Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hackability while computer is sleeping

01 Nov 2015   #1
Stevekir

Windows 7 Home Premium 64bit
 
 
Hackability while computer is sleeping

Is a computer sleeping less vulnerable to hacking (via the Internet rather than from malware already installed)?


My System SpecsSystem Spec
.
01 Nov 2015   #2
D3LL

 
 

Quote   Quote: Originally Posted by Stevekir View Post
Is a computer sleeping less vulnerable to hacking (via the Internet rather than from malware already installed)?
There's not really a lot a hacker can do though the LAN would stay active. Your best off shutting down as it can depend on the exploit used.
My System SpecsSystem Spec
01 Nov 2015   #3
Stevekir

Windows 7 Home Premium 64bit
 
 

Or probably better still would be to disconnect the desktop computer to router's ethernet cable whenwork is done on a sensitive file such as my spreadsheet of passwords, names etc. which are stored on an encrypted USB stick. (I don't have a LAN.)
My System SpecsSystem Spec
.

08 Nov 2015   #4
Alejandro85

Windows 7 Ultimate x64
 
 

99% of the time, "hacking" happens from the inside, that is, it's always caused by malicious software running on the target machine. That in turn frequently enters by user error (downloading something that they should not, falling to phishing or social enginering) or by exploting a vulnerability in local software (typically, the browser or a plugin).
Remote exploits on home or corporate computers are quite rare, mostly because they are almost always behind some form of NAT and never reachable from internet, and also sometimes under some firewall. Having a port forwarding and a proper, vulnerable program listening there is pretty much the only way to get hacked from internet, which is unlikely (but possible).

Other than that, having an internet connection is by no means more insecure than having no connection at all. Leaving the computer turned on the whole time doesn't exposes to anything more than powering off, and suspending it during the night achieves nothing in terms of security.
And if you have some risky software listening on the public internet, you may want to take the usual precautions anyway, rather than relying on powering off.


Quote   Quote: Originally Posted by Stevekir View Post
Or probably better still would be to disconnect the desktop computer to router's ethernet cable whenwork is done on a sensitive file such as my spreadsheet of passwords, names etc. which are stored on an encrypted USB stick. (I don't have a LAN.)
That's pointless. As data stealing almost always is caused from software running on your own computer, it can just steal the sensitive files when you unencrypt them and send them away when you reconnect to internet. Or it can just take the encryption key and decrypt the whole thing on its own when you plug the USB. If you want security, work on preventing the nasty things from entering in the first place.
BTW, don't use a normal spreadsheet to remember passwords or any sensitive information. That's what password managers are designed to do.
My System SpecsSystem Spec
08 Nov 2015   #5
Stevekir

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
99% of the time, "hacking" happens from the inside, that is, it's always caused by malicious software running on the target machine. That in turn frequently enters by user error (downloading something that they should not, falling to phishing or social enginering) or by exploting a vulnerability in local software (typically, the browser or a plugin).
........
Quote   Quote: Originally Posted by Stevekir View Post
Or probably better still would be to disconnect the desktop computer to router's ethernet cable whenwork is done on a sensitive file such as my spreadsheet of passwords, names etc. which are stored on an encrypted USB stick. (I don't have a LAN.)
That's pointless. As data stealing almost always is caused from software running on your own computer, it can just steal the sensitive files when you unencrypt them and send them away when you reconnect to internet. Or it can just take the encryption key and decrypt the whole thing on its own when you plug the USB. If you want security, work on preventing the nasty things from entering in the first place.
BTW, don't use a normal spreadsheet to remember passwords or any sensitive information. That's what password managers are designed to do.
That's really informative. I had thought that once connected to the Internet I would be attracting lots of people or remote machines online immediately whisking info out and away in a flash. I had thought that was my greatest risk. I knew about steps to prevent malware and have this (eg. Antivirus software, not visiting dodgy sites or replying to doubtful emails with attachments.)

On Password Managers (which I have never come across, thanks for mentioning it), I found this on another forum:
"You can use TrueCrypt to encrypt your documents, as opposed to buying some expensive encryption software. If you're looking for something to keep passwords online an alternative of 1Password is Lastpass. To be honest, TrueCrypt is, in my opinion, an essential app. Create an encrypted disk image and drop your tax documents which might have things like your SSN (or equivalent). You can even hide documents within the container itself so if you're in a compromising situation, you can give a duress password."
My excel spreadsheet is in a Courier USB which claims 256 bit AES Hardware encryption. I suppose that while that is in my desk drawer it is safe, possibly as safe as a good PW Manager. (Yes?)

But I see two weaknesses:

a) My encrypted spreadsheet once decrypted to allow use would be open to attack from malware already sitting on my machine ready to pounce; and

b) If my encrypted USB were stolen I would be in trouble.

On the other hand, a PW Manager would probably also suffer from a), although probably not from b) unless the computer was stolen.

What do you think I should do? (I am not on a network, just me alone on a desktop). I'm not paranoid but I do have stuff to guard.

