How do Hackers Gain control of Your PC??

When using an ‘unsecure’ wireless network, and all security programs and Windows OS(XP)are up to date; How does a Hacker get control of your OS ???

There really are many ways, so this question is a little ill defined too general.

Just try a simple google search for the title of your topic and you will see, one to look out for are google search results, some aren’t all that they are made out to be. Bad people can salt the results to take you to a site that seeks to do what it is you are trying to avoid, sneaky little sods.

So you need the WebRep and or WOT, to give you an idea of a sites rep, The number two hit in these results has a RED WOT ranking.

Basically any infection technique, could be used to get their hooks into your system and take it over. So it is no different to protecting your system from infection keep your OS and security software fully up to date; have a healthy dose of common sense and suspicion; have a robust backup and recovery strategy.

Mostly it would be from driveby attacks from either malicious or hacked sites redirecting you to a site to run a script and that payload could be almost anything.

That is why I run my browsers under DropMyRights (on XP), which limits the potential damage, I run firefox with NoScript and RequestPolicy add-ons to block scripts on the page or cross site scripting, unless specifically allowed.

That really puts a dent in the ability to infect you, added to that you obviously have the web shield and network shield that provide good protection against malicious scripts, hacked sites, redirections, etc.

Thanks DavidR. Yes, the question is very general, but it is a starting point.
I see users posts all the time, that state their OS is under control by outside forces and am always suspect/curious as to how these trojans/worms whatever get control.
I Google everything I am investigating, just thought I would get some further insight from the long time security minded professionals like yourself and others that support this forum :wink:

In most instances, it’s the user that let’s the hacker in.
Usually by the time they realize that they have made a mistake, it’s already to late.
The door has been opened and the fox has already been let into the hen house.

The scam that I’ve run into most is the fake security scan:

http://my.jetscreenshot.com/2701/m_20120102-ypkm-28kb.jpg
[/URL]

Something most of us have seen more than once. But, it keeps working on the novice
computer user. They can’t get over how in a few seconds, this security scan
was able to find so many infections when their own security software never showed anything.

It must really be something great so, they install it and let the devil in.

While doing my presentations, I’m always amazed at how many people are shaking their heads
when I ask if they’ve ever run into something similar and how they handled it.
Many of them actually installed this malware and then wound up paying to get their computers cleaned.

We all know that no protection is fool proof so the possibility of getting infected even
for the most careful person is still possible. Most users who err on the side of caution,
are far less likely to become infected than those that are click happy.

Hey Bob, and so very true. I’ve run into the Security Rogue (Scam) a couple of times in my travels on the net and I’m sure many get caught.If your not click happy and don’t panic,you can easily exit these phony alerts. These kind of ‘attacks’ are, I think among the more obvious or “in your face” attacks. The attacks that concern me, and more then likely, many security contious folks, are the behind the scene attacks. I’m a novice at security “holes” but I am most concerned about the bad stuff piggy-backing on legitimate program updates/Files that have been downloaded and how best to secure/detect against these attacks.It’s a war out there :-
Thanks :slight_smile:

and how best to secure/detect against these attacks
antivirus + Malwarebytes PRO + openDNS

You can also use NoScript/NotScript.

Provided you’re using Firefox or Opera for your browser.

+1

@schmidthouse
As you are using Finjan Secure Browsing and WinPatrol+ then Malwarebytes (MBAM) is a good addition.

I would not recommend WOT as it is a user based reputation add-on.

Thanks for the input. ;D
When talking about ‘Script’ it is the Java Script you’re referring too??
When setting up Firefox, in Tools/Options, I only see reference to Java Script. :-
Have not used Firefox in a long long time, so trying to get re-acquainted :wink:

Thanks DavidR. It didn’t take long, I figured out the Firefox add-ons you referred too and took them on. ;D
I see how these add-ons definitely increase security/privacy. :wink:

Firefox is the way to go. 8)

http://i795.photobucket.com/albums/yy238/Donovansrb10/FirefoxIScool.png

You’re welcome.

Whilst the NoScript isn’t too bad, you have to be pretty dedicated to your security with RequestPolicy as the number of 3rd party sites that have data imported (or scripts run) on sites now can be excessive.

Excessive for sure :o
Once acquainted,I think one might get a feel for it, or not :wink:

whats that S in the pic u posted seems to be iobit remove it if u have it its a thief! >:(

Its a NoScript icon, 0Indian. ::slight_smile: Relax. Deep breaths. :stuck_out_tongue:

If you had read the posts in relation with the image, it would have given you a clue (talking about firefox add-ons); had you looked closer at the image it is in the firefox window, add-on bar (not windows, notification area), instead of jumping to conclusions. It is for NoScript, what he was talking about.

Sometimes, when you have nothing constructive to add, the best thing to do is to add nothing. :slight_smile:

If you are using an ‘Unsecured Network’. You need to use a VPN service.

You need to make sure that you have ‘Https Everywhere addon’ installed.

https://www.eff.org/https-everywhere

If you aren’t using Firefox,

When you are using social networks like Facebook.

Log into https://www.facebook.com instead of http://www.facebook.com

When you are using Google,

Log into https://www.google.com instead of http://www.google.com

Otherwise, the person who is providing the Free Wireless can read your Google searches and even get your ids and passwords.

Most often, the Free Networks are provided by people with an intend to hack people who use them.

That’s NoScript in the Add-on Bar. ::slight_smile: