Topic: How does one TRULY protect a computer from being hacked into?

[VANGUARD]

My mom has a friend who is married to a computer nerd. He has his own computer business and has been doing that for many years. He knows quite a bit.
He is also quite a sneak and possibly a hacker. He has gotten into his wifes' emails, and attempted to get into my moms voicemail.
He also managed to get into his wifes' friends email and retrieve some files.

I tell you this to give you an idea of what kind of a person/hacker this person is.

We basically have an iMac, a macbook, and a laptop that will either contain PCLinuxOS or Mandriva.
My mom is concerned that he may try to hack into her computer and read documents, email, etc..

Are there ways to know if someone is hacking into her computer? Does a firewall work well or not?

[Crash]

Wow, what a bastard.

I'm no security guru but I would think that these would be reasonable precautions:

Just make sure you have a good hardware firewall as part of your home's wireless router.
Make sure your passwords to *everything* are strong and cryptic.
You might be wise to turn off things like Remote Assistance in Windows.
Make sure you have Either Microsoft Security Essentials or [ Windows Defender + another antivirus ] on your Windows boxes.
Use a really solid browser like Chrome or Opera. I've found that Firefox is pretty easy to hijack these days.
I would run CCleaner and Spybot once in a while as well. Clear your browser's saved form history every so often to make sure that credit card details aren't stored long-term.
Don't add anyone you don't know to MSN or anything. They can screw you pretty badly through there.
Any really critical/sensitive data - store it on a USB key and disconnect it from the PC when you're not accessing it and lock it away in a safe / whatever.
Start shredding your papers - anything with an account/phone number.

Regarding phones: there's nothing you can really do about them. GSM and voicemail security is just awful. It's a scandal.

[VANGUARD]

I did suggest a USB card to my mom, and I also want to say we discussed about having the computers off more often.
is there ANY chance to hack into a PC that is turned off? I don't see how it's possible.

yeah, clearing the cookies, password reminders. a friend of mine did mention about having letters, numbers and symbols (some I know don't accept symbols in passwords)
not to save password info.

with firewalls, what are you preventing? just the out of the blue person trying to get in? you can still download things and still steam videos, etc, right? just need to give them permission? I'm sure we've had firewalls up before, just not sure how they really work. may have to look more into that.

[karx-elf-erx]

If you have proof about your claims, you can report him to the police, because then what he is doing would be illegal.

[Crash]

Unless you're in the UK, where the police will probably help him out.

No way on God's green earth to jack a PC when it's off or in standby or in hibernation. It has to be *fully running* for it to be doing anything.
It's like stealing your car without it leaving the garage otherwise.
The hard disks have to be turning to access your data, the CPU, OS, everything has to be running to control the disk and the network has to be connected and running to get the data onto the internet.

Don't bother installing a special software firewall if the PC isn't really leaving the house. Most antivirus suites have them built-in anyway. Windows obviously has its own and anything with "Internet Security" written on it is always: [ Antivirus + Software Firewall + maybe a couple of other things ].
99.9% of routers have a hardware firewall, which is much more effective in general because the router stops the goings-on before it even touches the PC itself.
With a software firewall the thing your trying to stop is already *on* the PC before it's detected.
You can always get at your router control panel through your browser *if* you're already connected to your wireless network. (ie. Joe Public can't get at it obviously).
Normally, if you type 192.168.1.254 into your brower's address bar, it'll take you there and you can see if its firewall is running.
If your router doesn't give you "WPA"-level security (ie. it only gives you "WEP" security) you need to get a new one because WEP is quite easy to break into.

Basically, the firewall stops trojan programs from sending sensitive data (which it collects from your browsing etc and keystrokes) from your PC to the bastards stealing the data.
The firewall just looks at the signal and if it's dodgy it blocks it from going out. That's why you used to have to open a port for bittorrent clients to run across a hardware firewall. But they're much cleverer now so there's none of that anymore.

