the original desktop or laptop as the general use/everyday/casual computer. Get another computer for important stuff. And consider a third one, properly Frankensteined for gaming (let's be realistic here).
2. On the general use computer (and the other ones if they're Windows boxes) load an antivirus product like Norton, McAfee, free AVG or such. Load an anti-crapware product like Malwarebytes, AdAware or such. Load a third party cleanup program like Window Washer or the free CCleaner.
3. Update and manually run on a minimum weekly basis all of the programs I mentioned above. In many senses these programs are not automatic; they have to be operated by the user. Various automatic settings are sometimes included but when viruses are automatically found, they must then be deleted by user action (usually prompted by instructions that pop up - they're easy - follow them!) Windows Update also prompts you. Do all updates - they're free bugfixes and don't take much time.
4. If any of these antivirus or anti-crapware products find anything, get onto the other (Important Stuff) computer and see if you can still get into your accounts. If so, change the passwords, going down a roster of accounts that you've stashed for just such an emergency. You may not be acting in time unless you only log onto important stuff with the Important Stuff computer.
5. OPTIONAL - If you wish to investigate, keep the compromised computer in its compromised condition to be examined or for the hard drive to be copied (imaged) for future reference.
6. Rebuild the compromised computer from operating system and driver CDs/DVDs that you've archived in advance, either from the computer purchase or some backup scheme like Norton Ghost or a competitor of that product, or one of the Windows open source (free) backup products.
7. Consider making the Important Stuff computer an Apple Macintosh, or loading a box up with an easy Linux system like openSuse or Linux Mint, which is now available for free, fast download at
LINUXMINT.COM
You knew that was coming.
I understand that if you require Windows for work files or development, then you might not have the open source option. But just about anything web-based is child's play for a *NIX box. And the two Linux distributions I mentioned above have good, bright update indicators on their desktops (updates are how most security holes are dealt with in Linux) that'll make you pretty safe. Unless you've pissed off the Defense Intelligence Agency or the Russian mafia.