Thanks for your help.
My System SpecsSystem Spec
08 Nov 2015   #6
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Stevekir View Post
My excel spreadsheet is in a Courier USB which claims 256 bit AES Hardware encryption. I suppose that while that is in my desk drawer it is safe, possibly as safe as a good PW Manager. (Yes?)
That does little to achieve security, as it's encrypted/decrypted by the firmware itself (most current HDs actually do this), it doesn't ask for a password or anything like that, so the computer can always access the raw data. Keeping it unplugged it's safe because the computer has no chance of accessing it at all (like keeping the computer powered off, safe but useless).
A password manager (like KeePass) or a dedicated encryption program (like TrueCrypt) are better because it can prevent access to the data at all times, as you have to provide the password to decrypt and can remove the raw data from memory at any time.


Quote   Quote: Originally Posted by Stevekir View Post
a) My encrypted spreadsheet once decrypted to allow use would be open to attack from malware already sitting on my machine ready to pounce
This is true and a real menace. The thing is, at some point in time the data must be decrypted and at that point a software running on the box with the proper access could access it. That has an important implication: if a computer is compromised, do not do confidential things on it, always ensure that the PC is clean before important things.
The adventage that security software has is that Excel doesn't cares about data privacy, it just loads into memory and uses it as it needs, but a password manager tries to have plain-text passwords as little as possible and actively clears the memory and clipboard of passwords when done. As such, while not immune to malicious software, it tries to minimize risks.


Quote   Quote: Originally Posted by Stevekir View Post
b) If my encrypted USB were stolen I would be in trouble.
Also true, as any computer will access the data by simply plugging it. An encrypted file with a proper software can still be stolen, but without the password it's extremely difficult to extract the data out of it. Here comes the importance of having good passwords, if anyone can guess it then encryption can be trivially be bypassed.

By ensuring that the computer is clean and important data is encrypted (specially on portable media) the security is pretty good overall, even if the USB or the whole computer falls into bad hands. And unless you host a server on your computer, having an internet connection won't hurt anything if the computer don't has malicious software.
My System SpecsSystem Spec
09 Nov 2015   #7
Stevekir

Windows 7 Home Premium 64bit
 
 

You latest post is again very interesting and informative. I am pursuing the Pasword Manager route. But I am confused about my encryptable USB stick.

I said :” b) If my encrypted USB were stolen I would be in trouble.”

I thought that the trouble would be confined to the inconvenience of not being able to use it and therefore being unable to access my sites etc. But :

At the end of your post you said “…as any computer will access the data by simply plugging it [in].”

If true, it is certainly unsafe. But the blurb about the Integral Courier encrypted USB stick claims that it uses hardware encryption. I assumed that means the (claimed hardware) code used to decrypt and encrypt my data, along with the password, are both inside the USB stick and therefore does not rely on any such code inside my computer, and therefore I assumed that it would be very hard to break.

You also said “An encrypted file with a proper software can still be stolen, but without the password it's extremely difficult to extract the data out of it.” This could mean the opposite: that my Courier USB is very safe if stolen.

-- So, the key question is, is the data in my Courier USB very safe if stolen (assuming a strong PW)?

Thanks for the help.

EDIT: BTW, I am not on a network, just a standalone desktop computer.
My System SpecsSystem Spec
Reply

 Hackability while computer is sleeping




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD after I turn Computer NEW Computer on, or whilst sleeping
New computer keeps blue screening during or after my computer goes to sleep. Was told to upload this, and also it says part of the reason is in the Minidump folder or the Temp folder.
BSOD Help and Support
Computer won't stay sleeping.
I found this post from 2013: I tried this and got the information. However under "wake source" it said unknown every single time. I am unable to tell what is causing my computer to wake. Does anyone know why the "wake source" would be say unknown everytime.
Performance & Maintenance
BSOD when my computer is sleeping?
Hello all, Recently, I discover my computer keeps shutting down when I am pretty sure I kept it on sleep, so I turned it on to find out that "Windows has recovered from an unexpected shutdown". It does not happen everytime, but it happens quite often, and it is really annoying because I keep...
BSOD Help and Support
More on the Sleeping Computer Keyboard Problem
Particularly for Jacee, benjy206, and gregrocker. This was the problem that you helped me solve. I am afraid to hook up the keyboard that gave me the problem that put my computer to sleep after I hit that moon symbol on the board, so I opted to send it back. My packing slip did not include the...
General Discussion
Computer not hibernating or sleeping correctly
Hi all, Recently i have been having trouble getting my Dell Studio 1747 laptop to hibernate or sleep. When i go to start and hit either sleep or hibernate, the screen shuts off but the computer never fully goes off. The fans continue to run and the usb power lights are still on. It will stay...
Performance & Maintenance
computer not sleeping when it should be
i have my power plan set on power saver and when its plugged in (or not) and a certain amount of minutes has passed, it's supposed to go to sleep according to the settings i set it at. but it doesnt. recently, there are multiple days where i forget to close the lid and i sleep accidentally....
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App