I'm not sure how watertight effective router / hardware firewalls are because everyone has them but they're much better than software.

[Kaiaatzl]

Turning off the computer entirely isn't really necessary.
She could just disconnect from the internet and the home network (if there is a home network) when she's not using her computer.
It's more convenient and definitely a lot faster than booting up every time she wants to use the computer.

[TechPro]

The BEST thing you can immediately do, is change passwords for EVERTHING.  Usernames for accessing the computer (ALL of them, not just the ones that are getting used), email accounts, etc.  Use strong passwords (contains upper and lower case, letters and numbers, at least 10 to 12 characters...).  DO NOT use the same password for multiple items.

If he can hack around all that, most safety/security products wouldn't be able to stop him.  As is, doesn't sound like he's anywhere near that sophisticated anyway.

[Matthew]

I highly doubt this is a case of actual hacking so much as password guessing. As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow. Viewing a bad web page or email being the most common, along with downloading and running a bad file. That aside, your email is not even technically on your computer, it's at a datacenter somewhere. The same goes for your voicemail, except you can't really get your home phone keylogged. So... Antivirus + don't click on ANY ad banners, period, no exceptions + A good browser and adblocker (makes #2 redundant, but meh) + don't open suspicious emails, etc. Fairly common stuff. You wouldn't believe how many viruses come from malicious ads. I had, before I installed adblock, numerous attempts from banners ads to install malware without any interaction from me at all besides loading the page. I mean it... Install adblock! It'll make your browsing faster too!

And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.

[Crash]

The criminal's best chance is to get some software onto your PC.
In order for him to do that specifically to you, he has to enter into communication with you.
Easiest way is by Email but like I say, be careful who you add on MSN etc.

Whether or not your email is on your PC depends on whether you use a webmail like hotmail/gmail (in which case it's all stored by your email provider) or whether you use a program that downloads it to the computer like Thunderbird / Outlook.

I like to have my email on my PC and nowhere else. If anything, it's more secure that way because it's a question of anyone somehow hacking your PC and then finding some remarkable way of getting the email data back to them.
With webmail, all they have to do is guess the password to the website as long as they know your address.

Different and complex passwords, like TP describes is the best advice.

Having said that, you'd be surprised how shockingly bad the security is on some sites. Anything written with Dreamweaver just does the most childlike-simple encryption on passwords, (as in A = B, B = C etc.).
If you had a conversion table you could figure out someone's password very easily (which is just one reason why Dreamweaver is useless).
This is all a bit irrelevant but ... anyway.

[TechPro]

... As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow.
...

...
And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.

In actuality, Firewalls are not that good.  Firewalls (hardware or software based) only close openings that computers/software can converse through.  Sadly, the same 'openings' that you commonly use for Internet communications are the same ones hackers target for getting to your systems (they, like the firewall makers, know what those openings are).  A Firewall only reduces how many of the openings are sitting open waiting for someone to use it, which in turn makes it more difficult for the hacker.  A really capable hacker would not be stopped by a firewall, only has to work a bit harder.

That said, a Firewall is (like IHateHackers said) a necessity because it greatly reduces the chances of getting hacked.

If the IMac and MacBook that Vanguard mentioned have current Mac OS on them, they have firewalls in the OS.  Since he mentions at least 3 or 4 computers, I'd assume they have wireless which would have a hardware firewall at the router... So all that helps.  The rest is up to passwords and safe computer usage.

[blessu]

Unless you're in the UK, where the police will probably help him out.

No way on God's green earth to jack a PC when it's off or in standby or in hibernation. It has to be *fully running* for it to be doing anything.
It's like stealing your car without it leaving the garage otherwise.
The hard disks have to be turning to access your data, the CPU, OS, everything has to be running to control the disk and the network has to be connected and running to get the data onto the internet.

