Fast Forward: The Fix Is In
Print
Imagine having your car serviced and finding 100 unexplained miles on the odometer, plus evidence that burglary tools had been stashed in the trunk. Would you be pissed? I was.
Except it was my computer, not my car, that a repair shop messed with.
We’re so focused on threats coming from the Internet that it’s easy to forget the hazards closer to home. The best antivirus software, firewalls, and spyware scanners are worthless when someone violates a trusted relationship. Maybe you can learn from my experience.
My backup computer (a Mac) developed a minor hardware fault I couldn’t fix. A local repair shop couldn’t fix it, either, so I settled for tolerating the problem. Later, while downloading a software update, I discovered four mysterious entries in the web browser’s download log. Quick research confirmed my suspicions—they were password-cracking programs, mainly for penetrating Wi-Fi networks.
At first, the shop manager seemed nonchalant. I was worried that my computer had been used to commit a crime, so I called the cops. A detective on the fraud squad was very interested and very knowledgeable. He investigated, but found no evidence that my computer was used for criminal purposes.
Though reassured, I still couldn’t trust the machine. What else might be hidden on the hard drive? A keylogger? Botnet malware? Child porn?
My next contact with the shop manager found him more sympathetic. He apologized and said the tech who had worked on my Mac confessed to experimenting with the Unix Terminal program underneath the Mac OS. It was a poor excuse that didn’t explain the entries in the browser’s download log, but I was more interested in cleaning my machine. After I declined his offer to clean it for me, he gave me the latest version of Mac OS Leopard. I spent hours wiping and reinstalling everything.
A rogue repairman is always a possibility. What are your countermeasures? My personal files were safe because they were stored on an external drive. Encrypted folders are the next best thing. Perhaps the best precaution would be a better odometer—personal spyware that secretly records everything done with your computer while it’s out of your hands. Peace of mind doesn’t come easy.
Tom Halfhill was formerly a senior editor for Byte magazine and is now an analyst for Microprocessor Report.
More like this
Seana7a7
June 30, 2009 at 2:50am
Learn to fix your own PC (easy) and don't use Mac's (hard) because there a rip-off to get replacement parts to fix them.
dtsage
June 30, 2009 at 1:02am
Jeesh, lighten-up. Password cracking software doesn't have to be illegal. There are legitimate uses for them. Since it was a computer repair shop there is even a possibility it was requested by another customer who had forgotten their password. As for running the odometer, I am sure that the time you spent re-installing the OS caused more wear and tear than the 30 minutes the tech spent testing the software. You are worried about what might be left on your computer, but you should be more worried about the agency that might search the hard drive of an otherwise OUTSTANDING citizen.
Tekzel
June 30, 2009 at 5:23am
Even if that were the case, they would have still been wrong because you never use a clients machine to fix anothers. You use a shop machine. Your whole post makes it sound like you are just the kind of jerk-off geek squad reject that Tom dealt with.
That aside, my solution is simple: I trust my PC repair guy explicitly. He would never do anything to my computer that I wouldn't. Mainly because he is me.
nhskier4life
June 29, 2009 at 7:05pm
I remember reaading an article somewhere a while back related to this. Some guy offered to fix a few college girls' laptops for free. He installed software that let him remotely activate their built in web cameras and stream himself the video. He recorded them changing and such. At least he wasn't a prefessional repair guy.
domih2009
June 29, 2009 at 6:01pm
If the suspected hardware fault is not the hard disk:
(1) Backup hard disk (e.g. dd to another disk)
(2) Low-level format the hard disk and install a brand new OS (re-install or dd from another disk).
(3) Send the PC or Mac for repair.
(4) When you get it back: Low-level format the hard disk and dd back the backup.
Alternative:
(1) Remove the hard disk.
(2) Put another one with a brand new OS.
(3) Send the PC or Mac for repair.
(4) When you get it back: switch the disks
(5) Low-level format and reinstall the drive that went to the repair shop (for next time use).
Then you are sure that what is on your drive is yours and only yours. In addition, the repair shop cannot peek or copy anything that belongs to you (even if you use encrypted files).
quicks0rt
June 30, 2009 at 1:38pm
Good suggestion. However, it's still too much trouble for an average joe. This still does not guarantee that the shop won't use YOUR machine to do other things than repairing your machine.
domih2009
July 02, 2009 at 3:07pm
For the average user that may sound like a complex thing.
However, another side of the story is that once a third party has physical access to one's disk he/she can access the disk for the rest of his/her life without the disk owner even knowing it. The third party just had to do the same thing: dd the disk on one of his/her disks. No trace left on the customer disk, yet the full contents of the customer disk is now also possessed by the 3rd party.
Given that all OSes have swap partitions or files, given that most applications have the tendency to cache things on the disk (and then delete them), there is always a plethora of data on your drive in the unused space.
Try a deep scan using http://www.recuva.com or http://www.diskinternals.com/ or whatever alternative http://www.google.com/search?q=uneraser on one's disk. You will find a trove of files. Eraser utilities such as http://eraser.heidi.ie/ alleviate the problem but they are not 100% foolproof (scenario: a file is deleted, later the unused space created by the deletion is reused by the space (p)re-allocation of another file but the blocks are not written yet; result: the old data is still there even after erasing the unused space).
It may sound extreme cases and/or paranoid. However when you work with sensitive data as an employee or a consultant: security companies, financial institutions, corporate secrets, high-level management and so on you do care. First because you do not want to end up being the dumb one, second because you signed an NDA.
Joe D
June 29, 2009 at 5:57pm
We're a two man small business at a small town and have seen many customers computers with "mysterious" programs, entries, and what have you a lot more then I would like to see. One customers computer was setup to retrieve and send all data from the customer's home network, which consisted of four computers, to an unknown IP address. I thought the guy was lying but it wouldn't make any sense for him to be sending his personal data to an outside source. Thankfully a virus on his computer lead him to send it to us and we found this in time. Though the guy wasn't using his computer for really really important data, it's still scary to think some guy you have to trust with your machine could do this. I'm glad that even after that the guy can still trust our company enough to still be our customer. I'm also glad I know enough to fix my own problems when they happen and not have to go to somebody else.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm1 hour 53 min ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ3 hours 7 min ago
- maximumpc: Blizzard Newstravaganza: Diablo III Gets Release Window, Blizz Sues Valve over DOTA http://t.co/79gkeH7p5 hours 1 min ago
