Fast Forward: The Fix Is In

Imagine having your car serviced and finding 100 unexplained miles on the odometer, plus evidence that burglary tools had been stashed in the trunk. Would you be pissed? I was.

Except it was my computer, not my car, that a repair shop messed with.

We’re so focused on threats coming from the Internet that it’s easy to forget the hazards closer to home. The best antivirus software, firewalls, and spyware scanners are worthless when someone violates a trusted relationship. Maybe you can learn from my experience.

My backup computer (a Mac) developed a minor hardware fault I couldn’t fix. A local repair shop couldn’t fix it, either, so I settled for tolerating the problem. Later, while downloading a software update, I discovered four mysterious entries in the web browser’s download log. Quick research confirmed my suspicions—they were password-cracking programs, mainly for penetrating Wi-Fi networks.

At first, the shop manager seemed nonchalant. I was worried that my computer had been used to commit a crime, so I called the cops. A detective on the fraud squad was very interested and very knowledgeable. He investigated, but found no evidence that my computer was used for criminal purposes.

Though reassured, I still couldn’t trust the machine. What else might be hidden on the hard drive? A keylogger? Botnet malware? Child porn?

My next contact with the shop manager found him more sympathetic. He apologized and said the tech who had worked on my Mac confessed to experimenting with the Unix Terminal program underneath the Mac OS. It was a poor excuse that didn’t explain the entries in the browser’s download log, but I was more interested in cleaning my machine. After I declined his offer to clean it for me, he gave me the latest version of Mac OS Leopard. I spent hours wiping and reinstalling everything.

A rogue repairman is always a possibility. What are your countermeasures? My personal files were safe because they were stored on an external drive. Encrypted folders are the next best thing. Perhaps the best precaution would be a better odometer—personal spyware that secretly records everything done with your computer while it’s out of your hands. Peace of mind doesn’t come easy.

Tom Halfhill was formerly a senior editor for Byte magazine and is now an analyst for Microprocessor Report.