Don't bother installing a special software firewall if the PC isn't really leaving the house. Most antivirus suites have them built-in anyway. Windows obviously has its own and anything with "Internet Security" written on it is always: [ Antivirus + Software Firewall + maybe a couple of other things ].
99.9% of routers have a hardware firewall, which is much more effective in general because the router stops the goings-on before it even touches the PC itself.
With a software firewall the thing your trying to stop is already *on* the PC before it's detected.
You can always get at your router control panel through your browser *if* you're already connected to your wireless network. (ie. Joe Public can't get at it obviously).
Normally, if you type 192.168.1.254 into your brower's address bar, it'll take you there and you can see if its firewall is running.
If your router doesn't give you "WPA"-level security (ie. it only gives you "WEP" security) you need to get a new one because WEP is quite easy to break into.

Basically, the firewall stops trojan programs from sending sensitive data (which it collects from your browsing etc and keystrokes) from your PC to the bastards stealing the data.
The firewall just looks at the signal and if it's dodgy it blocks it from going out. That's why you used to have to open a port for bittorrent clients to run across a hardware firewall. But they're much cleverer now so there's none of that anymore.

I'm not sure how watertight effective router / hardware firewalls are because everyone has them but they're much better than software.

Even a slight suggestion to the FBI and they will be on his case...they are very keen to investigate these people as who knows what else he is doing, he seems to be showing off at the moment, I have worked with the feds on cases in England...trust me a visit from those guys will curb him proper

[Scyphi]

If you have proof about your claims, you can report him to the police, because then what he is doing would be illegal.

Exactly what I was going to suggest. While all these other suggestions will no doubt help and probably a good idea to do either way, going to the police and getting him arrested would probably help the most, as that takes your known hacker out of the picture, circumstances pending.

[Matthew]

... As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow.
...

...
And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.

In actuality, Firewalls are not that good.  Firewalls (hardware or software based) only close openings that computers/software can converse through.  Sadly, the same 'openings' that you commonly use for Internet communications are the same ones hackers target for getting to your systems (they, like the firewall makers, know what those openings are).  A Firewall only reduces how many of the openings are sitting open waiting for someone to use it, which in turn makes it more difficult for the hacker.  A really capable hacker would not be stopped by a firewall, only has to work a bit harder.

That said, a Firewall is (like IHateHackers said) a necessity because it greatly reduces the chances of getting hacked.

If the IMac and MacBook that Vanguard mentioned have current Mac OS on them, they have firewalls in the OS.  Since he mentions at least 3 or 4 computers, I'd assume they have wireless which would have a hardware firewall at the router... So all that helps.  The rest is up to passwords and safe computer usage.

Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?

[VANGUARD]

The thing I hate are these sites that seem to reveal your stuff. my sister pointed out that our names, and parents names were somewhere on the web. out in the open.
I don't like reunion, mylife, facebook, twitter, etc. partially because of this.

thank you all for your replies. Instead of quoting each person, for me anyways, that may take time to copy+paste original topics.
I'll just do my best here:

Firewalls can help, maybe with the average novice hacker, but not the more advance one.
USB flash cards can at least protect your documents, etc; as long as you also unplug it.
Clearing cookies/cache.
Password with letters, numbers, and if available, symbols.
I think someone on here mentioned it; know my friend did; not to have your real birth date if sites like yahoo asks for it.
A computer that is off is safe.

It'd be nice to find some way to know who may be hacking into our computers. So far, it was just my moms voicemail.

I'm guessing he's too smart to use his own PC, so an IP tracer may not work; but you never know. Every criminal at some point slips up.

am I missing something?

[Crash]

I have no time for social networking/notworking sites.
It's a self-inflicted invasion of privacy and a vain exercise in self-publicity/self-aggrandizement.

I think the way that twitter divulged information about its users fairly recently who were making various (and probably very true) allegations about footballers as well as a certain local authority right here in the North of England was disgraceful and I will never use their service as a result.
Facebook's owners laugh at and regard as fools people who put personal details on their website.