Security

Kerplunk · 20 Jan 2010 at 20:38

Hi guys, how secure is Microsoft Security Essentials? Reason I ask is I had my bank account hacked the other day (Banks been informed etc, but thats not what this thread is about) and I never had a problem of this sort for years, ive had AVG for 2-3 years before this and some other (i forget now) before that.

Apparently someone must have "viewed my screen" or somehow got all my card details ????? :confused:

Very annoyed at the moment, left me wondering now - can i do anything online without being hacked etc...any experiences like this from you guys?

Advice/Thoughts welcome, cheers

tntcoder · 20 Jan 2010 at 20:58

MSE is pretty much fine.

Some advice,
- Don't use IE, ensure you use Firefox.
- Format and do a trusted clean reinstall so you know there is no nasty rootkits in your OS that malware scanners cant detect.
- Check for a hardware keylogger on your keyboard cable (you never know...)

Breaking into online banking isn't easy, and even if someone was looking over your shoulder when you logged in, most banking systems have some amount of randomization of which password characters you enter each login for example, so it suggests someone spied/learned your entire authentication details (probably by observing multiple logins).

Just make sure you use a secure and well patched browser & well patched OS, and MSE or AVG will do a good job at the rest. Use common sense against phishing emails/attacks and be careful with installing random/untrusted software.

There's also quite a lot of security reasons to ditch Windows XP now, consider upgrading to Windows 7 if it's an option to you.

EDIT: also, ensure whenever you're using an SSL secured site that you check/validate the security certificate (Padlock Icon) in your web browser, if that is missing then you've been tricked/redirected to a malicious site which will lead to getting owned.

Kerplunk · 20 Jan 2010 at 21:03

Thanks for the reply.

I am on Windows 7 and I only formatted about a month ago ... I do use IE8, might consider FF if it will help...

I was told from the bank (slight de-rail here, but anyway) that they did it over the phone and just used the card number? is that possible..am i still being watched ???

NathanE · 20 Jan 2010 at 21:21

On Vista or W7, IE is the most secure web browser.

The recent scare with the Chinese zero-day exploit is almost insignificant on these operating systems when IE's Protected Mode is enabled (which it is by default).

theheyes · 20 Jan 2010 at 21:38

NathanE said:
On Vista or W7, IE is the most secure web browser.

The recent scare with the Chinese zero-day exploit is almost insignificant on these operating systems when IE's Protected Mode is enabled (which it is by default).

Agreed. There is a lot of FUD about IE circulating at the moment coming from sources I don't quite understand. Anyone using IE6 is asking for trouble - this has been the case for a long time so I don't know why certain government agencies are panicking about it now.

As for the "hacking" - is the card only ever used online? Who else has an account on the computer? Have you ever used it on someone else's computer or at an Internet cafe? All it takes is one careless mistake.

You've done the right thing by notifying your bank. Changing your password is an obvious course of action and just generally be more careful in the future about where you use your card.

Kerplunk · 20 Jan 2010 at 21:41

theheyes said:
As for the "hacking" - is the card only ever used online? Who else has an account on the computer? Have you ever used it on someone else's computer or at an Internet cafe? All it takes is one careless mistake.

I use the card online and generally in town etc... only myself and Dad on this computer, but he hardly ever uses it, let alone knows how to use it

Never used it on any other machine else other than my computer... :confused:

NathanE · 20 Jan 2010 at 21:43

When you say your bank account was hacked, do you mean you spotted some fraudulent transactions on there? Or do you mean that someone actually got access to your online banking account?

Kerplunk · 20 Jan 2010 at 21:55

Someone has used my bank account to purchase stuff, as to how they got access I can only assume it was via viewing my online bank account? card no etc... also two of my DD companies that I have set up were both coincidentally used...

Smit · 21 Jan 2010 at 08:53

Well if they did it over the phone then it could have came from anywhere and not necessarily a 'hole' in your machine.

Every time you use your card online or in shops/restaurants it is at risk.

Daegan · 21 Jan 2010 at 09:53

Kerplunk said:
Someone has used my bank account to purchase stuff, as to how they got access I can only assume it was via viewing my online bank account? card no etc... also two of my DD companies that I have set up were both coincidentally used...

You can't typically use online banking to purchase stuff though. You can use it to make payments (funds transfers, direct debits, standing orders), but when it comes to purchasing stuff that's what your credit/debit card is for. It's much more likely that just your credit/debit card details have been stolen, which could have happened in a multitude of different ways without anyone having gained access to your online banking.

dekez · 21 Jan 2010 at 10:13

Sounds like someones cloned your card, I had this happen to me.

I used my card to buy a flight online from someone elses internet connection, no problem. A month later I got a call from the bank asking if I was in the USA? I wasn't, but someone was enjoying a shopping spree across a state with my card.

Basically they create a new card using your details. Anyway the bank sorted it all and I didn't loose a penny, the only way I can think that it happened was when I bought that flight as it was the only connection I used where I wasn't sure of the security.

Kerplunk · 21 Jan 2010 at 12:58

Daegan said:
You can't typically use online banking to purchase stuff though. You can use it to make payments (funds transfers, direct debits, standing orders), but when it comes to purchasing stuff that's what your credit/debit card is for. It's much more likely that just your credit/debit card details have been stolen, which could have happened in a multitude of different ways without anyone having gained access to your online banking.

To be honest I havent actually used my card for ages outside, due to weather and stuff like that, so been at home - maybe before tho possibly? - Boughta few things online tho

Is it a coincidence though that two of my direct debits i have set up on my online account, ar the same two companies where they were used to purchase stuff?

Burnsy2023 · 21 Jan 2010 at 14:01

Sysinternals Process Explorer is probably a good start. Use it to account for every process you run.

Daegan · 21 Jan 2010 at 14:22

Kerplunk said:
To be honest I havent actually used my card for ages outside, due to weather and stuff like that, so been at home - maybe before tho possibly? - Boughta few things online tho

Not sure that matters all that much. There's likely to be a chain of people involved, from whoever skimmed/stole your details, to the fraudsters buying a database of dodgy details and trying to use them.

Is it a coincidence though that two of my direct debits i have set up on my online account, ar the same two companies where they were used to purchase stuff?

Sounds weird, not sure what the logic would be. But we don't know who the companies were or what the stuff was.